摘要 |
A malware detection method implemented within a computer comprises determining if a file is associated with a valid digital signature and, if it is, verifying that the signature belongs to a trusted source. If the signature does belong to a trusted source then a malware scan of the file is not performed, whereas if the signature cannot be verified as belonging to a trusted source a malware scan is performed. The step of verifying that the signature belongs to a trusted source may comprise maintaining a database of trusted public keys and determining if a public key used to verify the digital signature is contained in the database. The step of determining if the file is associated with a valid digital signature may comprise using an Application Programming Interface (API) of an operating system of the computer, such as the WinVerifyTrustEx API.
|