GB2357939A - E-mail virus detection and deletion - Google Patents
E-mail virus detection and deletion Download PDFInfo
- Publication number
- GB2357939A GB2357939A GB0016553A GB0016553A GB2357939A GB 2357939 A GB2357939 A GB 2357939A GB 0016553 A GB0016553 A GB 0016553A GB 0016553 A GB0016553 A GB 0016553A GB 2357939 A GB2357939 A GB 2357939A
- Authority
- GB
- United Kingdom
- Prior art keywords
- message
- scanning
- operable
- electronic mail
- attachments
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/212—Monitoring or handling of messages using filtering or selective blocking
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Information Transfer Between Computers (AREA)
Abstract
An anti-virus system for electronic mail messages having detection means for determining the presence of an electronic mail message and analysing and scanning means for detecting in the electronic mail message any tags indicating the presence of operable program code, such tags and operable code are removed from the electronic message before the message is delivered to the intended recipient. Means may also be provided for separately scanning the body and attachments of the message and for quarantining either body text or an attachment that is found to contain operable code until a decision is made whether the operable code should be deleted.
Description
2357939 ELECTRONIC MAIL MESSAGE ANTI-VIRUS SYSTEM AND METHOD This
invention relates to an electronic mail message anti-virus system and method.
Computers and computer networks are susceptible to attack from an HTML electronic mail message that contains a malicious code or the ability to trigger a program that could damage the computer system upon receipt of the electronic mail message. Anti-virus systems have been developed to detect such viruses which would other-wise infect a computer. Versions of anti-virus systems are known for detecting viruses transmitted by electronic mail. However, known anti-virus systems have been largely unsuccessful in combating viruses delivered by electronic mail for a number of reasons. First, known systems can only protect against known viruses. This may be done by scanning an incoming electronic mail messace for strinas of characters which are known to be included in known viruses. However, because such systems can only protect against known viruses and since electronic mail can spread viruses in a matter of hours, such systems are completely ineffective against electronic mail viruses as the anti-virus system cannot be updated with strings associated with the new virus before the computer is infected. Another problem with conventional electronic mail virus detection is that not all viruses are widespread. A virus may be created against a particular company, to obtain particular information from that company, for example, for industrial espionage. In that case, no measures can be taken to protect the system from the virus because the virus is not known until after the attack has occurred. Another problem with conventional anti- virus systems is that they scan only the attachment of an electronic mail message and not the electronic mail body itself However, electronic mail viruses may not only be contained in attachments but may be contained in the message body itself, in which case, a virus can be activated without the user opening an electronic mall attachment.
11) It is an object of the present invention to provide an anti-virus system and method which substantially overcome these limitations.
According to the present invention there is provided an anti-virus system 0 for an electronic mall messaae, the system including means for determining the W Z 0 presence of the electronic mail message, means for analysing and scanning the electronic mail messaae for tacs indicating the presence of operable program code Z:) W I= Z1-1) and for removing any such tags and operable pro-ram code from the electroMic 1 c c mail message., and means for applying the electronic mail message with the tags and operable program code removed to server means.
Preferably, the means for determining the presence of the electronic mail message includes means for breakine, the messaae into constituent bodies or I- W C) message texts and attachments of the electronic message, the means for analysi ig and scanning comprises rneans for scanning the constituent bodies a id attachments and the means for applying the electronic mail message with the tags and operable program code removed to server means includes means 16r rebuildine, the electronic messae from the constituent bodies and attachments.
Conveniently, the means for analysing and scanning comprises means flor scannine, the message for predetermined character strings.
Advantageously, the means for applying the electronic mail message with the tags and operable program code removed to server means includes means f or 1 replacing the removed tag and operable program code with alternative text.
1 Z_ Preferably the alternative text is adapted to inform a recipient of message that operable program code has been removed.
W 1 Advantageously the means for analysing and scanning includes means f IF scanning attachments for operable macros.
Advantageously the system further comprises quarantine means for quarantining a constituent body containing operable program code and/or W removin. from the message and quarantining an attachment containing a macro.
c Z Z 0 Preferably the quarantine means includes rneans for removing a mac,o from an attachment, quarantining the rnacro and releasing the attachment with the macro removed.
Preferably the quarantine means includes means for storing the body, attachment or macro in a quarantine storage location as a quarantined item. meals for receiving a input indicating a decision whether the quarantined item may be delivered to an intended recipient; and dependant on the decision input either releasing the quarantined item for delivery to the intended recipient or deleting the quarantined item.
Conveniently, the quarantine rneans includes means, on deleting the quarantined item, for informing the intended recipient and/or a sender of the 1.
message that the quarantined item has been deleted without being delivered to the intended recipient.
Conveniently the means for scanning attachments for operable macros 1 comprises means for sequentially scanning the attachments for a plurality of predetermined character strings.
Preferably, the means for scanning attachments for a plurality of predetermined character strings includes means for terminating scanning when 0 one of the predetermined strings is not found on completely scanning the C5 attachment.
