WO2002044862A2 - Decentralized appliance virus scanning - Google Patents

Decentralized appliance virus scanning Download PDF

Info

Publication number
WO2002044862A2
WO2002044862A2 PCT/US2001/046688 US0146688W WO0244862A2 WO 2002044862 A2 WO2002044862 A2 WO 2002044862A2 US 0146688 W US0146688 W US 0146688W WO 0244862 A2 WO0244862 A2 WO 0244862A2
Authority
WO
WIPO (PCT)
Prior art keywords
file
server
scanning device
send
request
Prior art date
Application number
PCT/US2001/046688
Other languages
French (fr)
Other versions
WO2002044862A3 (en
Inventor
Mark Muhlestein
Original Assignee
Network Appliance, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Network Appliance, Inc. filed Critical Network Appliance, Inc.
Priority to EP01987296A priority Critical patent/EP1348159A4/en
Priority to JP2002546962A priority patent/JP4537651B2/en
Publication of WO2002044862A2 publication Critical patent/WO2002044862A2/en
Publication of WO2002044862A3 publication Critical patent/WO2002044862A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Definitions

  • This invention relates to virus scanning in a networked environment.
  • Computer networking and the Internet in particular offer end users unprecedented access to information of all types on a global basis. Access to information can be as simple as connecting some type of computing device using a standard phone line to a network. With the proliferation of wireless communication, users can now access computer networks from practically anywhere.
  • Virus protection software can be very effective in dealing with viruses, and virus protection software is widely available for general computing devices such as personal computers. There are, however, problems unique to specialized computing devices, such as filers (devices dedicated to storage and retrieval of data). Off-the-shelf virus protection software will not run on a specialized computing device unless it is modified to do so, and it can be very expensive to rewrite software to work on another platform.
  • a first known method is to scan for viruses at the data source. When the data is being provided by a specialized computing device the specialized computing device must be scanned. Device-specific virus protection software must be written in order to scan the files on the device.
  • a second known method for protecting against computer viruses is to have the end user run anti-virus software on their client device.
  • Anti- virus software packages are offered by such companies as McAfee and Symantec. These programs are loaded during the boot stage of a computer and work as a background job monitoring memory and files as they are opened and saved.
  • hand-held computing devices are susceptible to viruses, but they are poorly equipped to handle them.
  • hand-held computing devices have very limited memory resources compared to desktop systems. Dedicating a portion of these resources to virus protection severely limits the ability of the hand-held device to perform effectively. Reliable virus scanning at the information source is the most efficient and effective method.
  • the invention provides a method and system for scanning specialized computing devices (such as filers) for viruses.
  • a filer is connected to one or more supplementary computing devices that scan requested files to ensure they are virus free prior to delivery to end users.
  • the filer determines whether the file requested must be scanned before delivery to the end user.
  • the filer opens a channel to one of the external computing devices and sends the filename.
  • the external computing device opens the file and scans it.
  • the external computing device notifies the filer the status of the file scan operation.
  • the filer sends the file to the end user provided the status indicates it may do so.
  • Scan reports for files that have been scanned may be stored in one or more of the external computing devices, in one or more filers, and some portion of a scan report may be delivered to end users.
  • one or more of the external computing devices may be n ⁇ ining other supplementary applications, such as file compression and encryption, independently or in some combination.
  • Figure 1 shows a block diagram of a system for decentralized appliance virus scanning.
  • FIG. 2 shows a process flow diagram for a system for decentralized virus scanning Detailed Description of the Preferred Embodiment
  • client and server in general, these terms refer to a relationship between two devices, particularly to their relationship as client and server, not necessarily to any particular physical devices.
  • a particular client device in a first relationship with a first server device can serve as a server device in a second relationship with a second client device.
  • client device and server device in general, these terms refer to devices taking on the role of a client device or a server device in a client-server relationship (such as an HTTP web client and web server).
  • client devices or server devices There is no particular requirement that any client devices or server devices must be individual physical devices. They can each be a single device, a set of cooperating devices, a portion of a device, or some combination thereof.
  • the client device and the server device in a client-server relation can actually be the same physical device, with a first set of software elements serving to perform client functions and a second set of software elements serving to perform server functions.
  • web client and web server refer to any combination of devices or software taking on the role of a web client or a web server in a client-server environment in the internet, the world wide web, or an equivalent or extension thereof.
  • web clients must be individual devices. They can each be a single device, a set of cooperating devices, a portion of a device, or some combination thereof (such as for example a device providing web server services that acts as an agent of the user).
  • Figure 1 shows a block diagram of a system for decentralized appliance virus scanning.
  • a system 100 includes a client device 110 associated with a user 111, a communications network 120, a filer 130, and a processing cluster 140.
  • the client device 110 includes a processor, a main memory, and software for executing instructions (not shown, but understood by one skilled in the art). Although the client device 110 and filer 130 are shown as separate devices there is no requirement that they be physically separate.
  • the communication network 120 includes the Internet.
  • the communication network 120 may include alternative forms of communication, such as an intranet, extranet, virtual private network, direct communication links, or some other combination or conjunction thereof.
  • a communications link 115 operates to couple the client device 110 to the communications network 120.
  • the filer 130 includes a processor, a main memory, software for executing instructions (not shown, but understood by one skilled in the art), and a mass storage 131. Although the client device 110 and filer 130 are shown as separate devices there is no requirement that they be separate devices. The filer 130 is connected to the communications network 120.
  • the mass storage 131 includes at least one file 133 that is capable of being requested by a client device 110.
  • the processing cluster 140 includes one or more cluster device 141 each including a processor, a main memory, software for executing instructions, and a mass storage (not shown but understood by one skilled in the art). Although the filer 130 and the processing cluster 140 are shown as separate devices there is no requirement that they be separate devices.
  • the processing cluster 140 is a plurality of personal computers in an interconnected cluster capable of mtercornmunication and direct communication with the filer 130.
  • the cluster link 135 operates to connect the processing cluster 140 to the filer 130.
  • the cluster link 135 may include non-uniform memory access (NUMA), or communication via an intranet, extranet, virtual private network, direct communication links, or some other combination or conjunction thereof.
  • NUMA non-uniform memory access
  • Figure 2 shows a process flow diagram for a system for decentralized appliance virus scanning.
  • a method 200 includes a set of flow points and a set of steps.
  • the system 100 performs the method 200.
  • the steps of the method 200 can be performed by separate elements in conjunction or in parallel, whether asynchronously, in a pipelined manner, or otherwise. There is no particular requirement that the method 200 be performed in the same order in which this description lists the steps, except where so indicated.
  • the system 100 is ready to begin performing the method 200.
  • a user 111 utilizes the client device 110 to initiate a request for a file 133.
  • the request is transmitted to the filer 130 via the communications network 120.
  • the filer 130 is performing file retrieval and storage at the direction of a web server (not shown but understood by one skilled in the art).
  • the filer 130 receives the request for the file 133 and sends the file ID and path of the file 133 to the processing cluster 140 where it is received by one of the cluster device 141.
  • the cluster device 141 uses the file ID and path to open the file 133 in the mass storage 131 of the filer 130.
  • the cluster device 141 scans the file 133 for viruses.
  • files are tasked to the processing cluster 140 in a round robin fashion.
  • files may be processed individually by a cluster device 141, by multiple cluster device 141 simultaneously, or some combination thereof. Load balancing may be used to ensure maximum efficiency of processing within the processing cluster 140.
  • the processing cluster 140 is highly scalable. The price of personal computers is low compared to dedicated devices, such as filers, therefore this configuration is very desirable. Additionally, a cluster configuration offers redundant systems availability in case a cluster device 141 fails - failover and takeover is also possible within the processing cluster.
  • the cluster device 141 transmits a scan report to the filer 130.
  • the scan report primarily reports whether the file is safe to send. Further information may be saved for statistical purposes (for example, how many files have been identified as infected, was the virus software able to sanitize the file or was the file deleted) to a database.
  • the database may be consulted to determine whether the file 133 needs to be scanned before delivery upon receipt of a subsequent request. If the file 133 has not changed since it was last scanned and no additional virus data files have been added to the processing cluster, the file 133 probably does not need to be scanned. This means the file 133 can be delivered more quickly.
  • intermediary applications may also run separately, in conjunction with other applications, or in some combination thereof within the processing cluster 140. Compression and encryption utilities are some examples of these applications. These types of applications, including virus scanning, can be very CPU intensive, thus outsourcing can yield better performance by allowing a dedicated device like a filer to do what it does best and farm out other tasks to the processing cluster 140.
  • the filer 130 transmits or does not transmit the file 133 to the client 110 based on its availability as reported following the scan by the processing cluster 140. Some portion of the scan report may also be transmitted to the user.
  • a request for a file 133 has been received, the request has been processed, and if possible a file 133 has been delivered.
  • the process may be repeated at step 201 for subsequent requests.
  • the invention has wide applicability and generality to other aspects of processing requests for files.
  • the invention is applicable to one or more of, or some combination of, circumstances such as those involving:

