公开(公告)号：US10121005B2

公开(公告)日：2018-11-06

申请号：US15595001

申请日：2017-05-15

Applicant: TRUSTWAVE HOLDINGS, INC.

Inventor： Walter L. Marsden ,  David L. Green

IPC: G06F21/56 ,  G06F21/53

Abstract: Virus detection by executing electronic message code in a virtual machine is disclosed. An example method includes detecting that an electronic message includes executable code, the electronic message designating a destination recipient. Two or more destination computing systems are identified for the electronic message corresponding to the destination recipient specified in the electronic message prior to delivery of the electronic message to the two or more destination computing systems, the two or more destination computing systems including a first destination computing system and a second destination computing system different from the first destination computing system. Two or more simulation environments corresponding to the two or more destination computing systems are identified. The executable code is executed in the two or more simulation environments. The two or more simulation environments are monitored for a malicious action. The electronic message is delivered to the destination recipient if the action is detected.

公开(公告)号：US20170249463A1

公开(公告)日：2017-08-31

申请号：US15595001

申请日：2017-05-15

Applicant: TRUSTWAVE HOLDINGS, INC.

Inventor： Walter L. Marsden ,  David L. Green

IPC: G06F21/56

CPC classification number: G06F21/566 ,  G06F21/53 ,  G06F21/56 ,  G06F21/567 ,  G06F2221/033 ,  G06F2221/2149

Abstract: Virus detection by executing electronic message code in a virtual machine is disclosed. An example method includes detecting that an electronic message includes executable code, the electronic message designating a destination recipient. Two or more destination computing systems are identified for the electronic message corresponding to the destination recipient specified in the electronic message prior to delivery of the electronic message to the two or more destination computing systems, the two or more destination computing systems including a first destination computing system and a second destination computing system different from the first destination computing system. Two or more simulation environments corresponding to the two or more destination computing systems are identified. The executable code is executed in the two or more simulation environments. The two or more simulation environments are monitored for a malicious action. The electronic message is delivered to the destination recipient if the action is detected.