公开(公告)号：US20150067860A1

公开(公告)日：2015-03-05

申请号：US14013677

申请日：2013-08-29

Applicant: BARRACUDA NETWORKS, INC.

Inventor： ZACHARY LEVOW ,  LINDSAY SNIDER

IPC: H04L29/06

CPC classification number: H04L63/145

Abstract: A store for virus and malware fingerprints is coupled to a backup server apparatus which receives hashes and file shards from backup clients through a network. A circuit compares hashes received from backup clients to determine matches with file shards previously stored and matches with file shards with virus or malware infections. File shards not previously stored are received for backup and inspection by a virus filter. When a received file shard is determined to match a virus or malware fingerprint, a process is initiated to restore the file on the backup client to a clean version and notify the user and the network security administrator. The hashes of file shards determined to match a virus or malware fingerprint are stored for future reference. The data of a file shard which has been determined to be infected is also stored in case of a false-positive determination.

Abstract translation: 用于病毒和恶意软件指纹的商店耦合到备份服务器设备，该备份服务器设备通过网络从备用客户端接收哈希和文件碎片。 电路比较从备份客户端收到的哈希值，以确定与以前存储的文件碎片的匹配，并与具有病毒或恶意软件感染的文件碎片匹配。 接收到以前未存储的文件碎片进行病毒过滤器的备份和检查。 当接收到的文件碎片被确定为匹配病毒或恶意软件指纹时，会启动一个进程，将备份客户端上的文件恢复到干净的版本，并通知用户和网络安全管理员。 确定匹配病毒或恶意软件指纹的文件碎片的哈希存储以备将来参考。 在判断为假阳性的情况下，还存储已被确定为被感染的文件碎片的数据。

公开(公告)号：US20130097195A1

公开(公告)日：2013-04-18

申请号：US13682714

申请日：2012-11-20

Applicant: BARRACUDA NETWORKS INC.

Inventor： ZACHARY LEVOW ,  KEVIN CHANG

IPC: G06F17/30

CPC classification number: G06F17/30386 ,  G06F21/564 ,  H04L9/3247

Abstract: An apparatus, system, and method for measuring the similarity of binary objects is disclosed. The method determines at least one pattern signature in an Nth binary object, accessing a location in a similarity store which has object identifiers for each of the previous N−1 binary objects which contain the corresponding pattern, and writing the object identifier of the Nth binary object at that same location in the similarity store. Reporting the number of locations in similarity store which contain the object identifiers of two apparently diverse binary objects is a measure of similarity to each other.

Abstract translation: 公开了一种用于测量二进制对象的相似度的装置，系统和方法。 该方法确定第N个二进制对象中的至少一个模式签名，访问相似性存储中具有包含对应模式的先前N-1个二进制对象中的每一个的对象标识符的位置，以及写入第N个二进制对象的对象标识符 对象在相似存储中的相同位置。 报告包含两个明显不同的二进制对象的对象标识符的相似度存储中的位置数是彼此相似度的度量。