Techniques for performing malware scanning of files stored within a file storage device of a computer network

US 7,150,042 B2
Filed: 12/06/2001
Issued: 12/12/2006
Est. Priority Date: 12/06/2001
Status: Active Grant

First Claim

Patent Images

1. A proxy device for performing malware scanning of files stored within a file storage device of a computer network, the computer network having a plurality of client devices ranged to issue access requests using a dedicated file access protocol to the file storage device in order to access files stored on the file storage device, the proxy device being arranged so as to intercept access requests issued to the file storage device, and comprising:

a first interface for receiving an access request issued by one of said client devices to said file storage device using the dedicated file access protocol;

a second interface for communicating with the file storage device to cause the file storage device to process the access request;

processing logic for causing malware scanning algorithms to be executed to determine whether the file identified by the access request is to be considered as malware;

wherein the processing logic is responsive to configuration data to determine which of the malware scanning algorithms should be selected for a particular file, the proxy device further comprising a scanning engine to execute the malware scanning algorithms selected by the processing logic;

wherein each of the devices in the computer network is assigned an identifier, and the proxy device is assigned the same identifier as is assigned to the file storage device, the first interface being connectable to a communication infrastructure of the computer network to enable communication between the proxy device and said client devices, and the file storage device being connectable to the second interface such that the file storage device is only accessible by said client devices via said proxy device;

wherein the second interface is configured to enable a plurality of the file storage devices to be connected to the proxy device, each of the file storage devices having a different identifier, and the proxy device being assigned multiple identifiers corresponding to the identifiers of the connected file storage devices, the first interface being configured to receive any access requests issued to one of said connected file storage devices;

wherein, upon receipt of the access request from a client device, the processing logic is arranged to determine from the access request predetermined attributes, and to send those predetermined attributes to the file storage device to enable the file storage device to perform a validation check, the processing logic only allowing the access request to proceed if the file storage device confirms that the client device is allowed to access the file identified by the file access request;

wherein the plurality of client devices are allowed direct access to the file storage device if the proxy device fails.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a proxy device, computer program product and method for performing malware scanning of files stored within a file storage device of a computer network. The computer network has a plurality of client devices arranged to issue access requests using a dedicated file access protocol to the file storage device in order to access files stored on the file storage device, with the proxy device being arranged so as to intercept access requests issued to the file storage device. The proxy device comprises a first interface for receiving an access request issued by one of the client devices to the file storage device using the dedicated file access protocol, and a second interface for communicating with the file storage device to cause the file storage device to process the access request. Further, processing logic is provided for causing selected malware scanning algorithms to be executed to determine whether the file identified by the access request is to be considered as malware. This approach removes the dependency of the malware scanning process on the operating system and/or vendor of the file storage device.

64 Citations

View as Search Results

28 Claims

1. A proxy device for performing malware scanning of files stored within a file storage device of a computer network, the computer network having a plurality of client devices ranged to issue access requests using a dedicated file access protocol to the file storage device in order to access files stored on the file storage device, the proxy device being arranged so as to intercept access requests issued to the file storage device, and comprising:
- a first interface for receiving an access request issued by one of said client devices to said file storage device using the dedicated file access protocol;
  
  a second interface for communicating with the file storage device to cause the file storage device to process the access request;
  
  processing logic for causing malware scanning algorithms to be executed to determine whether the file identified by the access request is to be considered as malware;
  
  wherein the processing logic is responsive to configuration data to determine which of the malware scanning algorithms should be selected for a particular file, the proxy device further comprising a scanning engine to execute the malware scanning algorithms selected by the processing logic;
  
  wherein each of the devices in the computer network is assigned an identifier, and the proxy device is assigned the same identifier as is assigned to the file storage device, the first interface being connectable to a communication infrastructure of the computer network to enable communication between the proxy device and said client devices, and the file storage device being connectable to the second interface such that the file storage device is only accessible by said client devices via said proxy device;
  
  wherein the second interface is configured to enable a plurality of the file storage devices to be connected to the proxy device, each of the file storage devices having a different identifier, and the proxy device being assigned multiple identifiers corresponding to the identifiers of the connected file storage devices, the first interface being configured to receive any access requests issued to one of said connected file storage devices;
  
  wherein, upon receipt of the access request from a client device, the processing logic is arranged to determine from the access request predetermined attributes, and to send those predetermined attributes to the file storage device to enable the file storage device to perform a validation check, the processing logic only allowing the access request to proceed if the file storage device confirms that the client device is allowed to access the file identified by the file access request;
  