Conveniently, the means for determining the presence of the electronic mail message is adapted to capture all electronic mall messages passing between a first network and a second network.
Advantageously, the means for determining the presence of the electronic g 0 mail messacre is adapted to capture all electronic mail messages passing between W an internal or private network and an external or public network.
Accordine, to a second aspect of the present invention there is provided a method of removing a virus from an electronic mail message including the steps Z> 0 C1) of (a) capturing the message- (b) scanning the message for tags indicating the presence of operable program code; (c) removing the tags and operable program 0 I= 0 0 code from the electronic rnail message., and (d) releasing the electronic mail message with the tags and operable program code removed.
1 0 Alternatively, step (c) comprises quarantining a message or a part of a message containing operable program code.
0 4 Preferably step (a) includes the step of breaking the message ir to constituent bodies or message texts and attachments of the electronic rnessa e; step (b) comprises scanning the constituent bodies and attachments and step i.d) includes the step of rebuilding, the electronic message from the constituent boffies W and attachments.
Conveniently step (b) comprises scanning the message for predetermined character strings.
Advantageously step (c) includes replacing the removed tag and operable Z:1 program code with alternative text.
Preferably the alternative text is adapted to inform a recipient of the messao,e that operable program code has been removed.
Advantageously step (b) includes scanning attachments for opera41e macros and step (c) comprises removing from the message and quarantining a 1 0 y macros or, alternatively, any attachments containing macros.
Preferably the step of quarantining a constituent body, attachment or macro comprises the steps of.. storing the constituent body, attachment or macro in a quarantine storage location as a quarantined item. receiving a decision whetter the quarantined item rnay be delivered to an intended recipient.' and dependant on the decision either releasing the quarantined itern for delivery to the intendd recipient or deleting the quarantined item.
0 Conveniently, the step of deleting the quarantined item includes informing the intended recipient and/or a sender of the message that the quarantined item has W been deleted without beina delivered to the intended recipient.
0 Conveniently the step of scanning, attachments for operable maer:)s 1 includes sequentially scanning the attachments for a plurality of predeterminA character strinas.
Preferably, the step of scanning attachments for a plurality of Z_ predetermined character strings is terminated when one of the predeterminA strings is not found on completely scanning the attachment.
Conveniently, step (a) comprises capturln-a, all electronic mail messages passing between a first network and a second network.
Advantageously, step (a) comprises capturing all electronic mail messages 1 C passing between an internal oi- private network and an external or public network.
Z According to a third aspect of the invention, there is provided a computer program comprisinC, code means for performing all the steps of the method described above when the program is run on one or more computers.
Conveniently the computer program is embodied on a computer-readable medium.
According to a fourth aspect of the present invention, there is provided a computer program product comprising program code means stored in a computer-readable medium for performing the method described above when that program product is run on one or more computers.
An advantage of the present invention is that it does not seek to determine whether program coding included with an electronic message is malicious or not, 0 c Z:1 but removes the capability of such an electronic mail message to execute the program or commands. That is, all electronic mail messages scanned that contain program code or instructions to run programs, are re-written in such a way that this capability is removed from the electronic mall message, or the message or =1 part of the message containing the operable code is quarantined. This secures the recipient against all current, future and one-off viruses.
W A specific embodiment of the invention will now be described by of example, with reference to accompanying drawings, in which:
Z> Z FIG 1 shows a flowchart of a rnethod, according to the present invention, c of removing operable program code from a body or attachment of an electronic 0 => mail messacre; 0 FIG 2 shows a flowchart of a rnethod according to the invention of Z.
removing macros or attachments which contain macros from an electronic mail message; 6 FIG 3 shows a flowchart of steps of the method of FIG 2 for determinir g i whether an electronic mall message contains a Microsoft Word T"1 macro; 1 FIG 4 shows a flowchart of steps of the method of FIG 2 for deteri-ninir whether an electronic rnall messaue contains a Microsoft Excel"'\' macro.
FIG 5 shows a block diagram of building blocks used in the method of the invention; FIG 6 shows the flow of electronic mall messages through a computer Z.
system employing the method of FIGS 1 & 2. and C5 1 FIG 7 shows steps in quarantining attachments of the method of FIG 2.
In the drawings, like numerals denote like steps.
