| 摘要 |
A virus detecting method and device, where the method includes: receiving a network data stream carrying a PE file; calculating first identification information according to structure information of the PE file; matching the first identification information with virus identification information prestored in an antivirus database, and determining whether the PE file is an Archive file; if the PE file is an Archive file, calculating second identification information according to the data packet that carries a data part of the Archive file; and matching the second identification information with the virus identification information prestored in the antivirus database, and if the matching succeeds, determining that the Archive file is an Archive virus file. The present invention can effectively determine whether an Archive-type PE file is a virus file. |