Abstract

The invention provides a method and system for scanning specialized computing devices for viruses. In a preferred embodiment, a filer (130) is connected to one or more supplementary computing devices (140) that scan requested files to ensure they are virus free prior to delivery to end users. When an end user (111) requests a file the following steps occur: First, the filer determines whether the file requested must be scanned before delivery to the end user. Second, the filer opens a channel to one (141) of the external computing devices and sends (203) the filename. Third, the external computing device opens (205) the file and scans (207) it. Fourth, the external computing device notifies the filer the results of the file scan operation. Fifth, the filer sends (211) the file to the end user provided the status indicates it may do so.

Description

DECENTRALIZED APPLIANCE VIRUS SCANNING
Background of the Invention
1. Field of the Invention
This invention relates to virus scanning in a networked environment.
2. Related Art
Computer networking and the Internet in particular offer end users unprecedented access to information of all types on a global basis. Access to information can be as simple as connecting some type of computing device using a standard phone line to a network. With the proliferation of wireless communication, users can now access computer networks from practically anywhere.
Connectivity of this magnitude has magnified the impact of computer viruses. Viruses such as "Melissa" and "I love you" had a devastating impact on computer systems worldwide. Costs for dealing with viruses are often measured in millions and tens of millions of dollars. Recently it was shown that hand-held computing devices are also susceptible to viruses.
Virus protection software can be very effective in dealing with viruses, and virus protection software is widely available for general computing devices such as personal computers. There are, however, problems unique to specialized computing devices, such as filers (devices dedicated to storage and retrieval of data). Off-the-shelf virus protection software will not run on a specialized computing device unless it is modified to do so, and it can be very expensive to rewrite software to work on another platform. A first known method is to scan for viruses at the data source. When the data is being provided by a specialized computing device the specialized computing device must be scanned. Device-specific virus protection software must be written in order to scan the files on the device.
While this first known method is effective in scanning files for viruses, it suffers from several drawbacks. First, a company with a specialized computing device would have to dedicate considerable resources to creating virus protection software and maintaining up-to-date data files that protect against new viruses as they emerge.
Additionally, although a manufacturer of a specialized computing device could enlist the assistance of a company that creates mainstream virus protection software to write the custom application and become a licensee this would create other problems, such as reliance on the chosen vendor of the anti-virus software, compatibility issues when hardware upgrades are effected, and a large financial expense.
A second known method for protecting against computer viruses is to have the end user run anti-virus software on their client device. Anti- virus software packages are offered by such companies as McAfee and Symantec. These programs are loaded during the boot stage of a computer and work as a background job monitoring memory and files as they are opened and saved.
While this second known method is effective at intercepting and protecting the client device from infection, it suffers from several drawbacks. It places the burden of detection at the last possible link in the chain. If for any reason the virus is not detected prior to reacMng the end user it is now at the computing device where it will do the most damage (corrupting files and spreading to other computer users and systems). It is much better to sanitize a file at the source from where it may be delivered to millions of end users rather than deliver the file and hope that the end user is prepared to deal with the file in the event the file is infected. End users often have older versions of anti-virus software and/or have not updated the data files that ensure the software is able to protect against newly discovered viruses, thus making detection at the point of mass distribution even more critical.
Also, hand-held computing devices are susceptible to viruses, but they are poorly equipped to handle them. Generally, hand-held computing devices have very limited memory resources compared to desktop systems. Dedicating a portion of these resources to virus protection severely limits the ability of the hand-held device to perform effectively. Reliable virus scanning at the information source is the most efficient and effective method.
Protecting against viruses is a constant battle. New viruses are created everyday requiring virus protection software manufacturers to come up with new data files (solution algorithms used by anti-virus applications). By providing protection at the source of the file, viruses can be eliminated more efficiently and effectively.
Security of data in general is important. Equally important is the trust of the end user. This comes from the reputation that precedes a company, and companies that engage in web commerce often live and die by their reputation. Just like an end user trusts that the credit card number they have just disclosed for a web- based sales transaction is secure they want files they receive to be just as secure.
Accordingly, it would be desirable to provide a technique for scanning specialized computing devices for viruses and other malicious or unwanted content that may need to be changed, deleted, or otherwise modified. Summary of the Invention
The invention provides a method and system for scanning specialized computing devices (such as filers) for viruses. In a preferred embodiment, a filer is connected to one or more supplementary computing devices that scan requested files to ensure they are virus free prior to delivery to end users. When an end user requests a file from the filer the following steps occur: First, the filer determines whether the file requested must be scanned before delivery to the end user. Second, the filer opens a channel to one of the external computing devices and sends the filename. Third, the external computing device opens the file and scans it. Fourth, the external computing device notifies the filer the status of the file scan operation. Fifth, the filer sends the file to the end user provided the status indicates it may do so.
This system is very efficient and effective as a file needs only to be scanned one time for a virus unless the file has been modified or new data files that protect against new viruses have been added. Scan reports for files that have been scanned may be stored in one or more of the external computing devices, in one or more filers, and some portion of a scan report may be delivered to end users.
In alternative embodiments of the invention one or more of the external computing devices may be nπining other supplementary applications, such as file compression and encryption, independently or in some combination.
Brief Description of the Drawings
Figure 1 shows a block diagram of a system for decentralized appliance virus scanning.
Figure 2 shows a process flow diagram for a system for decentralized virus scanning Detailed Description of the Preferred Embodiment
In the following description, a preferred embodiment of the invention is described with regard to preferred process steps and data structures. Those skilled in the art would recognize after perusal of this application that embodiments of the invention can be implemented using one or more general purpose processors or special purpose processors or other circuits adapted to particular process steps and data structures described herein, and that implementation of the process steps and data structures described herein would not require undue experimentation or further invention.
Lexicography
The following terms refer or relate to aspects of the invention as described below. The descriptions of general meanings of these terms are not intended to be limiting, only illustrative.
• Virus - in general, a manmade program or piece of code that is loaded onto a computer without the computer user's knowledge and runs against their wishes. Most viruses can also replicate themselves, and the more dangerous types of viruses are capable of transmitting themselves across networks and bypassing security systems.
• client and server — in general, these terms refer to a relationship between two devices, particularly to their relationship as client and server, not necessarily to any particular physical devices.
For example, but without limitation, a particular client device in a first relationship with a first server device, can serve as a server device in a second relationship with a second client device. In a preferred embodiment, there are generally a relatively small number of server devices servicing a relatively larger number of client devices.
client device and server device — in general, these terms refer to devices taking on the role of a client device or a server device in a client-server relationship (such as an HTTP web client and web server). There is no particular requirement that any client devices or server devices must be individual physical devices. They can each be a single device, a set of cooperating devices, a portion of a device, or some combination thereof.
For example, but without limitation, the client device and the server device in a client-server relation can actually be the same physical device, with a first set of software elements serving to perform client functions and a second set of software elements serving to perform server functions.
• web client and web server (or web site) — as used herein the teπns "web client" and "web server" (or "web site") refer to any combination of devices or software taking on the role of a web client or a web server in a client-server environment in the internet, the world wide web, or an equivalent or extension thereof. There is no particular requirement that web clients must be individual devices. They can each be a single device, a set of cooperating devices, a portion of a device, or some combination thereof (such as for example a device providing web server services that acts as an agent of the user).
As noted above, these descriptions of general meanings of these terms are not intended to be limiting, only illustrative. Other and further applications of the invention, including extensions of these terms and concepts, would be clear to those of ordinary skill in the art after perusing this application. These other and further applications are part of the scope and spirit of the invention, and would be clear to those of ordinary skill in the art, without further invention or undue experimentation. System Elements
Figure 1 shows a block diagram of a system for decentralized appliance virus scanning.
A system 100 includes a client device 110 associated with a user 111, a communications network 120, a filer 130, and a processing cluster 140.
The client device 110 includes a processor, a main memory, and software for executing instructions (not shown, but understood by one skilled in the art). Although the client device 110 and filer 130 are shown as separate devices there is no requirement that they be physically separate.
In a preferred embodiment, the communication network 120 includes the Internet. In alternative embodiments, the communication network 120 may include alternative forms of communication, such as an intranet, extranet, virtual private network, direct communication links, or some other combination or conjunction thereof.
A communications link 115 operates to couple the client device 110 to the communications network 120.
The filer 130 includes a processor, a main memory, software for executing instructions (not shown, but understood by one skilled in the art), and a mass storage 131. Although the client device 110 and filer 130 are shown as separate devices there is no requirement that they be separate devices. The filer 130 is connected to the communications network 120.
The mass storage 131 includes at least one file 133 that is capable of being requested by a client device 110. The processing cluster 140 includes one or more cluster device 141 each including a processor, a main memory, software for executing instructions, and a mass storage (not shown but understood by one skilled in the art). Although the filer 130 and the processing cluster 140 are shown as separate devices there is no requirement that they be separate devices.
In a preferred embodiment the processing cluster 140 is a plurality of personal computers in an interconnected cluster capable of mtercornmunication and direct communication with the filer 130.
The cluster link 135 operates to connect the processing cluster 140 to the filer 130. The cluster link 135 may include non-uniform memory access (NUMA), or communication via an intranet, extranet, virtual private network, direct communication links, or some other combination or conjunction thereof.
Method of Operation
Figure 2 shows a process flow diagram for a system for decentralized appliance virus scanning.
A method 200 includes a set of flow points and a set of steps. The system 100 performs the method 200. Although the method 200 is described serially, the steps of the method 200 can be performed by separate elements in conjunction or in parallel, whether asynchronously, in a pipelined manner, or otherwise. There is no particular requirement that the method 200 be performed in the same order in which this description lists the steps, except where so indicated.
At a flow point 200, the system 100 is ready to begin performing the method 200. At a step 201, a user 111 utilizes the client device 110 to initiate a request for a file 133. The request is transmitted to the filer 130 via the communications network 120. In a preferred embodiment the filer 130 is performing file retrieval and storage at the direction of a web server (not shown but understood by one skilled in the art).
At a step 203, the filer 130 receives the request for the file 133 and sends the file ID and path of the file 133 to the processing cluster 140 where it is received by one of the cluster device 141.
At a step 205, the cluster device 141 uses the file ID and path to open the file 133 in the mass storage 131 of the filer 130.
At a step 207, the cluster device 141 scans the file 133 for viruses. In a preferred embodiment, files are tasked to the processing cluster 140 in a round robin fashion. In alternative embodiments files may be processed individually by a cluster device 141, by multiple cluster device 141 simultaneously, or some combination thereof. Load balancing may be used to ensure maximum efficiency of processing within the processing cluster 140.
There are several vendors offering virus protection software for personal computers, thus the operator of the filer 130 may choose whatever product they would like to use. They may even use combinations of vendors' products in the processing cluster 140. In an alternative embodiment of the invention, continual sc-mning of every file 133 on the filer 130 may take place.
The processing cluster 140 is highly scalable. The price of personal computers is low compared to dedicated devices, such as filers, therefore this configuration is very desirable. Additionally, a cluster configuration offers redundant systems availability in case a cluster device 141 fails - failover and takeover is also possible within the processing cluster. At a step 209, the cluster device 141 transmits a scan report to the filer 130. The scan report primarily reports whether the file is safe to send. Further information may be saved for statistical purposes (for example, how many files have been identified as infected, was the virus software able to sanitize the file or was the file deleted) to a database. The database may be consulted to determine whether the file 133 needs to be scanned before delivery upon receipt of a subsequent request. If the file 133 has not changed since it was last scanned and no additional virus data files have been added to the processing cluster, the file 133 probably does not need to be scanned. This means the file 133 can be delivered more quickly.
Other intermediary applications may also run separately, in conjunction with other applications, or in some combination thereof within the processing cluster 140. Compression and encryption utilities are some examples of these applications. These types of applications, including virus scanning, can be very CPU intensive, thus outsourcing can yield better performance by allowing a dedicated device like a filer to do what it does best and farm out other tasks to the processing cluster 140.
At a step 211, the filer 130 transmits or does not transmit the file 133 to the client 110 based on its availability as reported following the scan by the processing cluster 140. Some portion of the scan report may also be transmitted to the user.
At this step, a request for a file 133 has been received, the request has been processed, and if possible a file 133 has been delivered. The process may be repeated at step 201 for subsequent requests.
Generality of the Invention
The invention has wide applicability and generality to other aspects of processing requests for files. The invention is applicable to one or more of, or some combination of, circumstances such as those involving:
• file compression;
• file encryption; and
• general outsourcing of CPU intensive tasks from dedicated appliances to general purpose computers.
Alternative Embodiments
Although preferred embodiments are disclosed herein, many variations are possible which remain within the concept, scope, and spirit of the invention, and these variations would become clear to those skilled in the art after perusal of this application.