W FIG 1 Illustrates an application of the invention in which the method of tie invention is used in a gateway or electronic mall server, between a user's network and a public network, for example. However, it will be appreciated that te invention may be used to protect a single computer. As illustrated in FIG 1, M electronic message received by the electronic rnall server, step 101, is isolated, or captured, step 102. The captured electronic mail rriessage is divided up, step 103, into its constituent bodies of message text 110,111 and attachments 112, 113. An electronic mall message can have multiple bodies, also known as message text, and multiple attachments, but only two of each are illustrated in FIG 1. T[e bodies and attachments are sequentially scanned, step 104, to determine wheth( any of the said bodies or attachments contains a character string indicating tl presence of operable program code. That is, the program scans the body attachment for a tag or tags which identify program code that will be run c C) Z> W viewing the electronic mall message or code that will run an external prograj executed once the electronic rnail message is viewed. For example, in the currei version of HTIVIL the tag---scripts"identifies program code. The presence of suc a tag means that an electronic rnall message can potentially run an extern program or tricroer a program. It will be understood that for future or differei W.n versions of HTML, there may be more or different names for identifying scril code. However, amending, the method at step 104 to scan for such differei 1 7 character scripts is a trivial task compared with the impossibility of updating known anti-virus systems with character strings from all viruses in advance. If a script tag is found in an embodiment or attachment, the program is removed, step 105, from the body or attachment and preferably replaced with replacement text.
Such replacement text may indicate to the eventual recipient of the electronic mall message that operable code has been removed. The electronic mall message is reassembled, step 106, by the electronic mall analyser program, that is, the electronic mall messaOre is reconstituted from the separate bodies and the attachments reattached so the electronic mall messa-e is recreated. The electronic mail message is passed, at step 107, back to the electronic mail server for forwardina,, step 108, to the intended recipient. The intended recipient, therefore, receives a cleaned electronic rnall message, which has no capability of running any pro-rams and is, therefore, completely secure. Alternatively, the message containing script tag may be quarantined until subsequently released or deleted.
Simultaneously, or sequentially, the attachments are scanned to determine the presence of macros, as illustrated in FIG 2. As already described in relation to FIG 1, incoming or outgoing electronic mail messacles are received by the 0 CY electronic mail server, step 201, and an electronic mail message is isolated, step 202, and any attachments 212,213 are removed, step 203), from the electronic mail 20 message and sequentially scanned to determine whether the attachments contain macros, step 214. If a macro is detected within an attachment, the attachment may either be deleted, step 2 15, or quarantined, step 2 16. Alternatively, the macro may be quarantined and the attachment released with the macro removed. If the macro or attachment is quarantined, a decision will subsequently be made, step 217, 25 whether the macro or attachment should be deleted, or reassembled and reattached to the electronic mall message, step 218, or forwarded by other means to the intended recipient. If no macros are found in the attachment, then the attachment is reattached to the electronic mail message, step 218, and the electronic mail message is passed back to the electronic mail server, step 219, for forwarding, step 30 220, to the intended recipient. If an attachment has been deleted then a new attachment may be attached to the electronic mail message indicating to the Z1 0 intended recipient that the original attachment has been removed. In this manner, the method of the invention automatically removes any attachments from an 8 electronic mail messaoe which have the capability of runniner program codes 3r Z.) W external programs by using macros. That is, all macros or attachments containilig macros are removed and deleted, or at least quarantined, whether they are harmIlil or not. 1 As shown in FIG '), If, for example, the analyser determines that an attachment is a Microsoft Word T" document, the attachment is searchid sequentially for a number of character strings, thus the attachment is initially searched, step 3 0 1, for the character string "Root Entry". If the character string is not found, it is thereby determined that the attachment does not contain a macto and the attachment is released for rebuilding the message, step 218. If, howev(r, the string is found, the attachment is rescanned, step 302, for string "VBA" and is in the previous step, if the string is not found, the attachment is released, otherwise the attachment is rescanned sequentially in the same manner for tile string "PROJECT", step 303, and "DocumentSummaryInformation", step 304. If the attachment is found to contain all four of the strings, the attachment is eith-.r deleted, step 215, or quarantined, step 216.
Similarly, FIG 4 shows the procedure where the analysing program determines that the attachment is a Microsoft EXCeIT "-" document, in which the attachment is sequentially tested fo r the strings "Root Entry "DocumentSummarylnformation", "Macros", "VBK' and "PROJECT", steps
401-405. Once again, if the attachment is found to contain all five of these strings, it is determined that the attachment contains a macro and the attachment is either deleted, step 215, or quarantined, step 216. Alternatively, just the macro may he detached and quarantined. It will be appreciated that if other known types of documents are detected they may be scanned in similar ways for appropria e character strings.
A block diaoram of buildina blocks used in the method of the invention s shown in FIG 5. A capture and release server component 502 transports mail inio and out of the analysing system. The server component interfaces with - n external mailing system 501, such as Microsoft Exchange Server, Lotus Notes or SMT/POP 3 servers. This server component interface enables the electronic mail analyser to capture all incoming and outgoing rnall and places incoming mail 5C 3 9 and outgoing mail 504, in a process queue 505. An electronic mail analysing component 506 analyses electronic mail messages from the processing queue 505 sequentially. This electronic mail analysing component consists of a backbone which controls a number of smaller modules which perform specific actions on 5 the electronic mail message, such as a module for breaking the message into parts 507, a module for searching for character strings or keywords 508 that identify program code and a module for checking attachments for macros 509. These socalled plug-in modules provide all the electronic mall processing intelligence to the system, and the backbone manages the message process queue. The electronic mail analyser therefore submits each of the electronic mail messages to the plugins in turn. In addition to those already described, there may be additional plugins for decrypting the message body as well as, for example, checking the message content. Once an electronic mall message has been processed by all the plug-ins, the electronic mall analyser returns the message to the capture and release server component which releases a virus-free message to the external mailing system for delivery to the intended recipient.
