Time zero detection of infectious messages
First Claim
Patent Images
1. A method for detecting infectious messages, comprising:
- receiving an individual message at a message forwarding device in a local network, the local network in communication with a global network, wherein the individual message has not yet been delivered to one or more recipients in the local network;
executing instructions stored in memory, wherein execution of the instructions by a processor;
performs an analysis of the individual message to determine similarity to known viruses, wherein the message is classified suspicious, wherein the individual message is not yet classified as either legitimate or infectious, anddetermines that a message previously received at the local network has been classified as suspicious;
receiving information related to monitoring of electronic mail traffic in the global network, the information identifying increases in global messages corresponding to the message previously received and classified as suspicious at the local network; and
executing further instructions stored in memory, wherein execution of the instructions by the processor;
reclassifies the individual message according to;
the analysis of the individual message resulting in classification of the individual message as suspicious,the similarity of the individual message to the message previously received and classified as suspicious at the local network, andthe presence of an increase in the global network of messages corresponding to the message previously received and classified as suspicious at the local network; and
processes the individual message based on the reclassification whereby individual messages reclassified as infectious messages are quarantined from a delivery queue and not allowed to be redistributed by the message forwarding device in the local network.
23 Assignments
0 Petitions
Accused Products
Abstract
Detecting infectious messages comprises performing an individual characteristic analysis of a message to determine whether the message is suspicious, determining whether a similar message has been noted previously in the event that the message is determined to be suspicious, classifying the message according to its individual characteristics and its similarity to the noted message in the event that a similar message has been noted previously.
135 Citations
19 Claims
-
1. A method for detecting infectious messages, comprising:
-
receiving an individual message at a message forwarding device in a local network, the local network in communication with a global network, wherein the individual message has not yet been delivered to one or more recipients in the local network; executing instructions stored in memory, wherein execution of the instructions by a processor; performs an analysis of the individual message to determine similarity to known viruses, wherein the message is classified suspicious, wherein the individual message is not yet classified as either legitimate or infectious, and determines that a message previously received at the local network has been classified as suspicious; receiving information related to monitoring of electronic mail traffic in the global network, the information identifying increases in global messages corresponding to the message previously received and classified as suspicious at the local network; and executing further instructions stored in memory, wherein execution of the instructions by the processor; reclassifies the individual message according to; the analysis of the individual message resulting in classification of the individual message as suspicious, the similarity of the individual message to the message previously received and classified as suspicious at the local network, and the presence of an increase in the global network of messages corresponding to the message previously received and classified as suspicious at the local network; and processes the individual message based on the reclassification whereby individual messages reclassified as infectious messages are quarantined from a delivery queue and not allowed to be redistributed by the message forwarding device in the local network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer-readable storage medium having embodied thereon a program, the program being executable by a computing device to perform a method for detecting infectious messages, the method comprising:
-
receiving an individual message at a local network, the local network in communication with a global network, wherein the individual message has not yet been delivered to one or more recipients in the local network; performing an analysis of the individual message to determine similarity to known viruses, wherein the message is classified as suspicious, wherein the individual message is not yet classified as either legitimate or infectious; determining that a message previously received at the local network has been classified as suspicious; receiving information related to monitoring electronic mail traffic in the global network, the information identifying increases in global messages corresponding to the message previously received and classified as suspicious at the local network; reclassifying the individual message according to; the analysis of the individual message resulting in classification of the individual message as suspicious, the similarity of the individual message to the message previously received and classified as suspicious at the local network, and the presence of an increase in the global network of messages corresponding to the message previously received and classified as suspicious at the local network; and processing the individual message based on the reclassification whereby individual messages reclassified as infectious messages are quarantined from a delivery queue and not allowed to be redistributed in the local network. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
Specification