Claims

Claims
1. A method for operating a filer including the steps of: receiving at a first location a request from a user for an object; processing said request at a second location, wherein said step of processing includes at least one of the following: (1) searching for one or more recognizable patterns of data within said object, (2) compressing said object, and (3) encrypting said object; responding to said request, wherein said step of responding includes delivery of a response to said user.
2. The method of claim 1, wherein said request is in an electronic form.
3. The method of claim 1, wherein said object is a file.
4. The method of claim 3, wherein said step of processing said request further includes the steps of: creating an access path from said filer to a processing cluster; processing said file in said processing cluster; and generating a scan report wherein, said scan report is responsive to said processing of said file in said processing cluster.
5. The method of claim 4, wherein said step of creating an access path includes sending the ID and path of said file from said filer to said processing cluster.
6. The method of claim 5, wherein said step of sending is accomplished using non-uniform memory access.
7. The method of claim 5, wherein said step of sending is accomplished using a communications network.
8. The method of claim 5, wherein said step of sending is accomplished using a direct connection.
9. The method of claim 4, wherein said step of processing of said file is performed by said processing cluster in a round robin fashion for subsequent files received.
10. The method of claim 4, wherein said step of processing of said file is accomplished in parts by more than one device in said processing cluster.
11. The method of claim 4, wherein all files stored on said filer are scanned in a logical continuous manner.
12. The method of claim 4, wherein said scan report contains a set of status data relating to said processing of said file.
13. The method of claim 12, wherein said status data includes at least one data element identifying the presence or non-presence of a virus in said file.
14. The method of claim 13, wherein said report is transferred to said filer.
15. The method of claim 14, wherein said report is stored in a first database.
16. The method of claim 15, wherein the necessity for subsequent scanning of said file is a function of determining whether said database contains said report relating to said file and whether said file has changed since last accessed.
17. The method of claim 16, wherein the necessity for subsequent scanning of said file is a function of determining whether additional virus identification data files have been added to said processing cluster.
18. The method of claim 1 , wherein said delivery of a response is said file.
19. The method of claim 1 , wherein said delivery of a response includes notification to said user that said file is unavailable.
20. The method of claim 1, wherein said step of responding to said request includes sending said user a copy of said scan report.
21. An apparatus for operating a filer including: means for receiving at a first location a request from a user for an object; means for processing said request at a second location, wherein said means for processing includes at least one of the following: (1) means for searching for one or more recognizable patterns of data within said object, (2) means for compressing said object, and (3) means for encrypting said object: means for responding to said request, wherein said means for responding includes delivery of a response to said user.
22. The apparatus of claim 21, wherein said object is a file.
23. The apparatus of claim 22, wherein said means for processing said request further includes: means for creating an access, path from said filer to a processing cluster; means for processing said file in said processing cluster; and means for generating a scan report wherein, said scan report is responsive to said processing of said file in said processing cluster.
24. The apparatus of claim 23, wherein said means for creating an access path includes means for sending the ID and path of said file from said filer to said processing cluster.
25. The apparatus of claim 24, wherein said sending is accomplished using non-uniform memory access.
26. The apparatus of claim 24, wherein said sending is accomplished using a communications network.
27. The apparatus of claim 24, wherein said sending is accomplished using a direct connection.
28. The apparatus of claim 23, wherein said processing of said file is performed by said processing cluster in a round robin fashion for subsequent files received.
29: The apparatus of claim 23, wherein said processing of said file is performed on atomic units of said file by more than one device in said processing cluster.
30. The apparatus of claim 23, wherein all files stored on said filer are scanned in a logical continuous manner.
31. The apparatus of claim 23, wherein said scan report contains a set of status data relating to said processing of said file.
32. The apparatus of claim 31, wherein said status data includes at least one data element identifying the presence or non-presence of a virus in said file.
33. The apparatus of claim 31, wherein said report is transferred to said filer.
34. The apparatus of claim 33, wherein said report is stored in a first database.
35. The apparatus of claim 34, wherein the necessity for subsequent scanning of said file is a function of determining whether said database contains said report relating to said file and whether said file has changed since last accessed.
36. The apparatus of claim 35, wherein the necessity for subsequent scanning of said file is a function of determining whether additional virus identification data files have been added to said processing cluster.
37. The apparatus of claim 21 , wherein said delivery of a response is delivery of said file.
38. The apparatus of claim 21, wherein said delivery of a response includes delivery of notification to said user that said file is unavailable.
39. The apparatus of claim 21, wherein said responding to said request includes sending said user some portion of said scan report.
40. A method of attempting to provide virus protection in a client- server environment, comprising the steps of: receiving a request at a server for a file; sending an identifier for the file to a scanning device that scans the file for viruses; receiving an indication from the scanning device as to whether or not the file is safe to send from the server; and responding to the request by sending the file if the indication is that the file is safe to send.
41. A method as in claim 40, wherein the scanning device indicates that the file is safe to send if the scanning device determines that the file is not infected with any viruses.
42. A method as in claim 40, wherein the request is received from and the file is sent to a client device.
43. A method as in claim 40, wherein the server is a web server.
44. A method as in claim 40, wherein the scanning device is one of a cluster of devices connected to the server that function similarly to the scanning device.
45. A method as in claim 44, wherein the cluster of devices is a cluster of interconnected personal computers.
46. A method of attempting to provide virus protection in a client- server environment, comprising the steps of: maintaining a database that indicates if files served by a server are safe to send from the server; receiving a request at the server for a file; i if the database indicates that the file is safe to send, responding to the request by sending the file; and if the database does not indicate that the file is safe to send, then sending an identifier for the file to a scanning device that scans the file for viruses, receiving an indication from the scanning device as to whether or not the file is safe to send from the server, and responding to the request by sending the file if the indication is that the file is safe to send.
47. A method as in claim 46, wherein m ntaining the database further comprises the steps of: tracking received indications from the scanning device; and tracking accesses to the file.
48. A method as in claim 47, wherein a tracked indication in the database that the file is safe to send is cancelled if the file has changed since the tracked indication was incorporated into the database.
49. A method as in claim 46, wherein the scanning device indicates that the file is safe to send if the scanning device determines that the file is not infected with any viruses.
50. A method as in claim 46, wherein the request is received from and the file is sent to a client device.
51. A method as in claim 46, wherein the server is a web server.
52. A method of attempting to provide virus protection in a client- server environment, comprising the steps of: receiving from a server, at a scanning device connected to the server, an identifier for a file stored on mass storage for the server; scanning the file for viruses; and reporting an indication to the server as to whether or not the file is infected.
53. A method as in claim 52, further comprising the step of changing, deleting, or otherwise modifying the file based on a result of scanning the file for viruses.
54. A method as in claim 52, wherein the server is a web server.
55. A method as in claim 52, wherein the scanning device is one of a cluster of devices connected to the server that function similarly to the scanning device.
56. A method as in claim 55, wherein the cluster of devices is a cluster of interconnected personal computers.
57. A server that attempts to provide virus protection in a client-server environment, comprising: a communication link to client devices; mass storage for files; and a processor that executes instructions in order to send requested files to the client devices, the instructions also including instructions (a) to receive a request for a file, (b) to send an identifier for the file to a scanning device that scans the file for viruses, (c) to receive an indication from the scanning device as to whether or not the file is safe to send from the server, and (d) to respond to the request by sending the file if the indication is that the file is safe to send.
58. A server as in claim 57, wherein the scanning device indicates that the file is safe to send if the scanning device determines that the file is not infected with any viruses.
59. A server as in claim 57, wherein the request is received from and the file is sent to a client device.
60. A server as in claim 57, wherein the server is a web server.
61. A server as in claim 57, wherein the scanning device is one of a cluster of devices connected to the server that function similarly to the scanning device.
62. A server as in claim 61 , wherein the cluster of devices is a cluster of interconnected personal computers.
63. A server that attempts to provide virus protection in a client-server environment, comprising: a communication link to client devices; mass storage for files; and a processor that executes instructions in order to send requested files to the client devices, the instructions also including instructions (a) to maintain a database that indicates if files served by a server are safe to send from the server, (b) to receive a request at the server for a file, (c) if the database indicates that the file is safe to send, to respond to the request by sending the file, and (d) if the database does not indicate that the file is safe to send, then to send an identifier for the file to a scanning device that scans the file for viruses, to receive an indication from the scanning device as to whether or not the file is safe to send from the server, and to respond to the request by sending the file if the indication is that the file is safe to send.
64. A server as in claim 63, wherein the instructions to maintain the database further comprise instructions to track received indications from the scanning device, and to track accesses to the file.
65. A server as in claim 64, wherein a tracked indication in the database that the file is safe to send is cancelled if the file has changed since the tracked indication was incorporated into the database.
66. A server as in claim 63, wherein the scanning device indicates that the file is safe to send if the scanning device determines that the file is not infected with any viruses.
67. A server as in claim 63, wherein the request is received from and the file is sent to a client device.
68. A server as in claim 63, wherein the server is a web server.
69. A scanning device that attempts to provide virus protection for a server in a client-server environment, comprising: a communication link to the server; and a processor that executes instructions, the instructions including instructions (a) to receive from the server an identifier for a file stored on mass storage for the server, (b) to scan the file for viruses, and (c) to report an indication to the server as to whether or not the file is infected.
70. A scanning device as in claim 69, wherein the instructions further comprise instructions to change, delete, or otherwise modify the file based on a result of scanning the file for viruses.
71. A scanning device as in claim 69, wherein the server is a web server.
72. A scanning device as in claim 69, wherein the scanning device is one of a cluster of devices connected to the server that function similarly to the scanning device.
73. A scanning device as in claim 72, wherein the cluster of devices is a cluster of interconnected personal computers.
74. Storage containing information including instructions, the instructions executable by a processor to attempt to provide virus protection in a client-server environment, the instructions comprising the steps of: receiving a request at a server for a file; sending an identifier for the file to a scanning device that scans the file for viruses; receiving an indication from the scanning device as to whether or not the file is safe to send from the server; and responding to the request by sending the file if the indication is that the file is safe to send.
75. Storage as in claim 74, wherein the scanning device indicates that the file is safe to send if the scanning device determines that the file is not infected with any viruses.
76. Storage as in claim 74, wherein the request is received from and the file is sent to a client device.
77. Storage as in claim 74, wherein the server is a web server.
78. Storage as in claim 74, wherein the scanning device is one of a cluster of devices connected to the server that function similarly to the scanning device.
79. Storage as in claim 78, wherein the cluster of devices is a cluster of interconnected personal computers.
80. Storage containing information including instructions, the instructions executable by a processor to attempt to provide virus protection in a client-server environment, the instructions comprising the steps of: maintaining a database that indicates if files served by a server are safe to send from the server; receiving a request at the server for a file; if the database indicates that the file is safe to send, responding to the request by sending the file; and if the database does not indicate that the file is safe to send, then sending an identifier for the file to a scanning device that scans the file for viruses, receiving an indication from the scanning device as to whether or not the file is safe to send from the server, and responding to the request by sending the file if the indication is that the file is safe to send.
81. Storage as in claim 80, wherein maintaining the database further comprises the steps of: tracking received indications from the scanning device; and tracking accesses to the file.
82. Storage as in claim 81, wherein a tracked indication in the database that the file is safe to send is cancelled if the file has changed since the tracked indication was incorporated into the database.
83. Storage as in claim 80, wherein the scanning device indicates that the file is safe to send if the scanning device determines that the file is not infected with any viruses.
84. Storage as in claim 80, wherein the request is received from and the file is sent to a client device.
85. Storage as in claim 80, wherein the server is a web server.
86. Storage containing information including instructions, the instructions executable by a processor to attempt to provide virus protection in a client-server environment, the instructions comprising the steps of: receiving from a server, at a scanning device connected to the server, an identifier for a file stored on mass storage for the server; scanning the file for viruses; and reporting an indication to the server as to whether or not the file is infected.
87. Storage as in claim 86, wherein the instructions further comprise the step of changing, deleting, or otherwise modifying the file based on a result of scanning the file for viruses.
88. Storage as in claim 86, wherein the server is a web server.
89. Storage as in claim 86, wherein the scanning device is one of a cluster of devices connected to the server that function similarly to the scanning device.
90. Storage as in claim 89, wherein the cluster of devices is a cluster of interconnected personal computers.
PCT/US2001/046688 2000-12-01 2001-11-30 Decentralized appliance virus scanning WO2002044862A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP01987296A EP1348159A4 (en) 2000-12-01 2001-11-30 Decentralized appliance virus scanning
JP2002546962A JP4537651B2 (en) 2000-12-01 2001-11-30 Virus scanning on decentralized devices