As shown in FIG 6, the electronic mail analysing component, 506, is a central part of the overall system and a capture and release server component 502, both passes electronic mail message from an external electronic mail system 501 to the electronic mail analysing component 506, and after processing, the server component 502 passes an electronic mail message 5 10 back to the electronic mail system.
In certain circumstances a user may, for example, wish to be able to receive electronic mail attachments containing macros from, for example, particular known users. It will be understood that user settings may be stored in the electronic rnail analysing component, 506 to specify whether embedded HTNfL scripts and macros are to be removed from all electronic mail messages or whether exceptions are to be made for messages received from or sent to particular users. In such a situation, the systern would first check whether user settings exist for the particular sender and recipient of a captured message and if so the user settings would be applied and if not, default settings would be used.
As best shown in FIG 7, an electronic mail message having program coe or attachments having program code or containing macros, is passed by quarantine component 701 into quarantine 700. The quarantined message message component is held while an authorised person is notified 702 to reject approve the message, the authorised person being chosen from a list 703 persons qualified to approve or reject quarantined rnail. Dependent on decision made, the quarantined rnessage may be rejected, step 704, and delete step 705, in which case, optionally, the sender and/or recipient may be notifi 706 that the message or message or component lias been deleted. Alternative step 707, the quarantined message is approved and the message or compon passed back to the server component, step 708, for delivery to the intend recipient.
Claims (31)
1. An anti-virus system for an electronic mail message, the system including means for determining the presence of the electronic mail message; means for analysing and scanning the electronic mail message for tags indicating the presence of operable program code and for removing any such tags and operable program code from the electronic mail message- and means for applying the electronic mail message with the tags and operable program code removed to server means.
2. An anti-virus system as claimed in claim 1, wherein the means for determining the presence of the electronic mail message includes means for breaking the message into constituent bodies or message texts and attachments of the electronic message; the means for analysing and scanning comprise means for scanning the constituent bodies and attachments and the means for applying the electronic mail message with the tags and operable program code removed to server means includes means for rebuilding the electronic message from the constituent bodies and attachments.
3. An anti-virus system as claimed in claims 1 or 2, wherein the means for analysing and scanning comprises means for scanning the message for predetermined character strings.
4. An anti-virus system as claimed in any of the preceding claims, wherein the means for applying the electronic mail message with the tags and operable program code removed to server means includes means for replacing the removed tag and operable program code with alternative text.
5. An anti-virus system as claimed in claim 4, wherein the means for replacing with alternative text is adapted to replace with alternative text for informing a recipient of the message that operable program code has been removed.
12
6. An anti-virus system as claimed in any of claims 2 to 5, wherein the means for analysing and scanning includes means for scanning attachments for operable macros.
7. An anti-virus system as claimed in claims 2 to 6, wherein the system further comprises quarantine means for quarantining a constituent body contail ling operable program code and/or removing from the message and quarantining an attachment containing a macro or operable program code.
8. An anti-virus system as claimed in claim 7, wherein the quarantine m(ans includes means for removing a macro from an attachment, quarantining the macro and releasing the attachment with the macro removed. -
9. An anti-virus system as claimed in claims 7 or 8, wherein the quaramine, means includes means for storing the body, attachment or macro in a quaran, ine storage location as a quarantined item; means for receiving a input indicating a decision whether the quarantined item may be delivered to an intended recipient; and dependant on the decision input either releasing the quarantined item for delivery to the intended recipient with or without the operable code removed or deleting the quarantined item.
10. An anti-virus system as claimed in claims 7 or 9, wherein the quaranline means includes means, on deleting the quarantined item, for informing the intended recipient and/or a sender of the message that the quarantined item ms been deleted without being delivered to the intended recipient.
11. An anti-virus system as claimed in claims 2 to 10, wherein the means r scanning attachments for operable macros comprises means for sequentially scanning the attachments for a plurality of predetermined character strings.
12. An anti-virus system as claimed in claim 11, wherein the means Sor scanning attachments for a plurality of predetermined character strings includes means for terminating scanning when one of the predetermined strings is iiot found on completely scanning the attachment.
13 13. An anti-virus system as claimed in any of the preceding claims, wherein the means for determining the presence of the electronic mail message is adapted to capture electronic mail messages passing between a first network and a second network.
14. An anti-virus system as claimed in claim 13, wherein the means for determining the presence of the electronic mail message is adapted to capture electronic mail messages passing between an internal or private network and an external or public network.
