Abstract:
A method and a system for identifying a file type. A modification interface may be provided so that a user inputs a file feature parameter, and the file feature parameter input by the user is added to a file type configuration file, then the file type configuration file is loaded to a state machine to perform file type identification. Therefore, the user can modify a file feature parameter in the original file type configuration file, and when a file feature parameter of a file of a certain type is changed or a file of a new type appears, the user can update a file feature parameter in the state machine in time to identify the changed file or the file of the new type. In this way, the user does not need to search for an identification tool on the Internet.
Abstract:
A method and a system for identifying a file type. A modification interface may be provided so that a user inputs a file feature parameter, and the file feature parameter input by the user is added to a file type configuration file, then the file type configuration file is loaded to a state machine to perform file type identification. Therefore, the user can modify a file feature parameter in the original file type configuration file, and when a file feature parameter of a file of a certain type is changed or a file of a new type appears, the user can update a file feature parameter in the state machine in time to identify the changed file or the file of the new type. In this way, the user does not need to search for an identification tool on the Internet.
Abstract:
A data detecting method and apparatus for a firewall device connected with a network to identify security threat in the data, where the method is implemented by a fast forwarder in the firewall device and includes: the fast forwarder receives application data; obtains application information in the received application data; determines an application protocol type corresponding to the application data according to the application information and an application identifying table; queries a configuration item for threat detection according to the application protocol type to determine whether the application data requires threat detection; and if the application data does not require threat detection, forwarding the application data. The data detecting method avoids a problem that performance of a firewall is degraded because all application data is sent to a detecting processor in the firewall device for detection, thereby improving an performance of the firewall device.
Abstract:
A data detecting method and apparatus for a firewall device connected with a network to identify security threat in the data, where the method is implemented by a fast forwarder in the firewall device and includes: the fast forwarder receives application data; obtains application information in the received application data; determines an application protocol type corresponding to the application data according to the application information and an application identifying table; queries a configuration item for threat detection according to the application protocol type to determine whether the application data requires threat detection; and if the application data does not require threat detection, forwarding the application data. The data detecting method avoids a problem that performance of a firewall is degraded because all application data is sent to a detecting processor in the firewall device for detection, thereby improving an performance of the firewall device.
Abstract:
A method for identifying a file type and an apparatus for identifying a file type, so as to solve a problem in the prior art that a file type cannot be effectively identified when a sender tampers with a file being transmitted. The method includes: acquiring, from a transmitted data packet, a file header of a file to be identified, and determining whether a magic number can be obtained from the file header; if the magic number can be obtained, searching for the file type that corresponds to the magic number; determining whether data of the file to be identified complies with a data structure feature of the file type; if yes, determining that a file type of the file to be identified is the file type that corresponds to the magic number; and if not, determining that a file type of the file is an abnormal type.