MANAGING INFECTIOUS FORWARDED MESSAGES
First Claim
Patent Images
1. A method for evaluating a file attached to an electronic message for the presence of a virus, the method comprising:
- receiving an electronic message at a computing device, the electronic message including an attachment having a file name, the computing device including at least a first virus detection routine stored in memory; and
executing instructions stored in memory of the computing device, wherein execution of the instructions by a processor of the computing device;
applies at least a signature matching test that outputs a probability that the attachment includes a virus,quarantines the electronic message when the outputted probability that the attachment includes a virus exceeds a predetermined threshold,searches for another virus detection test stored in memory when the outputted probability that the attachment includes a virus does not exceed the predetermined threshold,applies the other virus detection test, wherein the other virus detection test includes at least one of a file name test, a bit pattern test, or an N-gram test, and wherein the probability that the attachment includes a virus is updated based on the other virus detection test,quarantines the electronic message when the updated probability that the attachment includes a virus exceeds the predetermined threshold, andidentifies the electronic message as free of viruses when the updated probability that the attachment includes a virus does not exceed the predetermined threshold.
30 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for managing forwarded infectious messages are provided. Managing electronic message comprises receiving a message, forwarding the message, determining that the forwarded message is infectious after the message has been forwarded and preventing the infectious forwarded message from spreading.
7 Citations
20 Claims
-
1. A method for evaluating a file attached to an electronic message for the presence of a virus, the method comprising:
-
receiving an electronic message at a computing device, the electronic message including an attachment having a file name, the computing device including at least a first virus detection routine stored in memory; and executing instructions stored in memory of the computing device, wherein execution of the instructions by a processor of the computing device; applies at least a signature matching test that outputs a probability that the attachment includes a virus, quarantines the electronic message when the outputted probability that the attachment includes a virus exceeds a predetermined threshold, searches for another virus detection test stored in memory when the outputted probability that the attachment includes a virus does not exceed the predetermined threshold, applies the other virus detection test, wherein the other virus detection test includes at least one of a file name test, a bit pattern test, or an N-gram test, and wherein the probability that the attachment includes a virus is updated based on the other virus detection test, quarantines the electronic message when the updated probability that the attachment includes a virus exceeds the predetermined threshold, and identifies the electronic message as free of viruses when the updated probability that the attachment includes a virus does not exceed the predetermined threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer-readable storage medium having a program embodied thereon, the program executable by a processor to perform a method for evaluating a file attached to an electronic message for the presence of a virus, the method comprising:
-
receiving an electronic message at a computing device, the electronic message including an attachment having a file name, the computing device including at least a first virus detection routine stored in memory; applying at least a signature matching test that outputs a probability that the attachment includes a virus; quarantining the electronic message when the outputted probability that the attachment includes a virus exceeds a predetermined threshold; searching for another virus detection test stored in memory when the outputted probability that the attachment includes a virus does not exceed the predetermined threshold; applying the other virus detection test, wherein the other virus detection test includes at least one of a file name test, a bit pattern test, or an N-gram test, and wherein the probability that the attachment includes a virus is updated based on the other virus detection test; quarantining the electronic message when the updated probability that the attachment includes a virus exceeds the predetermined threshold; and identifying the electronic message as free of viruses when the updated probability that the attachment includes a virus does not exceed the predetermined threshold. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification