公开(公告)号：US20130117809A1

公开(公告)日：2013-05-09

申请号：US13667943

申请日：2012-11-02

申请人： Monty D. McDougal ,  Jesse J. Lee ,  William L. Gilmore

发明人： Monty D. McDougal ,  Jesse J. Lee ,  William L. Gilmore

IPC分类号： G06F21/00

CPC分类号： H04L63/1408 ,  G06F21/567 ,  G06F2221/2101

摘要： Intrusion prevention system (IPS) mode is provided for a malware detection system. At least one staging server is provided for intercepting an incoming electronic message, making a copy of the intercepted incoming electronic message, and holding the intercepted incoming electronic message until an analysis of the copy of the intercepted incoming electronic message has been completed or until a timeout threshold has been exceeded. A malware detection system is coupled to the at least one staging server. The at least one malware detection system includes at least one decomposition server for receiving the copy of the intercepted incoming electronic message and processing the copy of the intercepted incoming electronic message to detect malware. Multiple mail queues, e.g., incoming, timeout, jail, decomposition, and outgoing, are used to manage message flows and delay messages while malware analysis is performed.

摘要翻译： 为恶意软件检测系统提供入侵防御系统（IPS）模式。 提供至少一个分段服务器用于拦截传入的电子消息，制作所截取的传入电子消息的副本，并保存所截取的传入电子消息，直到截获的传入电子消息的副本的分析已经完成或直到超时 已超出阈值。 恶意软件检测系统耦合到所述至少一个登台服务器。 所述至少一个恶意软件检测系统包括至少一个分解服务器，用于接收所截取的传入电子消息的副本，并处理被拦截的传入电子消息的副本以检测恶意软件。 在执行恶意软件分析时，多个邮件队列（例如传入，超时，监听，分解和传出）用于管理消息流和延迟消息。