摘要 |
<p><P>PROBLEM TO BE SOLVED: To provide a system and method for efficiently determining that a received file is not malware. <P>SOLUTION: In operation, when a file is received at a computing device, an evaluation is made as to whether the file includes user-modifiable or superficial data areas i.e., areas of the file that by their nature do not typically carry or embed malware. If the file includes superficial data areas, those superficial data areas are filtered out and a file signature is generated based on the remaining portions of the received file. The file can then be compared to a list of known malware to determine if the file is malware. Alternatively, the file can be compared to a list of known, trusted files to determine whether the file is trustworthy. <P>COPYRIGHT: (C)2006,JPO&NCIPI</p> |