  wherein the plurality of client devices are allowed direct access to the file storage device if the proxy device fails.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A proxy device as claimed in claim 1, wherein the dedicated file access protocol is the Server Message Block (SMB) protocol, and the access requests are SMB calls issued to the file storage device.
  - 3. A proxy device as claimed in claim 1, wherein the dedicated file access protocol is the Network File System (NFS) protocol, and the access requests are NFS calls issued to the file storage device.
  - 4. A proxy device as claimed in claim 1, further comprising a file cache for storing files previously accessed by the client devices, upon receipt of an access request identifying a file to be read from the file storage device, the processing logic being arranged to determine whether the file identified by the access request is stored in the file cache and if so to return the file to the client device without communicating with the file storage device via the second interface.
  - 5. A proxy device as claimed in claim 4, wherein the file cache is arranged only to store files which have been determined not to be considered as malware.
  - 6. A proxy device as claimed in claim 1, further comprising a user cache for storing the predetermined attributes.
  - 7. A balanced proxy system for performing malware scanning of files stored within a file storage device of a computer network, the computer network having a plurality of client devices arranged to issue access requests using a dedicated file access protocol to the file storage device in order to access files stored on the file storage device, the balanced proxy system comprising:
    - a plurality of proxy devices as claimed in claim 1 arranged so as to intercept access requests issued to the file storage device; and
      
      a passive load balancing mechanism arranged to configure each client device to communicate with a particular proxy device in said plurality, such that the access request issued by a particular client device will be directed to a predetermined one of said proxy devices dependent on how that client device was configured by the passive load balancing mechanism.
  - 8. A proxy device as claimed in claim 1, wherein the processing logic determines whether the selected malware scanning algorithms are required to be run on the file before causing the selected malware scanning algorithms to be executed.
  - 9. A proxy device as claimed in claim 8, wherein the determination is made according to additional configuration data specifying when scanning should be performed and the types of files that should be scanned.
  - 10. A proxy device as claimed in claim 1, wherein for a plurality of file storage devices on the computer network, a plurality of proxy devices are provided such that each file storage device is associated with one of the proxy devices.
  - 11. A proxy device as claimed in claim 1, wherein for a plurality of file storage devices on the computer network, the proxy device is associated with all of the file storage devices.
  - 12. A proxy device as claimed in claim 11, wherein the proxy device is associated with all of the file storage devices when scanning of files is performed.
  - 13. A proxy device as claimed in claim 1, wherein the predetermined attributes include a user name, a password of the user making the access request, a domain of the client device, an indication of the file to be accessed and an address of the client device.

14. A method of operating a proxy device to perform malware scanning of files stored within a file storage device of a computer network, the computer network having a plurality of client devices arranged to issue access requests using a dedicated file access protocol to the file storage device in order to access files stored on the file storage device, the proxy device being arranged so as to intercept access requests issued to the file storage device, and the method comprising the steps of:
- (a) receiving an access request issued by one of said client devices to said file storage device using the dedicated file access protocol;
  
  (b) communicating with the file storage device to cause the file storage device to process the access request; and
  
  (c) causing malware scanning algorithms to be executed to determine whether the file identified by the access request is to be considered as malware;
  
  wherein said step (c) comprises the steps of;
  
  responsive to configuration data, determining which of the malware scanning algorithms should be selected for a particular file; and
  
  employing a scanning engine to execute the malware scanning algorithms selected by said determining step;
  
  wherein each of the devices in the computer network is assigned an identifier, the proxy device being assigned a unique identifier different to the identifier of the file storage device, the method further comprising the steps of;
  
  connecting the client devices, the proxy device and the file storage device to a communication infrastructure of the computer network;
  
  configuring the client devices such that access requests issued by the client devices are routed to the proxy device; and
  
  configuring the file storage device to send processed access requests to the proxy device;
  
  upon receipt of the access request from a client device, determining from the access request predetermined attributes;
  
  sending those predetermined attributes to the file storage device to enable the file storage device to perform a validation check; and
  
  only allowing the access request to proceed if the file storage device confirms that the client device is allowed to access the file identified by the file access request;
  
  wherein the plurality of client devices are allowed direct access to the file storage device if the proxy device fails.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
- - 15. A method as claimed in claim 14, wherein the dedicated file access protocol is the Server Message Block (SMB) protocol, and the access requests are SMB calls issued to the file storage device.
  - 16. A method as claimed in claim 14, wherein the dedicated file access protocol is the Network File System (NFS) protocol, and the access requests are NFS calls issued to the file storage device.
  - 17. A method as claimed in claim 14, further comprising the steps of:
    - storing within a file cache flies previously accessed by the client devices;
      