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/728,701 2000-12-01
US09/728,701 US7346928B1 (en) 2000-12-01 2000-12-01 Decentralized appliance virus scanning

Publications (2)

Publication Number Publication Date
WO2002044862A2 true WO2002044862A2 (en) 2002-06-06
WO2002044862A3 WO2002044862A3 (en) 2003-05-30

Family

ID=24927953

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/US2001/046688 WO2002044862A2 (en) 2000-12-01 2001-11-30 Decentralized appliance virus scanning
PCT/US2001/051581 WO2002095588A2 (en) 2000-12-01 2001-11-30 Decentralized virus scanning for stored data

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/US2001/051581 WO2002095588A2 (en) 2000-12-01 2001-11-30 Decentralized virus scanning for stored data

Country Status (4)

Country Link
US (2) US7346928B1 (en)
EP (3) EP1348159A4 (en)
JP (5) JP4537651B2 (en)
WO (2) WO2002044862A2 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6715034B1 (en) 1999-12-13 2004-03-30 Network Appliance, Inc. Switching file system request in a mass storage system
US7032062B2 (en) 1999-02-02 2006-04-18 Hitachi, Ltd. Disk subsystem
US7346928B1 (en) 2000-12-01 2008-03-18 Network Appliance, Inc. Decentralized appliance virus scanning
US7778981B2 (en) 2000-12-01 2010-08-17 Netapp, Inc. Policy engine to control the servicing of requests received by a storage server
US8769690B2 (en) 2006-03-24 2014-07-01 AVG Netherlands B.V. Protection from malicious web content