15. A method for removing a virus from an electronic mail message including the steps of (a) capturing the message; (b) scanning the message for tags indicating the presence of operable program code; (c) removing the tags and operable program code from the electronic mail message; and (d) releasing the electronic mail message with the tags and operable program code removed.
16. A method as claimed in claim 15, wherein step (c) comprises quarantining 15 a message or a part of a message containing operable program code.
17. A method as claimed in claims 15 or 16, wherein step (a) includes the step of breaking the message into constituent bodies or message texts and attachments of the electronic message; step (b) comprises scanning the constituent bodies and attachments and step (d) includes the step of rebuilding the electronic message 20 from the constituent bodies and attachments.
18. A method as claimed in claims 15 to 17, wherein step (b) comprises scanning the message for predetermined character strings.
19. A method as claimed in claims 15 to 18, wherein step (c) includes replacing the removed tag and operable program code with alternative text.
20. A method a claimed in claim 19, wherein the step of replacing the removed tag And operable code with alternative text comprises using the alternative text to inform a recipient of the message that operable program code has been removed.
14
21. A method as claimed in claims 17 to 20, wherein step (b) inclu les scanning attachments for operable macros and step (c) comprises removing from the message and quarantining any macros and/or any attachments contain. ng macros.
22. A method as claimed in claims 16 to 2 1, wherein the step of quarantinin 3; a constituent body, attachment or macro comprises the steps of.. storing he constituent body, attachment or macro in a quarantine storage location as a quarantined item; receiving a decision whether the quarantined item may be delivered to an intended recipient; and dependant on the decision either releasing 10 the quarantined item for delivery, with or without the operable code or mago deleted, to the intended recipient or deleting the quarantined item.
23. A method as claimed in claim 22, wherein the step of deleting Ihe quarantined item includes informing the intended recipient and/or a sender of message that the quarantined item has been deleted without being delivered to 1 c 15 intended recipient.
24. A method as claimed in claims 21 to 23, wherein the step of scanni g attachments for operable macros includes sequentially scanning the attachmel ts 1 t for a plurality of predetermined character strings.
25. A method as claimed n claim 24, wherein the step of scanning attachmer ts for a plurality of predetermined character strings is terminated when one of t ' e predetermined strings is not found on completely scanning the attachment.
26. A method as claimed in any of claims 15 to 25, wherein step (a) compris s capturing electronic mail messages passing between a first network and a seco d network.
27. A method as claimed in claim 26, wherein step (a) comprises capturbig electronic mail messages passing between an internal or private network and an external or public network.
1 28. A computer program comprising code means for performing all the steps of the method of any of claims 15 to 27 when the program is run on one or more computers.
27. A computer program as claimed in claim 28, wherein the computer 5 program is embodied on a computer-readable medium.
28. A computer program product comprising program code means stored in a computer-readable medium for performing the method of any of claims 15 to 27 when that program product is run on one or more computers.
29. An anti-virus system substantially as hereinbefore described with reference 10 to and as illustrated in the accompanying drawings.
30. A method substantially as hereinbefore described with reference to and as illustrated in the accompanying drawings.
31. A computer program substantially as hereinbefore described with referer ce to and as illustrated in the accompanying drawings.
31. A computer program substantially as hereinbefore described with reference to and as illustrated in the accompanying drawings.
Amendments to the claims have been filed as follows CLAIMS 1. An anti-virus system for an electronic mail message, the system including: means for determining the presence of the electronic mail message; means fDr analysing and scanning the electronic mail message for tags indicating tie presence of operable program code and for removing any such tags and operatle program code from the electronic mail message; means for replacing the removed tag and operable program code with alternative text; and means for applying the electronic mail message, with the tags and operable program code replaced, o 10 server means.
2. An anti-virus system as claimed in claim 1, wherein the means f)r replacing with alternative text is adapted to replacing with alternative text informing a recipient of the message that operable program code has b removed.
3. An anti-virus system as claimed in claim 1 or 2, wherein the means f)r determining the presence of the electronic mall message includes means)r breaking the message into constituent bodies or message texts and attachments.)f the electronic message; the means for analysing and scanning comprise means for scanning the constituent bodies and attachments and the means for applying the electronic mall message with the tags and operable program code replaced o server means includes means for rebuilding the electronic message from the constituent bodies and attachments.
4. An anti-virus system as claimed in any of the preceding claims, where n the means for analysing and scanning comprises means for scanning the messa e for predetermined character strings.
5. An anti-virus system as claimed in claims 3) to 4, wherein the means for analysing and scanning includes means for scanning attachments for operable macros.
11 6. An anti-virus system as claimed in claims 3 to 5, wherein the system further comprises quarantine means for quarantining a constituent body containing operable program code instead of, or as well as, replacing the operable program code and applying the constituent body to the server means, and/or removing from the message and quarantining an attachment containing a macro or an attachment containing operable program code.