      upon receipt of an access request identifying a file to be read from the file storage device, determining whether the file identified by the access request is stored in the file cache and if so returning the file to the client device without communicating with the file storage device.
  - 18. A method as claimed in claim 17, wherein the file cache is arranged only to store files which have been determined not to be considered as malware.
  - 19. A method as claimed in claim 14, further comprising the step of storing within a user cache the predetermined attributes.
  - 20. A method as claimed in claim 14, wherein a plurality of said proxy devices are provided, the method further comprising the step of employing a passive load balancing mechanism to configure each client device to communicate with a particular proxy device in said plurality, such that an access request issued by a particular client device will be directed to a predetermined one of said proxy devices dependent on how that client device was configured by the passive load balancing mechanism.
  - 21. A method as claimed in claim 14, wherein a computer network administrator has direct access to the file storage device.

22. A computer program product operable to configure a proxy device to perform a method of malware scanning of files stored within a file storage device of a computer network, the computer network having a plurality of client devices arranged to issue access requests using a dedicated file access protocol to the file storage device in order to access files stored on the file storage device, the proxy device being arranged so as to intercept access requests issued to the file storage device, and the computer program product comprising:
- (a) reception code operable to receive an access request issued by one of said client devices to said file storage device using the dedicated file access protocol;
  
  (b) communication code operable to communicate with the file storage device to cause the file storage device to process the access request; and
  
  (c) algorithm invoking code operable to cause malware scanning algorithms to be executed to determine whether the file identified by the access request is to be considered as malware;
  
  wherein said algorithm invoking code is operable to determine, responsive to configuration data, which of the malware scanning algorithms should be selected for a particular file, and the computer program product further comprises scanning engine code responsive to said algorithm invoking code and operable to execute the malware scanning algorithms selected by said algorithm invoking code;
  
  wherein each of the devices in the computer network is assigned an identifier, the proxy device being assigned a unique identifier different to the identifier of the file storage device, the client devices, the proxy device and the file storage device being connectable to a communication infrastructure of the computer network, the client devices being configured such that access requests issued by the client devices are routed to the proxy device, and the file storage device being configured to send processed access requests to the proxy device;
  
  wherein said reception code is operable, upon receipt of the access request from a client device, to determine from the access request predetermined attributes, the communication code being operable to send those predetermined attributes to the file storage device to enable the file storage device to perform a validation check, the access request only being allowed to proceed if the file storage device confirms that the client device is allowed to access the file identified by the file access request;
  
  wherein the plurality of client devices are allowed direct access to the file storage device if the proxy device fails.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. A computer program product as claimed in claim 22, wherein the dedicated file access protocol is the Server Message Block (SMB) protocol, and the access requests are SMB calls issued to the file storage device.
  - 24. A computer program product as claimed in claim 22, wherein the dedicated file access protocol is the Network File System (NFS) protocol, and the access requests are NFS calls issued to the file storage device.
  - 25. A computer program product as claimed in claim 22, further comprising:
    - caching code operable to store within a file cache files previously accessed by the client devices;
      
      the reception code being operable, upon receipt of an access request identifying a file to be read from the file storage device, to determine whether the file identified by the access request is stored in the file cache and if so to cause the file to be returned to the client device without the communication code communicating with the file storage device.
  - 26. A computer program product as claimed in claim 25, wherein the file cache is arranged only to store files which have been determined not to be considered as malware.
  - 27. A computer program product as claimed in claim 22, further comprising storing code operable to store within a user cache the predetermined attributes.
  - 28. A computer program product as claimed in claim 22, wherein a plurality of said proxy devices are provided, the computer program product further comprising passive load balancing code operable to configure each client device to communicate with a particular proxy device in said plurality, such that an access request issued by a particular client device will be directed to a predetermined one of said proxy devices dependent on how that client device was configured by the passive load balancing code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Spurlock, Joel Robert, Wolff, Daniel Joseph, Edwards, Jonathan Lewis
Primary Examiner(s)
Louis-Jacques, Jacques
Assistant Examiner(s)
Brown, Christopher J.

Application Number

US10/003,265
Publication Number

US 20030110391A1
Time in Patent Office

1,832 Days
Field of Search

713/200, 713/188, 713/182, 713/193, 726/22, 726/12
US Class Current

726/22
CPC Class Codes

G06F 21/567   using dedicated hardware

H04L 63/0281   Proxies

H04L 63/145   the attack involving the pr...

H04L 69/329   in the application layer [O...

Techniques for performing malware scanning of files stored within a file storage device of a computer network

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for performing malware scanning of files stored within a file storage device of a computer network

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links