Families Citing this family (70)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6961749B1 (en) 1999-08-25 2005-11-01 Network Appliance, Inc. Scalable file server with highly available pairs
US20020144121A1 (en) * 2001-03-30 2002-10-03 Ellison Carl M. Checking file integrity using signature generated in isolated execution
US7043758B2 (en) * 2001-06-15 2006-05-09 Mcafee, Inc. Scanning computer files for specified content
US7310817B2 (en) * 2001-07-26 2007-12-18 Mcafee, Inc. Centrally managed malware scanning
US7673343B1 (en) * 2001-07-26 2010-03-02 Mcafee, Inc. Anti-virus scanning co-processor
US7461403B1 (en) * 2001-08-03 2008-12-02 Mcafee, Inc. System and method for providing passive screening of transient messages in a distributed computing environment
US7266843B2 (en) * 2001-12-26 2007-09-04 Mcafee, Inc. Malware scanning to create clean storage locations
US7152118B2 (en) * 2002-02-25 2006-12-19 Broadcom Corporation System, method and computer program product for caching domain name system information on a network gateway
US8533282B2 (en) * 2002-02-25 2013-09-10 Broadcom Corporation System, method and computer program product for selectively caching domain name system information on a network gateway
US7376842B1 (en) * 2002-03-13 2008-05-20 Mcafee, Inc. Malware scanning messages containing multiple data records
JP3979285B2 (en) * 2002-12-17 2007-09-19 株式会社日立製作所 Information processing system
US20040158741A1 (en) * 2003-02-07 2004-08-12 Peter Schneider System and method for remote virus scanning in wireless networks
US8838950B2 (en) 2003-06-23 2014-09-16 International Business Machines Corporation Security architecture for system on chip
US20050028010A1 (en) * 2003-07-29 2005-02-03 International Business Machines Corporation System and method for addressing denial of service virus attacks
US7386719B2 (en) * 2003-07-29 2008-06-10 International Business Machines Corporation System and method for eliminating viruses at a web page server
US20050081053A1 (en) * 2003-10-10 2005-04-14 International Business Machines Corlporation Systems and methods for efficient computer virus detection
US20050086526A1 (en) * 2003-10-17 2005-04-21 Panda Software S.L. (Sociedad Unipersonal) Computer implemented method providing software virus infection information in real time
US20050108415A1 (en) * 2003-11-04 2005-05-19 Turk Doughan A. System and method for traffic analysis
US20050177748A1 (en) * 2004-02-10 2005-08-11 Seiichi Katano Virus protection for multi-function peripherals
US7373667B1 (en) * 2004-05-14 2008-05-13 Symantec Corporation Protecting a computer coupled to a network from malicious code infections
US7484094B1 (en) 2004-05-14 2009-01-27 Symantec Corporation Opening computer files quickly and safely over a network
US7694340B2 (en) * 2004-06-21 2010-04-06 Microsoft Corporation Anti virus for an item store
US7424745B2 (en) * 2005-02-14 2008-09-09 Lenovo (Singapore) Pte. Ltd. Anti-virus fix for intermittently connected client computers
US8055724B2 (en) * 2005-03-21 2011-11-08 Emc Corporation Selection of migration methods including partial read restore in distributed storage management
US20060250968A1 (en) * 2005-05-03 2006-11-09 Microsoft Corporation Network access protection
US10764264B2 (en) * 2005-07-11 2020-09-01 Avaya Inc. Technique for authenticating network users
JP4718288B2 (en) * 2005-09-29 2011-07-06 株式会社日立製作所 Diskless computer operation management system
US20070094731A1 (en) * 2005-10-25 2007-04-26 Microsoft Corporation Integrated functionality for detecting and treating undesirable activities
JP4687382B2 (en) * 2005-10-25 2011-05-25 株式会社日立製作所 Virus check method in storage system
US8056076B1 (en) * 2006-03-31 2011-11-08 Vmware, Inc. Method and system for acquiring a quiesceing set of information associated with a virtual machine
US7730538B2 (en) * 2006-06-02 2010-06-01 Microsoft Corporation Combining virus checking and replication filtration
US8090393B1 (en) * 2006-06-30 2012-01-03 Symantec Operating Corporation System and method for collecting and analyzing malicious code sent to mobile devices
US8631494B2 (en) 2006-07-06 2014-01-14 Imation Corp. Method and device for scanning data for signatures prior to storage in a storage device
US8056133B1 (en) * 2006-07-26 2011-11-08 Trend Micro Incorporated Protecting computers from viruses in peer-to-peer data transfers
US7853830B2 (en) * 2006-11-03 2010-12-14 Thomson Licensing Apparatus and method for providing error notification in a wireless virtual file system
US8127358B1 (en) 2007-05-30 2012-02-28 Trend Micro Incorporated Thin client for computer security applications
US7783666B1 (en) 2007-09-26 2010-08-24 Netapp, Inc. Controlling access to storage resources by using access pattern based quotas
US20090094698A1 (en) * 2007-10-09 2009-04-09 Anthony Lynn Nichols Method and system for efficiently scanning a computer storage device for pestware
US20090319772A1 (en) * 2008-04-25 2009-12-24 Netapp, Inc. In-line content based security for data at rest in a network storage system
US9395929B2 (en) * 2008-04-25 2016-07-19 Netapp, Inc. Network storage server with integrated encryption, compression and deduplication capability
US8117464B1 (en) 2008-04-30 2012-02-14 Netapp, Inc. Sub-volume level security for deduplicated data
US8589697B2 (en) 2008-04-30 2013-11-19 Netapp, Inc. Discarding sensitive data from persistent point-in-time image
US8302192B1 (en) * 2008-04-30 2012-10-30 Netapp, Inc. Integrating anti-virus in a clustered storage system
US20100071064A1 (en) * 2008-09-17 2010-03-18 Weber Bret S Apparatus, systems, and methods for content selfscanning in a storage system
US8161556B2 (en) * 2008-12-17 2012-04-17 Symantec Corporation Context-aware real-time computer-protection systems and methods
US8972515B2 (en) 2009-03-30 2015-03-03 The Boeing Company Computer architectures using shared storage
US8510838B1 (en) * 2009-04-08 2013-08-13 Trend Micro, Inc. Malware protection using file input/output virtualization
US8312548B1 (en) 2009-04-24 2012-11-13 Network Appliance, Inc. Volume metadata update system for antivirus attributes
US8370943B1 (en) * 2009-10-28 2013-02-05 Netapp, Inc. Load balancing of scan requests to all antivirus servers in a cluster
JP5463268B2 (en) * 2009-11-20 2014-04-09 サムソン エスディーエス カンパニー リミテッド Anti-virus protection system and method
US9529689B2 (en) * 2009-11-30 2016-12-27 Red Hat, Inc. Monitoring cloud computing environments
US9002972B2 (en) * 2010-01-29 2015-04-07 Symantec Corporation Systems and methods for sharing the results of computing operations among related computing systems
EP2559217B1 (en) * 2010-04-16 2019-08-14 Cisco Technology, Inc. System and method for near-real time network attack detection, and system and method for unified detection via detection routing
US8667489B2 (en) 2010-06-29 2014-03-04 Symantec Corporation Systems and methods for sharing the results of analyses among virtual machines
US9098462B1 (en) 2010-09-14 2015-08-04 The Boeing Company Communications via shared memory
RU2444056C1 (en) 2010-11-01 2012-02-27 Закрытое акционерное общество "Лаборатория Касперского" System and method of speeding up problem solving by accumulating statistical information
KR101389682B1 (en) * 2011-08-25 2014-04-28 주식회사 팬택 System and method that prevent virus damage
CN103678997B (en) * 2012-08-30 2017-12-01 腾讯科技(深圳)有限公司 System safety check method and device
GB2506622A (en) * 2012-10-04 2014-04-09 Ibm Anti-virus data management
US9898374B2 (en) 2014-04-08 2018-02-20 International Business Machines Corporation Recovery of an infected and quarantined file in a primary storage controller from a secondary storage controller
US9557924B2 (en) * 2014-04-08 2017-01-31 International Business Machines Corporation Anti-virus scan via a secondary storage controller that maintains an asynchronous copy of data of a primary storage controller
GB2531514B (en) * 2014-10-17 2019-10-30 F Secure Corp Malware detection method
US9654496B1 (en) * 2015-03-31 2017-05-16 Juniper Networks, Inc. Obtaining suspect objects based on detecting suspicious activity
RU2617923C2 (en) * 2015-09-30 2017-04-28 Акционерное общество "Лаборатория Касперского" System and method for anti-virus scanning setting
WO2018187541A1 (en) * 2017-04-06 2018-10-11 Walmart Apollo, Llc Infected file detection and quarantine system
US9864956B1 (en) 2017-05-01 2018-01-09 SparkCognition, Inc. Generation and use of trained file classifiers for malware detection
US10616252B2 (en) 2017-06-30 2020-04-07 SparkCognition, Inc. Automated detection of malware using trained neural network-based file classifiers and machine learning
US10305923B2 (en) 2017-06-30 2019-05-28 SparkCognition, Inc. Server-supported malware detection and protection
CN108200059B (en) * 2018-01-02 2020-11-03 深圳壹账通智能科技有限公司 File transmission method, device, equipment and computer readable storage medium
CN112364395A (en) * 2020-11-11 2021-02-12 中国信息安全测评中心 Safety protection method and device for solid state disk

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997049252A2 (en) 1996-06-21 1997-12-24 Integrated Computing Engines, Inc. Network based programmable media manipulator
US6088803A (en) 1997-12-30 2000-07-11 Intel Corporation System for virus-checking network data during download to a client device

