| 摘要 |
Received files, for example in web traffic, are scanned when entering the computer system, by at least one malware scanning engine to determine whether or not the file possesses properties that are indicative of malware such as viruses, worms, Trojan horses, rootkits, adware and spyware. If it is determined that the file does possess properties that are indicative of malware, then at least one cleanliness scanning engine is used to determine whether or not the file possesses properties that are indicative of a clean file. If it is determined that the file possesses properties that are indicative of a clean file, then a false alarm is signalled. The system may therefore determine for example where the software does not make application programming interface calls, include graphics, sound, is in multiple languages, have clear text strings or has been known to the system for sometime, then it may be identified as being safe and therefore is released from quarantine by signaling a false alarm by the cleanliness scanner. |
