摘要:
An anti computer virus program uses a library of virus drivers that includes an indication of whether a particular virus can cause irreparable damage and data indicating enhanced user warnings and actions that might be associated with such viruses. If a detected computer virus is one that can cause irreparable damage, then an enhanced user warning (16) is issued indicating this to the user and a notification (28) of the possibility of such corruption is added into the repaired computer file. The notification may take the form of an electronically signed (30) banner message or the like.
摘要:
An event report, such as a virus detection event, is sent from a reporting computer 2 to a receiving computer 6 via an internet link 4. The report data may take the form of a URL requesting a web page 28 to be provided by the receiving computer 6, the URL bearing an encrypted form 24 of the report data that is used to identify the requested web page as well as pass further information to the receiving computer 6. Alternatively, the report data may be collated in the reporting computer 2 and passed to the receiving computer 6 when a computer virus definition data update is requested. The report data seeks to uniquely identify the event by incorporating the MAC address of the reporting computer 2, the date, time, computer product identifier, version identifier, update identifier and driver triggered. Additionally, a checksum derived from the infected file together with an indication of the corrective action, if any, taken by the reporting computer 2 may be included. The report data sent to the receiving computer 6 may be used to obtain real life information concerning the prevalence of particular viruses together with information characterising the anti-virus programs and their update status being employed by the user community.
摘要:
Received e-mail messages are subject to a minimum delay period determined in dependence upon characteristics of the e-mail message received. Prior to release of the e-mail message upon expiry of the minimum delay period a check is made that the most up-to-date anti-virus and anti-spamming tests have been applied to the e-mail message. Characteristics that may be used to determine the minimum delay period applied include sender characteristics, recipient characteristics, attachment type characteristics and message content type characteristics.
摘要:
A method for defining an area to record changes made to a computer system is disclosed. The method includes defining a safe area on a primary storage device of the computer system and storing information on the location of the safe area on a secondary storage device. The method further includes booting the computer system utilizing a backup device and changing data on the primary storage device. The changes are recorded in the safe area of the primary storage device and are accessible when the computer system is booted from the backup device.
摘要:
A source computer 2 having a copy of a computer file that it is desired to download to a plurality of target computers issues broadcast messages via a computer network linked to those target computers. The broadcast messages indicate the availability of the computer file for download and include a download qualifying parameter. The download qualifying parameter is used by receiving target computers to determine whether or not they qualify to attempt a download from the source computer in response to the received broadcast message. Only those target computers that do qualify attempt a download. The source computer monitors how many target computers make a download attempt in response to a particular broadcast message and adjusts the download qualifying parameters in subsequent broadcast messages so that the target computers progressively download the new computer file without overloading the source computer.
摘要:
A scan of computer files for predefined properties indicative of such things as viruses is disclosed. The scan is performed in a circular manner, such that when all of the files to be scanned have been scanned it starts again from the first file. The ability to update the data defining the properties to be scanned for during a scan is provided.
摘要:
A method for defining an area to record changes made to a computer system is provided. A safe area is defined on a primary storage device of the computer system and information is stored on the location of the safe area on a secondary storage device. Further, the computer system is booted utilizing a backup device and data is changed on the primary storage device. The changes are recorded in the safe area of the primary storage device and are accessible when the computer system is booted from the backup device.
摘要:
A software audit system is provided in conjunction with an anti-virus system. A computer virus scan request received by the anti-virus system (16) is used to trigger an audit data generator (18) to generate audit data. The audit data generator (18) may also serve to ban certain computer programs from execution and monitor the concurrent usage of other computer programs.
摘要:
The present invention provides a load balancing device, computer program product, and method for balancing the load across a plurality of proxy devices arranged to perform malware scanning of files stored within a file storage device of a computer network. The computer network has a plurality of client devices arranged to issue access requests using a dedicated file access protocol to the file storage device in order to access files stored on the file storage device. The load balancing device is arranged so as to intercept access requests issued to the file storage device, and comprises a client interface for receiving an access request issued to the file storage device using the dedicated file access protocol. Further, the load balancing device comprises load balancing logic for applying a predetermined load balancing routine to determine to which proxy device to direct the received access request, and a proxy device interface for sending the access request to the proxy device determined by the load balancing logic, each proxy device being coupled to the file storage device. This enables a very efficient system to be developed for performing malware scanning of files stored within the file storage device, whilst enabling that system to be developed independently of the particular file storage device being used in the computer network, or the operating system being run on that file storage device.
摘要:
A computer virus scanning system is described in which during the scanning operation a measurement value indicative of the amount of data processing performed is calculated and this measurement value used to trigger breaks in the virus scanning operation. The triggered breaks can be used to perform a determination as to whether or not the virus scanning operations should be early terminated. One possibility is to measure the total size of the data processed during the virus scanning operation and calculate a ratio of this compared to the size of the computer file being virus scanned. If this calculated ratio exceeds a predetermined threshold, then virus scanning may be terminated. Another possibility is to associate a complexity value with each of a plurality of tests applied in the virus scanning operation. A total for these complexity values may be used to trigger the breaks and also to trigger early termination upon exceeding of respective threshold levels.