| 发明名称 | Detection of undesired computer files in archives | ||
| 摘要 | Systems and methods for content filtering are provided. According to one embodiment, a type and structure of an archive file are determined. The archive file includes identification bytes that identify the type of archive file and header information both in unencrypted and uncompressed form and a file data portion containing contents of files in encrypted form, compressed form or both. The determination is based solely on the identification bytes and/or the header information. Based thereon, descriptive information, describing characteristics of the files, is extracted from the header information for each file. The descriptive information includes a checksum of the file in uncompressed form, a size of the file in uncompressed form and/or a size of the file in compressed form. A file is identified as being potentially malicious or undesired when a comparison of the descriptive information to detection signatures of known malicious or undesired files results in a match. | ||
| 申请公布号 | US8793798(B2) | 申请公布日期 | 2014.07.29 |
| 申请号 | US201213690588 | 申请日期 | 2012.11.30 |
| 申请人 | Fortinet, Inc. | 发明人 | Fossen Steven Michael;MacDonald Alexander Douglas |
| 分类号 | G06F11/00;G06F12/14;G08B23/00;H04L12/58;G06F21/56;H04L29/06 | 主分类号 | G06F11/00 |
| 代理机构 | Hamilton, DeSanctis & Cha LLP | 代理人 | Hamilton, DeSanctis & Cha LLP |
| 主权项 | 1. A computer-implemented method comprising: determining, by an anti-virus detection module running on a computer system, a type and associated structure of an archive file, wherein the archive file includes (i) one or more identification bytes that identify the type of archive file in unencrypted and uncompressed form, (ii) header information in unencrypted and uncompressed form and (iii) a file data portion containing contents of one or more files in encrypted form, compressed form or both encrypted and compressed form and wherein said determining is performed based solely on one or more of the one or more identification bytes and the header information; and based on the type of archive file and the associated structure, for each of the one or more files, extracting, by the anti-virus detection module, descriptive information from the header information that describes characteristics of the one or more files, including one or more of a checksum of the file in uncompressed form, a size of the file in uncompressed form and a size of the file in compressed form; and identifying, by the anti-virus detection module, a file of the one or more files as a potentially malicious or undesired file when a comparison of the descriptive information to detection signatures of known malicious or undesired files results in a match. | ||
| 地址 | Sunnyvale CA US | ||