7. An anti-virus system as claimed in claim 6, wherein the quarantine means includes means for removing a macro from an attachment, quarantining the macro and releasing the attachment with the macro removed.
8. An anti-virus system as claimed in claims 6 or 7, wherein the quarantine means includes means for storing the constituent body, attachment or macro in a quarantine storage location as a quarantined item; means for receiving a input indicating a decision whether the quarantined item may be delivered to an intended recipient; and dependant on the decision input either releasing the quarantined item for delivery to the intended recipient with or without the operable code removed or deleting the quarantined item.
9. An anti-virus system as claimed in claims 6 to 8, wherein the quarantine means includes means, on deleting the quarantined item, for informing the intended recipient and/or a sender of the message that the quarantined item has been deleted without being delivered to the intended recipient.
10. An anti-virus system as claimed in claim 5, wherein the means for scanning attachments for operable macros comprises means for sequentially scanning the attachments for a plurality of predetermined character strings.
11. An anti-virus system as claimed in claim 10, wherein the means for scanning attachments for a plurality of predetermined character strings includes means for terminating scanning when one of the predetermined strings is not found on completely scanning the attachment.
12. An anti-virus system as claimed in any of the preceding claims, wherein 0 the means for determining the presence of the electronic mail message is adapted 18 to capture electronic mail messages passing between a first network and a seccnd network.
13. An anti-virus system as claimed in claim 12, wherein the means 7br determining the presence of the electronic mall message is adapted to captilre electronic mail messages passing between an internal or private network and an external or public network.
14. A method for removing a virus from an electronic mail message including the steps of (a) capturing the message; (b) scanning the message for t2gs indicating the presence of operable program code; (c) removing the tags and operable program code from the electronic mail message and replacing the removed tag and operable program code with alternative text; and (d) releasing the electronic mail message with the tags and operable program code replaced.
15. A method a claimed in claim 14, wherein the step of replacing die removed tag and operable code with alternative text comprises using die alternative text to inform a recipient of the message that operable program co le has been replaced.
16. A method as claimed in claim 14 or 15, wherein step (c) comprises quarantining a message or a part of a message containing operable program code.
0 17. A method as claimed in claim 16, wherein the step of quarantining a message or part of a message comprises the steps of.. storincr a constituent bocy, attachment and/or a macro of the message in a quarantine storage location as a quarantined item; receiving a decision whether the quarantined item may be delivered to an intended recipient; and dependant on the decision either releasilig the quarantined item for delivery, with or without the operable code or macro deleted, to the intended recipient or deleting the quarantined item.
18. A method as claimed in claim 17, wherein the step of deleting t ie quarantined item includes informing the intended recipient and/or a sender of t le message that the quarantined item has been deleted without being delivered to t le intended recipient, 19 19. A method as claimed in any of claims 14 or 18, wherein step (a) includes the step of breaking the message into constituent bodies or message texts and attachments of the electronic message; step (b) comprises scanning the constituent bodies and attachments and step (d) includes the step of rebuilding the electronic message from the constituent bodies and attachments.
20. A method as claimed in any of claims 14 to 19, wherein step (b) comprises scanning the message for predetermined character strings.
21. A method as claimed in claims 19 to 20, wherein step (b) includes scanning attachments for operable macros and step (c) comprises removing from the message and quarantining any macros and/or any attachments containing macros.
22. A method as claimed in claims 19 to 21, wherein the step of scanning attachments for operable macros includes sequentially scanning the attachments for a plurality of predetermined character strings.
23. A method as claimed in claim 22, wherein the step of scanning attachments for a plurality of predetermined character strings is terminated when one of the predetermined strings is not found on completely scanning the attachment.
24. A method as claimed in any of claims 14 to 23, wherein step (a) comprises capturing electronic mail messages passing between a first network and a second network.
25. A method as claimed in claim 24, wherein step (a) comprises capturing electronic mail messages passing between an internal or private network and an external or public network.
26. A computer program comprising code means for performing all the steps of the method of any of claims 14 to 25 when the program is run on one or more computers.
27. A computer program as claimed in claim 26, wherein the computer program is embodied on a computer-readable medium.
2-0 28. A computer program product comprising program code means stored in a computer-readable medium for performing the method of any of claims 14 to 25 when that program product is run on one or more computers.
29. An anti-virus system substantially as hereinbefore described with referei ce 5 to and as illustrated in the accompanying drawings.
