摘要 |
According to the invention, a network-based malicious code diagnosis method comprises: receiving, through a query, first information obtained by processing a portion of a file to be diagnosed from one or more client terminals having a malicious code diagnosis engine; searching for a signature matching the first information; and generating second information including the searched signature if the signature matching the first information is found, and transmitting the second information to the client terminals. Engine data such as the signature or the like are stored on a server side, and only engine code and a portion of filtering information are stored on a client side, such that the signature is obtained through a query made to the server side only when the signature is actually required, thereby improving the efficiency of a network. |