Zero-minute virus and spam detection
First Claim
1. A method for detecting unwanted electronic messages at a certain location on an electronic communications network, the method comprising:
- a) establishing a database for storing metadata associated with electronic message traffic according to at least source addresses of senders of electronic messages;
b) monitoring electronic message transmissions at the certain location on the electronic communications network;
c) extracting information from the monitored electronic messages as they are transmitted across the electronic communications network, substantially without imposing a delay on the transmission of the electronic messages;
c) populating the database with metadata derived from analysis of the monitored electronic messages, the metadata including metadata derived by analyzing the content of the monitored electronic messages;
d) determining that certain monitored electronic messages are likely to be unwanted by an intended recipient based on an examination of the metadata associated with the source addresses of the senders of the monitored electronic messages and based on the analysis of the content of the monitored electronic messages, and at least in part without reference to a promulgated database of “
signatures”
of unwanted electronic messages; and
e) conditionally delivering electronic messages according to instructions from an interpreter process, the interpreter process communicating with a content-sensing application in logical communication with the interpreter process, such that if the content-sensing application analyzes the monitored electronic messages as likely unwanted by an intended recipient, then the method can, in coordination with the interpreter process and content-sensing application, configure the delivery of the unwanted electronic messages to route them to a message quarantine center, wherein actions of the interpreter process and configuration parameters corresponding to the actions of the interpreter process are logged to an interpreter process database and then later used for the determining that certain monitored electronic messages are likely to be unwanted based on patterns recognized in the traffic monitor.
4 Assignments
0 Petitions
Accused Products
Abstract
Disclosed in this application are systems and methods for detecting unwanted electronic message transmissions at a certain location on an electronic communications network. The disclosed principles include establishing a database for storing metadata associated with message traffic according to at least the source addresses of the senders of electronic message transmissions. The disclosed principles also include monitoring electronic message transmissions at the certain location on the electronic communications network. Also, included is populating the database with metadata derived from analysis of the monitored electronic messages, where the metadata includes metadata derived by analyzing the contents of the monitored electronic messages. Based upon the populated database, it is determined whether certain received electronic messages are likely to be unwanted based on an examination of the metadata associated with the source addresses of the senders of the received electronic messages and based on the analysis of the content of monitored electronic messages at least in part without reference to a promulgated database of “signatures” of known unwanted electronic messages.
75 Citations
29 Claims
-
1. A method for detecting unwanted electronic messages at a certain location on an electronic communications network, the method comprising:
-
a) establishing a database for storing metadata associated with electronic message traffic according to at least source addresses of senders of electronic messages; b) monitoring electronic message transmissions at the certain location on the electronic communications network; c) extracting information from the monitored electronic messages as they are transmitted across the electronic communications network, substantially without imposing a delay on the transmission of the electronic messages; c) populating the database with metadata derived from analysis of the monitored electronic messages, the metadata including metadata derived by analyzing the content of the monitored electronic messages; d) determining that certain monitored electronic messages are likely to be unwanted by an intended recipient based on an examination of the metadata associated with the source addresses of the senders of the monitored electronic messages and based on the analysis of the content of the monitored electronic messages, and at least in part without reference to a promulgated database of “
signatures”
of unwanted electronic messages; ande) conditionally delivering electronic messages according to instructions from an interpreter process, the interpreter process communicating with a content-sensing application in logical communication with the interpreter process, such that if the content-sensing application analyzes the monitored electronic messages as likely unwanted by an intended recipient, then the method can, in coordination with the interpreter process and content-sensing application, configure the delivery of the unwanted electronic messages to route them to a message quarantine center, wherein actions of the interpreter process and configuration parameters corresponding to the actions of the interpreter process are logged to an interpreter process database and then later used for the determining that certain monitored electronic messages are likely to be unwanted based on patterns recognized in the traffic monitor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for detecting unwanted electronic messages at a certain location on an electronic communications network, the method comprising:
-
a) establishing a database for storing metadata associated with electronic message traffic according to at least source addresses of senders of electronic messages; b) monitoring electronic message transmissions at the certain location on the electronic communications network; c) extracting information from substantially all of the monitored electronic messages as they are transmitted across the electronic communications network, substantially without imposing a delay on the transmission of the electronic messages; d) populating the database with metadata derived from analysis of the monitored electronic messages, the analysis performed at least in part by program threads for determining unwanted electronic messages, the metadata including metadata derived by analyzing the contents of the monitored electronic messages; e) determining that certain monitored electronic messages are likely to be unwanted by an intended recipient based on an examination of the metadata associated with the source addresses of the senders of the monitored electronic messages and based on the analysis of the content of the monitored electronic messages, and at least in part without reference to a promulgated database of “
signatures”
of unwanted electronic messages; andf) conditionally delivering electronic messages according to instructions from an interpreter process, the interpreter process communicating with a content-sensing application in logical communication with the interpreter process, such that if the content-sensing application analyzes the monitored electronic messages as likely unwanted, then the method can, in coordination with the interpreter process and content-sensing application, configure the delivery of the unwanted electronic messages to route them to a message quarantine center, wherein actions of the interpreter process and configuration parameters corresponding to the actions of the interpreter process are logged to an interpreter process database and then later used for the determining that certain received electronic messages are likely to be unwanted based on patterns recognized in the traffic monitor. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
Specification