30. A method substantially as hereinbefore described with reference to and as illustrated in the accompanying drawings.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB0016553A GB2357939B (en) | 2000-07-05 | 2000-07-05 | Electronic mail message anti-virus system and method |
| US09/812,409 US20020004908A1 (en) | 2000-07-05 | 2001-03-20 | Electronic mail message anti-virus system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB0016553A GB2357939B (en) | 2000-07-05 | 2000-07-05 | Electronic mail message anti-virus system and method |
Publications (3)
| Publication Number | Publication Date |
|---|---|
| GB0016553D0 GB0016553D0 (en) | 2000-08-23 |
| GB2357939A true GB2357939A (en) | 2001-07-04 |
| GB2357939B GB2357939B (en) | 2002-05-15 |
Family
ID=9895105
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB0016553A Expired - Lifetime GB2357939B (en) | 2000-07-05 | 2000-07-05 | Electronic mail message anti-virus system and method |
Country Status (2)
| Country | Link |
|---|---|
| US (1) | US20020004908A1 (en) |
| GB (1) | GB2357939B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2002084495A1 (en) | 2001-04-13 | 2002-10-24 | Nokia, Inc. | System and method for providing exploit protection for networks |
| EP1671232A2 (en) * | 2003-10-10 | 2006-06-21 | Aladdin Knowledge Systems, Ltd. | A method and system for preventing exploiting an email message |
| GB2427048A (en) * | 2005-06-09 | 2006-12-13 | Avecho Group Ltd | Detection of unwanted code or data in electronic mail |
| EP1897323A1 (en) * | 2005-06-30 | 2008-03-12 | Nokia Corporation | System and method for using quarantine networks to protect cellular networks from viruses and worms |
| WO2008068450A3 (en) * | 2006-12-04 | 2008-08-07 | Glasswall Ip Ltd | Improvements in resisting the spread of unwanted code and data |
| WO2011148122A1 (en) * | 2010-05-27 | 2011-12-01 | Qinetiq Limited | Content - checking of embedded content in digitally encoded documents |
| US9330264B1 (en) | 2014-11-26 | 2016-05-03 | Glasswall (Ip) Limited | Statistical analytic method for the determination of the risk posed by file based content |
| WO2017019717A1 (en) * | 2015-07-30 | 2017-02-02 | Microsoft Technology Licensing, Llc | Dynamic attachment delivery in emails for advanced malicious content filtering |
| US9729513B2 (en) | 2007-11-08 | 2017-08-08 | Glasswall (Ip) Limited | Using multiple layers of policy management to manage risk |
| US9832222B2 (en) | 2013-10-04 | 2017-11-28 | Glasswall (Ip) Limited | Anti-malware mobile content data management apparatus and method |
Families Citing this family (74)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7089591B1 (en) | 1999-07-30 | 2006-08-08 | Symantec Corporation | Generic detection and elimination of marco viruses |
| US7096381B2 (en) * | 2001-05-21 | 2006-08-22 | Self Repairing Computer, Inc. | On-the-fly repair of a computer |
| US20060277433A1 (en) * | 2000-05-19 | 2006-12-07 | Self Repairing Computers, Inc. | Computer having special purpose subsystems and cyber-terror and virus immunity and protection features |
| US7111201B2 (en) * | 2000-05-19 | 2006-09-19 | Self Repairing Computers, Inc. | Self repairing computer detecting need for repair and having switched protected storage |
| US20020138586A1 (en) * | 2001-03-22 | 2002-09-26 | International Business Machines Corporation | Reducing network congestion by decoupling attachments from electronic mail |
| WO2002093334A2 (en) * | 2001-04-06 | 2002-11-21 | Symantec Corporation | Temporal access control for computer virus outbreaks |
| JP2004532473A (en) * | 2001-05-10 | 2004-10-21 | アタボック株式会社 | Modification of e-mail system to achieve secure delivery system |
| US7392541B2 (en) * | 2001-05-17 | 2008-06-24 | Vir2Us, Inc. | Computer system architecture and method providing operating-system independent virus-, hacker-, and cyber-terror-immune processing environments |
| US7849360B2 (en) * | 2001-05-21 | 2010-12-07 | Vir2Us, Inc. | Computer system and method of controlling communication port to prevent computer contamination by virus or malicious code |
| US7673342B2 (en) * | 2001-07-26 | 2010-03-02 | Mcafee, Inc. | Detecting e-mail propagated malware |
| US7263561B1 (en) * | 2001-08-24 | 2007-08-28 | Mcafee, Inc. | Systems and methods for making electronic files that have been converted to a safe format available for viewing by an intended recipient |
| US7640361B1 (en) | 2001-08-24 | 2009-12-29 | Mcafee, Inc. | Systems and methods for converting infected electronic files to a safe format |
| US7302706B1 (en) * | 2001-08-31 | 2007-11-27 | Mcafee, Inc | Network-based file scanning and solution delivery in real time |
| US7536598B2 (en) * | 2001-11-19 | 2009-05-19 | Vir2Us, Inc. | Computer system capable of supporting a plurality of independent computing environments |
