摘要 |
A method for determining whether an electronic file stored at a client device is infected with malware. A server receives from the client device a request message that includes signature information of the electronic file. The server queries a database of signature information. If the signature information corresponds to signature information stored on the database, a determination is made as to whether the electronic file is malware. If the signature information does not correspond to signature information stored on the database, a determination is made as to whether a number of further request messages for the electronic file are received from additional client devices within a time period. If fewer request messages are received within the time period, it is likely that the electronic file is malware. |