Family Cites Families (102)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4104718A (en) * 1974-12-16 1978-08-01 Compagnie Honeywell Bull (Societe Anonyme) System for protecting shared files in a multiprogrammed computer
US4937763A (en) * 1988-09-06 1990-06-26 E I International, Inc. Method of system state analysis
US5067099A (en) * 1988-11-03 1991-11-19 Allied-Signal Inc. Methods and apparatus for monitoring system performance
DE3901457A1 (en) * 1989-01-19 1990-08-02 Strahlen Umweltforsch Gmbh METHOD FOR ADDRESS AREA MONITORING IN REAL-TIME DATA PROCESSING DEVICES
US5261051A (en) * 1989-08-14 1993-11-09 Microsoft Corporation Method and system for open file caching in a networked computer system
CA2066724C (en) * 1989-09-01 2000-12-05 Helge Knudsen Operating system and data base
CA2036688C (en) 1990-02-28 1995-01-03 Lee W. Tower Multiple cluster signal processor
US5963962A (en) 1995-05-31 1999-10-05 Network Appliance, Inc. Write anywhere file-system layout
JP3751018B2 (en) 1993-06-03 2006-03-01 ネットワーク・アプライアンス・インコーポレイテッド LightAnywhere file system layout
US6138126A (en) 1995-05-31 2000-10-24 Network Appliance, Inc. Method for allocating files in a file system integrated with a raid disk sub-system
US5649099A (en) * 1993-06-04 1997-07-15 Xerox Corporation Method for delegating access rights through executable access control program without delegating access rights not in a specification to any intermediary nor comprising server security
US5771354A (en) 1993-11-04 1998-06-23 Crawford; Christopher M. Internet online backup system provides remote storage for customers using IDs and passwords which were interactively established when signing up for backup services
JPH07281980A (en) * 1994-04-08 1995-10-27 Hitachi Ltd Virus infection protecting method
US5630048A (en) 1994-05-19 1997-05-13 La Joie; Leslie T. Diagnostic system for run-time monitoring of computer operations
US5649152A (en) 1994-10-13 1997-07-15 Vinca Corporation Method and system for providing a static snapshot of data stored on a mass storage system
US5835953A (en) 1994-10-13 1998-11-10 Vinca Corporation Backup system that takes a snapshot of the locations in a mass storage device that has been identified for updating prior to updating
JPH08147159A (en) * 1994-11-16 1996-06-07 Hitachi Ltd Information processor
US5630049A (en) 1994-11-30 1997-05-13 Digital Equipment Corporation Method and apparatus for testing software on a computer network
US5604862A (en) 1995-03-14 1997-02-18 Network Integrity, Inc. Continuously-snapshotted protection of computer files
JP4162099B2 (en) * 1995-06-02 2008-10-08 富士通株式会社 Device having function to cope with virus infection and storage device thereof
US5623600A (en) * 1995-09-26 1997-04-22 Trend Micro, Incorporated Virus detection and removal apparatus for computer networks
US5889943A (en) 1995-09-26 1999-03-30 Trend Micro Incorporated Apparatus and method for electronic mail virus detection and elimination
US5838910A (en) 1996-03-14 1998-11-17 Domenikos; Steven D. Systems and methods for executing application programs from a memory device linked to a server at an internet site
US5787409A (en) 1996-05-17 1998-07-28 International Business Machines Corporation Dynamic monitoring architecture
US6360256B1 (en) * 1996-07-01 2002-03-19 Sun Microsystems, Inc. Name service for a redundant array of internet servers
US6076105A (en) * 1996-08-02 2000-06-13 Hewlett-Packard Corp. Distributed resource and project management
US5819047A (en) * 1996-08-30 1998-10-06 At&T Corp Method for controlling resource usage by network identities
JPH1074153A (en) * 1996-08-30 1998-03-17 Fuji Xerox Co Ltd File managing device and method for transferring file
WO1998027506A2 (en) 1996-12-17 1998-06-25 Inca Technology, Inc. Ndc consistency reconnect mechanism
US5925126A (en) 1997-03-18 1999-07-20 Memco Software, Ltd. Method for security shield implementation in computer system's software
US6108785A (en) * 1997-03-31 2000-08-22 Intel Corporation Method and apparatus for preventing unauthorized usage of a computer system
JPH11143840A (en) 1997-11-05 1999-05-28 Hitachi Ltd System and method for distributed object
US5968176A (en) 1997-05-29 1999-10-19 3Com Corporation Multilayer firewall system
JP3817339B2 (en) 1997-06-26 2006-09-06 株式会社日立製作所 File input / output control method
GB2328045B (en) 1997-08-08 2002-06-05 Ibm Data processing system diagnostics
US6230200B1 (en) * 1997-09-08 2001-05-08 Emc Corporation Dynamic modeling for resource allocation in a file server
DE19739553A1 (en) * 1997-09-09 1999-03-11 Siemens Ag Pre-charging circuit for a capacitor connected to the output of a line-guided converter
JP3369445B2 (en) 1997-09-22 2003-01-20 富士通株式会社 Network service server load adjusting device, method and recording medium
US6148349A (en) * 1998-02-06 2000-11-14 Ncr Corporation Dynamic and consistent naming of fabric attached storage by a file system on a compute node storing information mapping API system I/O calls for data objects with a globally unique identification
US6185598B1 (en) * 1998-02-10 2001-02-06 Digital Island, Inc. Optimized network resource location
US6697846B1 (en) * 1998-03-20 2004-02-24 Dataplow, Inc. Shared file system
US6327677B1 (en) 1998-04-27 2001-12-04 Proactive Networks Method and apparatus for monitoring a network environment
US6237114B1 (en) 1998-05-13 2001-05-22 Sun Microsystems, Inc. System and method for evaluating monitored computer systems
US6157955A (en) * 1998-06-15 2000-12-05 Intel Corporation Packet processing system including a policy engine having a classification unit
US6275939B1 (en) 1998-06-25 2001-08-14 Westcorp Software Systems, Inc. System and method for securely accessing a database from a remote location
US6973455B1 (en) * 1999-03-03 2005-12-06 Emc Corporation File server system providing direct data sharing between clients with a server acting as an arbiter and coordinator
US6405327B1 (en) 1998-08-19 2002-06-11 Unisys Corporation Apparatus for and method of automatic monitoring of computer performance
US6253217B1 (en) * 1998-08-31 2001-06-26 Xerox Corporation Active properties for dynamic document management system configuration
US6338141B1 (en) * 1998-09-30 2002-01-08 Cybersoft, Inc. Method and apparatus for computer virus detection, analysis, and removal in real time
DE19856519B4 (en) * 1998-12-08 2004-12-16 International Business Machines Corp. Data storage system and method for its operation
US6266774B1 (en) * 1998-12-08 2001-07-24 Mcafee.Com Corporation Method and system for securing, managing or optimizing a personal computer
US6324578B1 (en) * 1998-12-14 2001-11-27 International Business Machines Corporation Methods, systems and computer program products for management of configurable application programs on a network
US6327594B1 (en) * 1999-01-29 2001-12-04 International Business Machines Corporation Methods for shared data management in a pervasive computing environment
