 Method, system, and program for returning a file requested through a network connection |
| OF THE PREFERRED EMBODIMENTS In the following description, reference is made to the accompanying ... |
|
| Control system with customizable menu structure for personal mobility vehicle |
| Referring now to the drawings, there is illustrated in FIG. 1 a diagrammatic representation of an ... |
|
| Intelligent network security device and method |
| I claim: 1. In a computer system connected to an external communications medium, a security device ... |
|
| Method for automatic intrusion detection and deflection in a network |
| OF THE INVENTION The present invention is of a method and a system for providing security to a ... |
|
| Enhanced browser application for service related to the transportation of a message |
| It is an object of the present invention to provide a universal browser, compatible with common ... |
|
| Representing and verifying network management policies using collective constraints |
| The foregoing needs and objects, and other needs and objects that will become apparent from the ... |
|
| Method and system for updating a root of trust measurement function in a personal computer |
| The present invention provides a method and system for updating a root of trust measurement ... |
|
|
Method and device for innoculating email infected with a virus
| Details |
Inventors: Maher, III, Robert Daniel; Forbes, Brian Michael; Lie, Milton Andre; Hervin, Mark Warden;
Assignee: Netrake Corporation (Plano, TX)
Primary Examiner: Caldwell; Andrew
Assistant Examiner: Fields; Courtney
Attorney, Agent or Firm: Cox; Craig J.
A method and device for detecting and inoculating emails infected with viruses are described. The method involves identifying a particular traffic and its associated data packets as an email session and scanning the associated data packets in order to compare their contents with a database of known signatures. If a match is found between the data packets and a signature of a known virus, it is determined if there is an attachment to the email. If an attachment is detected, some or all of the bits of the data packets associated with the attachment are altered, thereby rendering the infected attachment harmless. The network device includes memory for storing the database of known signatures and a content processor able to compare the contents of data packets with a database of known signatures. The content processor is also operable to alter some or all of the bits of the attachment to inoculate the email and attachment. |
|
DETAILED DESCRIPTION The present invention provides for a method and network device for detecting and inoculating emails infected with viruses.
The method identifies traffic flows, or sessions, that contain email and compares the contents of the associated data packets with a database of known signatures, which includes signatures of known viruses.
When an email session is identified that includes a match to a signature of a known virus, a determination is made whether the email includes an attachment.
If an attachment is found the method alters some or all of the bits of the data packets corresponding to the attachment, thereby rendering the attachment and the email harmless.
The match can be anywhere in the email, including the attachment itself and can consist of ASCII text in the subject line or body of the email, or can even be a binary string in the attachment.
The network device for detecting and inoculating viruses includes a memory where the database of known signatures is stored, the known signatures including signatures of known viruses.
A content processor is connected to the memory and is operable to compare the contents of the data packets with the database of known signatures.
If a match is detected and it is determined there is an attachment, the content processor is also operable to alter some or all of the bits of the data packets associated with the attachment.
New virus signatures can be easily added to the database of known signatures, which is then recompiled using a host processor and reloaded into the memory.
The foregoing has outlined, rather broadly, preferred and alternative features of the present invention so that those skilled in the art may better understand the detailed description of the invention that follows.
Additional features of the invention will be described hereinafter that form the subject of the claims of the invention.
Those skilled in the art will appreciate that they can readily use the disclosed conception and specific embodiment as a basis for designing or modifying other structures for carrying out the same purposes of the present invention
|
| Related patents |
|
|
Sliding scale adaptive self-synchronized dynamic address translation
In view of the above, it is an object of the present invention to provide a method of translating packets in a manner that would entice a would-be adversary to try to ...
|
|
|
Methods and systems for managing virtual addresses for virtual networks
Reference will now be made in detail to the exemplary embodiments of the invention, examples of which are illustrated in the accompanying drawings. Wherever possible, ...
|
|
|
Data carrier for the storage of data and circuit arrangement for such a data carrier
The invention claimed is: 1. A data carrier for the storage of data, which data carrier has a first interface for communication with a first communication device and ...
|
|
|
Exhaust valve for diesel engine and production thereof
OF THE INVENTION Embodiments of the invention will be explained in referrence to the attached drawings. FIG. 1 shows the exhaust valve according to the invention for D...
|
|
|
Computer system having a plurality of stored system capability states from which to resume
According to the present invention a computer system is provided that has a plurality of suspend files allowing multiple system states to be selectively saved and ...
|
|
|
Barrier synchronization method wherein members dynamic voting controls the number of synchronization phases of protocols and progression to each new phase
The shortcomings of the prior art are overcome and additional advantages are provided through the provision of a barrier synchronization mechanism. A group cf members, ...
|
|
|
System for transferring data specified in a transaction request as a plurality of move transactions responsive to receipt of a target availability signal
The present invention is a system and method for efficiently transporting blocks of data through a high speed, bus-like interconnect, where the burst transfer size ...
|
|
|
Method and apparatus for synchronization of data retrieval and presentation
The present invention includes a method and an apparatus for synchronization of data retrieval; this data may be video and audio data which includes a sequence of frames ...
|
|
|
Method and system for message transfer session management
In accordance with the invention, there is provided a method and system for managing transfer of message packets in a session between first and second nodes in a message ...
|
|
|
APPARATUS FOR DISTRIBUTING INFORMATION OVER A NETWORK-BASED ENVIRONMENT, METHOD OF DISTRIBUTING INFORMATION TO USERS, AND METHOD FOR ASSOCIATING CONTENT OBJECTS WITH A DATABASE WHEREIN THE CONTENT OBJECTS ARE ACCESSIBLE OVER A NETWORK COMMUNICATION MEDIUM
A system and method are provided to document and quantify demand for particular information that is a requested by an individual user by sampling a worldwide user ...
|
|
|
Processing Data 
