MANAGING INFECTIOUS FORWARDED MESSAGES

US 20160127400A1
Filed: 01/11/2016
Published: 05/05/2016
Est. Priority Date: 07/13/2004
Status: Active Grant

First Claim

Patent Images

1. A method for evaluating a file attached to an electronic message for the presence of a virus, the method comprising:

receiving an electronic message at a computing device, the electronic message including an attachment having a file name, the computing device including at least a first virus detection routine stored in memory; and

executing instructions stored in memory of the computing device, wherein execution of the instructions by a processor of the computing device;

applies at least a signature matching test that outputs a probability that the attachment includes a virus,quarantines the electronic message when the outputted probability that the attachment includes a virus exceeds a predetermined threshold,searches for another virus detection test stored in memory when the outputted probability that the attachment includes a virus does not exceed the predetermined threshold,applies the other virus detection test, wherein the other virus detection test includes at least one of a file name test, a bit pattern test, or an N-gram test, and wherein the probability that the attachment includes a virus is updated based on the other virus detection test,quarantines the electronic message when the updated probability that the attachment includes a virus exceeds the predetermined threshold, andidentifies the electronic message as free of viruses when the updated probability that the attachment includes a virus does not exceed the predetermined threshold.

View all claims

30 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for managing forwarded infectious messages are provided. Managing electronic message comprises receiving a message, forwarding the message, determining that the forwarded message is infectious after the message has been forwarded and preventing the infectious forwarded message from spreading.

7 Citations

View as Search Results

20 Claims

1. A method for evaluating a file attached to an electronic message for the presence of a virus, the method comprising:
- receiving an electronic message at a computing device, the electronic message including an attachment having a file name, the computing device including at least a first virus detection routine stored in memory; and
  
  executing instructions stored in memory of the computing device, wherein execution of the instructions by a processor of the computing device;
  
  applies at least a signature matching test that outputs a probability that the attachment includes a virus,quarantines the electronic message when the outputted probability that the attachment includes a virus exceeds a predetermined threshold,searches for another virus detection test stored in memory when the outputted probability that the attachment includes a virus does not exceed the predetermined threshold,applies the other virus detection test, wherein the other virus detection test includes at least one of a file name test, a bit pattern test, or an N-gram test, and wherein the probability that the attachment includes a virus is updated based on the other virus detection test,quarantines the electronic message when the updated probability that the attachment includes a virus exceeds the predetermined threshold, andidentifies the electronic message as free of viruses when the updated probability that the attachment includes a virus does not exceed the predetermined threshold.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the file name of the attachment indicates that the attachment is a text file.
  - 3. The method of claim 1, wherein the file name of the attachment indicates that the attachment is an executable file.
  - 4. The method of claim 1, wherein the file name of the attachment indicates that the attachment is an image file.
  - 5. The method of claim 1, wherein the other virus detection test further includes a character test.
  - 6. The method of claim 1, wherein the other virus detection test further includes a probabilistic finite state automata test.
  - 7. The method of claim 1, wherein the other virus detection test includes the use of a probability model.
  - 8. The method of claim 1, wherein the other virus detection test relies on a plurality of electronic messages previously identified as free of viruses.
  - 9. The method of claim 1, further comprising reporting the electronic message as free of viruses to a system administrator.
  - 10. The method of claim 1, further comprising reporting the quarantined electronic message to a system administrator.

11. A non-transitory computer-readable storage medium having a program embodied thereon, the program executable by a processor to perform a method for evaluating a file attached to an electronic message for the presence of a virus, the method comprising:
- receiving an electronic message at a computing device, the electronic message including an attachment having a file name, the computing device including at least a first virus detection routine stored in memory;
  
  applying at least a signature matching test that outputs a probability that the attachment includes a virus;
  
  quarantining the electronic message when the outputted probability that the attachment includes a virus exceeds a predetermined threshold;
  
  searching for another virus detection test stored in memory when the outputted probability that the attachment includes a virus does not exceed the predetermined threshold;
  
  applying the other virus detection test, wherein the other virus detection test includes at least one of a file name test, a bit pattern test, or an N-gram test, and wherein the probability that the attachment includes a virus is updated based on the other virus detection test;
  
  quarantining the electronic message when the updated probability that the attachment includes a virus exceeds the predetermined threshold; and
  
  identifying the electronic message as free of viruses when the updated probability that the attachment includes a virus does not exceed the predetermined threshold.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The non-transitory computer-readable storage medium of claim 11, wherein the file name of the attachment indicates that the attachment is a text file.
  - 13. The non-transitory computer-readable storage medium of claim 11, wherein the file name of the attachment indicates that the attachment is an executable file.
  - 14. The non-transitory computer-readable storage medium of claim 11, wherein the file name of the attachment indicates that the attachment is an image file.
  - 15. The non-transitory computer-readable storage medium of claim 11, wherein the other virus detection test further includes a character test.
  - 16. The non-transitory computer-readable storage medium of claim 11, wherein the other virus detection test further includes a probabilistic finite state automata test.
  - 17. The non-transitory computer-readable storage medium of claim 11, wherein the other virus detection test includes the use of a probability model.
  - 18. The non-transitory computer-readable storage medium of claim 11, wherein the other virus detection test relies on a plurality of electronic messages previously identified as free of viruses.
  - 19. The non-transitory computer-readable storage medium of claim 11, wherein the method further includes reporting the electronic message as free of viruses to a system administrator.
  - 20. The non-transitory computer-readable storage medium of claim 11, wherein the method further includes reporting the quarantined electronic message to a system administrator.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SonicWALL US Holdings, Inc. (SonicWall Holdings Ltd.)
Original Assignee
Dell Software, Inc. (Dell Technologies Inc.)
Inventors
Rihn, Jennifer, Oliver, Jonathan J.

Granted Patent

US 10,069,851 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/562   Static detection

H04L 51/212   using filtering or selectiv...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

MANAGING INFECTIOUS FORWARDED MESSAGES

First Claim

30 Assignments

0 Petitions

Accused Products

Abstract

7 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MANAGING INFECTIOUS FORWARDED MESSAGES

First Claim

30 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links