US20030191957A1 (en) * 1999-02-19 2003-10-09 Ari Hypponen Distributed computer virus detection and scanning
US6324581B1 (en) * 1999-03-03 2001-11-27 Emc Corporation File server system using file system storage, data movers, and an exchange of meta data among data movers for file locking and direct access to shared file systems
US6401126B1 (en) * 1999-03-10 2002-06-04 Microsoft Corporation File server system and method for scheduling data streams according to a distributed scheduling policy
US6801949B1 (en) * 1999-04-12 2004-10-05 Rainfinity, Inc. Distributed server cluster with graphical user interface
US6542967B1 (en) * 1999-04-12 2003-04-01 Novell, Inc. Cache object store
US6226752B1 (en) 1999-05-11 2001-05-01 Sun Microsystems, Inc. Method and apparatus for authenticating users
US6577636B1 (en) * 1999-05-21 2003-06-10 Advanced Micro Devices, Inc. Decision making engine receiving and storing a portion of a data frame in order to perform a frame forwarding decision
US7032022B1 (en) * 1999-06-10 2006-04-18 Alcatel Statistics aggregation for policy-based network
US6944183B1 (en) * 1999-06-10 2005-09-13 Alcatel Object model for network policy management
US6519679B2 (en) * 1999-06-11 2003-02-11 Dell Usa, L.P. Policy based storage configuration
US6560632B1 (en) * 1999-07-16 2003-05-06 International Business Machines Corporation System and method for managing files in a distributed system using prioritization
GB2352370B (en) 1999-07-21 2003-09-03 Int Computers Ltd Migration from in-clear to encrypted working over a communications link
US6523027B1 (en) * 1999-07-30 2003-02-18 Accenture Llp Interfacing servers in a Java based e-commerce architecture
US6490666B1 (en) * 1999-08-20 2002-12-03 Microsoft Corporation Buffering data in a hierarchical data storage environment
US6256773B1 (en) * 1999-08-31 2001-07-03 Accenture Llp System, method and article of manufacture for configuration management in a development architecture framework
US7020697B1 (en) * 1999-10-01 2006-03-28 Accenture Llp Architectures for netcentric computing systems
ATE247296T1 (en) 1999-10-25 2003-08-15 Sun Microsystems Inc STORAGE SYSTEM SUPPORTING FILE LEVEL AND BLOCK LEVEL ACCESS
US6351776B1 (en) * 1999-11-04 2002-02-26 Xdrive, Inc. Shared internet storage resource, user interface system, and method
US6606744B1 (en) * 1999-11-22 2003-08-12 Accenture, Llp Providing collaborative installation management in a network-based supply chain environment
EP1234222A2 (en) * 1999-12-02 2002-08-28 Secure Computing Corporation Security managementsystem in an heterogeneous network environment
US20020120741A1 (en) * 2000-03-03 2002-08-29 Webb Theodore S. Systems and methods for using distributed interconnects in information management enviroments
US20030046396A1 (en) * 2000-03-03 2003-03-06 Richter Roger K. Systems and methods for managing resource utilization in information management environments
US20020194251A1 (en) * 2000-03-03 2002-12-19 Richter Roger K. Systems and methods for resource usage accounting in information management environments
US6502102B1 (en) 2000-03-27 2002-12-31 Accenture Llp System, method and article of manufacture for a table-driven automated scripting architecture
US7293083B1 (en) * 2000-04-27 2007-11-06 Hewlett-Packard Development Company, L.P. Internet usage data recording system and method employing distributed data processing and data storage
US7124180B1 (en) * 2000-04-27 2006-10-17 Hewlett-Packard Development Company, L.P. Internet usage data recording system and method employing a configurable rule engine for the processing and correlation of network data
US7349960B1 (en) * 2000-05-20 2008-03-25 Ciena Corporation Throttling distributed statistical data retrieval in a network device
US6931540B1 (en) * 2000-05-31 2005-08-16 Networks Associates Technology, Inc. System, method and computer program product for selecting virus detection actions based on a process by which files are being accessed
US6721721B1 (en) * 2000-06-15 2004-04-13 International Business Machines Corporation Virus checking and reporting for computer database search results
US20020103907A1 (en) * 2000-06-20 2002-08-01 Erik Petersen System and method of storing data to a recording medium
US6981070B1 (en) 2000-07-12 2005-12-27 Shun Hang Luk Network storage device having solid-state non-volatile memory
GB2365556B (en) * 2000-08-04 2005-04-27 Hewlett Packard Co Gateway device for remote file server services
US20020124090A1 (en) * 2000-08-18 2002-09-05 Poier Skye M. Method and apparatus for data communication between a plurality of parties
CA2489324A1 (en) * 2000-09-11 2003-12-24 Agami Systems, Inc. Storage system having partitioned migratable metadata
US6785732B1 (en) * 2000-09-11 2004-08-31 International Business Machines Corporation Web server apparatus and method for virus checking
US6802012B1 (en) * 2000-10-03 2004-10-05 Networks Associates Technology, Inc. Scanning computer files for unwanted properties
US6721862B2 (en) * 2000-10-11 2004-04-13 Mcdata Corporation Method and circuit for replicating data in a fiber channel network, or the like
US20020065946A1 (en) * 2000-10-17 2002-05-30 Shankar Narayan Synchronized computing with internet widgets
EP1364510B1 (en) * 2000-10-26 2007-12-12 Prismedia Networks, Inc. Method and system for managing distributed content and related metadata
US8250570B2 (en) * 2000-10-31 2012-08-21 Hewlett-Packard Development Company, L.P. Automated provisioning framework for internet site servers
WO2002061525A2 (en) * 2000-11-02 2002-08-08 Pirus Networks Tcp/udp acceleration
US6918113B2 (en) 2000-11-06 2005-07-12 Endeavors Technology, Inc. Client installation and execution system for streamed applications
GB0027280D0 (en) * 2000-11-08 2000-12-27 Malcolm Peter An information management system
US7237027B1 (en) * 2000-11-10 2007-06-26 Agami Systems, Inc. Scalable storage system
US7346928B1 (en) 2000-12-01 2008-03-18 Network Appliance, Inc. Decentralized appliance virus scanning
US7778981B2 (en) * 2000-12-01 2010-08-17 Netapp, Inc. Policy engine to control the servicing of requests received by a storage server
US6757753B1 (en) * 2001-06-06 2004-06-29 Lsi Logic Corporation Uniform routing of storage access requests through redundant array controllers
US6888217B2 (en) * 2001-08-30 2005-05-03 Micron Technology, Inc. Capacitor for use in an integrated circuit
US7958199B2 (en) * 2001-11-02 2011-06-07 Oracle America, Inc. Switching systems and methods for storage management in digital networks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1997049252A2 (en) 1996-06-21 1997-12-24 Integrated Computing Engines, Inc. Network based programmable media manipulator
US6088803A (en) 1997-12-30 2000-07-11 Intel Corporation System for virus-checking network data during download to a client device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1348159A4

