| 主权项 |
1. A method of providing a malware scanning service to a multiplicity of client computers, the method comprising at a backend server or set of servers performing the steps of:
receiving files to be scanned and for each file using at least one malware scanning engine to determine whether or not the file possesses properties that are indicative of malware, if it is determined that the file does possess properties that are indicative of malware, then using at least one cleanliness scanning engine to determine, using one or more heuristics, whether or not the file possesses properties that are indicative of a clean file, if it is determined that the file possesses properties that are indicative of a clean file, then signaling a false alarm; for files for which false alarms are signaled, performing a further automatic and/or manual check to confirm whether or not the file is malware; and for each file that is confirmed as malware and for each file that possesses properties that are indicative of malware but does possess properties that are indicative of a clean file, generating a scanning signature and/or scanning rule and distributing this/these to the client computers. |