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7032062B2 (en) 1999-02-02 2006-04-18 Hitachi, Ltd. Disk subsystem
US7836249B2 (en) 1999-02-02 2010-11-16 Hitachi, Ltd. Disk subsystem
US8234437B2 (en) 1999-02-02 2012-07-31 Hitachi, Ltd. Disk subsystem
US8554979B2 (en) 1999-02-02 2013-10-08 Hitachi, Ltd. Disk subsystem
US8949503B2 (en) 1999-02-02 2015-02-03 Hitachi, Ltd. Disk subsystem
US6715034B1 (en) 1999-12-13 2004-03-30 Network Appliance, Inc. Switching file system request in a mass storage system
US7346928B1 (en) 2000-12-01 2008-03-18 Network Appliance, Inc. Decentralized appliance virus scanning
US7523487B2 (en) 2000-12-01 2009-04-21 Netapp, Inc. Decentralized virus scanning for stored data
US7778981B2 (en) 2000-12-01 2010-08-17 Netapp, Inc. Policy engine to control the servicing of requests received by a storage server
US8769690B2 (en) 2006-03-24 2014-07-01 AVG Netherlands B.V. Protection from malicious web content

Also Published As

Publication number Publication date
EP1939706A1 (en) 2008-07-02
US20020103783A1 (en) 2002-08-01
EP1348159A2 (en) 2003-10-01
JP4537651B2 (en) 2010-09-01
WO2002095588A2 (en) 2002-11-28
WO2002044862A3 (en) 2003-05-30
EP1348159A4 (en) 2006-10-25
JP2007323674A (en) 2007-12-13
WO2002095588B1 (en) 2003-09-04
JP2008305418A (en) 2008-12-18
EP1348162A4 (en) 2006-10-25
WO2002095588A3 (en) 2003-02-13
JP4881348B2 (en) 2012-02-22
EP1348162A2 (en) 2003-10-01
JP4862054B2 (en) 2012-01-25
JP2004527857A (en) 2004-09-09
JP2009146432A (en) 2009-07-02
US7523487B2 (en) 2009-04-21
JP2004523820A (en) 2004-08-05
US7346928B1 (en) 2008-03-18

Similar Documents

Publication Publication Date Title
US7346928B1 (en) Decentralized appliance virus scanning
JP6522707B2 (en) Method and apparatus for coping with malware
US10552603B2 (en) Malicious mobile code runtime monitoring system and methods
US8677494B2 (en) Malicious mobile code runtime monitoring system and methods
Bayer et al. Scalable, behavior-based malware clustering.
US7613926B2 (en) Method and system for protecting a computer and a network from hostile downloadables
US6330588B1 (en) Verification of software agents and agent activities
JP4852542B2 (en) Methods, computer programs, and data structures for intrusion detection, intrusion response, and vulnerability remediation across target computer systems
US8607335B1 (en) Internet file safety information center
US9219755B2 (en) Malicious mobile code runtime monitoring system and methods
US20060026693A1 (en) Method, apparatus, and product for asserting physical presence with a trusted platform module in a hypervisor environment
JP5599892B2 (en) Malware detection and response to malware using link files
RU2723665C1 (en) Dynamic reputation indicator for optimization of computer security operations
US6952770B1 (en) Method and apparatus for hardware platform identification with privacy protection
US8042185B1 (en) Anti-virus blade
JP2003514414A (en) Method and apparatus for providing redundant and flexible cryptographic services
CN113438228B (en) Application login method and device and readable storage medium
US20240036982A1 (en) Self-healing data protection system matching system attributes to relevant scripts using multiple scripts
KR20020022314A (en) Method and apparatus for analyzing a client computer

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): CA JP

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2002546962

Country of ref document: JP

WWE Wipo information: entry into national phase

Ref document number: 2001987296

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 2001987296

Country of ref document: EP