| US7788699B2 (en) * | 2002-03-06 | 2010-08-31 | Vir2Us, Inc. | Computer and method for safe usage of documents, email attachments and other content that may contain virus, spy-ware, or malicious code |
| GB2383444B (en) * | 2002-05-08 | 2003-12-03 | Gfi Software Ltd | System and method for detecting a potentially malicious executable file |
| US7237008B1 (en) * | 2002-05-10 | 2007-06-26 | Mcafee, Inc. | Detecting malware carried by an e-mail message |
| US7155742B1 (en) | 2002-05-16 | 2006-12-26 | Symantec Corporation | Countering infections to communications modules |
| US7367056B1 (en) | 2002-06-04 | 2008-04-29 | Symantec Corporation | Countering malicious code infections to computer files that have been infected more than once |
| US7418729B2 (en) * | 2002-07-19 | 2008-08-26 | Symantec Corporation | Heuristic detection of malicious computer code by page tracking |
| US7380277B2 (en) | 2002-07-22 | 2008-05-27 | Symantec Corporation | Preventing e-mail propagation of malicious computer code |
| US7478431B1 (en) | 2002-08-02 | 2009-01-13 | Symantec Corporation | Heuristic detection of computer viruses |
| US7469419B2 (en) * | 2002-10-07 | 2008-12-23 | Symantec Corporation | Detection of malicious computer code |
| US7159149B2 (en) * | 2002-10-24 | 2007-01-02 | Symantec Corporation | Heuristic detection and termination of fast spreading network worm attacks |
| US7343626B1 (en) * | 2002-11-12 | 2008-03-11 | Microsoft Corporation | Automated detection of cross site scripting vulnerabilities |
| US7249187B2 (en) * | 2002-11-27 | 2007-07-24 | Symantec Corporation | Enforcement of compliance with network security policies |
| US7631353B2 (en) * | 2002-12-17 | 2009-12-08 | Symantec Corporation | Blocking replication of e-mail worms |
| US7296293B2 (en) * | 2002-12-31 | 2007-11-13 | Symantec Corporation | Using a benevolent worm to assess and correct computer security vulnerabilities |
| US7203959B2 (en) | 2003-03-14 | 2007-04-10 | Symantec Corporation | Stream scanning through network proxy servers |
| US7325196B1 (en) * | 2003-06-16 | 2008-01-29 | Microsoft Corporation | Method and system for manipulating page control content |
| US7325197B1 (en) * | 2003-06-16 | 2008-01-29 | Microsoft Corporation | Method and system for providing page control content |
| US8271774B1 (en) | 2003-08-11 | 2012-09-18 | Symantec Corporation | Circumstantial blocking of incoming network traffic containing code |
| US20100005531A1 (en) * | 2004-12-23 | 2010-01-07 | Kenneth Largman | Isolated multiplexed multi-dimensional processing in a virtual processing space having virus, spyware, and hacker protection features |
| US7337327B1 (en) | 2004-03-30 | 2008-02-26 | Symantec Corporation | Using mobility tokens to observe malicious mobile code |
| US7373667B1 (en) | 2004-05-14 | 2008-05-13 | Symantec Corporation | Protecting a computer coupled to a network from malicious code infections |
| US7484094B1 (en) | 2004-05-14 | 2009-01-27 | Symantec Corporation | Opening computer files quickly and safely over a network |
| US7370233B1 (en) | 2004-05-21 | 2008-05-06 | Symantec Corporation | Verification of desired end-state using a virtual machine environment |
| US7756930B2 (en) * | 2004-05-28 | 2010-07-13 | Ironport Systems, Inc. | Techniques for determining the reputation of a message sender |
| US7873695B2 (en) * | 2004-05-29 | 2011-01-18 | Ironport Systems, Inc. | Managing connections and messages at a server by associating different actions for both different senders and different recipients |
| US7917588B2 (en) * | 2004-05-29 | 2011-03-29 | Ironport Systems, Inc. | Managing delivery of electronic messages using bounce profiles |
| US7849142B2 (en) * | 2004-05-29 | 2010-12-07 | Ironport Systems, Inc. | Managing connections, messages, and directory harvest attacks at a server |
| US7870200B2 (en) | 2004-05-29 | 2011-01-11 | Ironport Systems, Inc. | Monitoring the flow of messages received at a server |
| US8166310B2 (en) * | 2004-05-29 | 2012-04-24 | Ironport Systems, Inc. | Method and apparatus for providing temporary access to a network device |
| US8707251B2 (en) * | 2004-06-07 | 2014-04-22 | International Business Machines Corporation | Buffered viewing of electronic documents |
| US7748038B2 (en) * | 2004-06-16 | 2010-06-29 | Ironport Systems, Inc. | Method and apparatus for managing computer virus outbreaks |
| US9154511B1 (en) | 2004-07-13 | 2015-10-06 | Dell Software Inc. | Time zero detection of infectious messages |
| US7343624B1 (en) | 2004-07-13 | 2008-03-11 | Sonicwall, Inc. | Managing infectious messages as identified by an attachment |
| US7444521B2 (en) * | 2004-07-16 | 2008-10-28 | Red Hat, Inc. | System and method for detecting computer virus |
| US7441042B1 (en) | 2004-08-25 | 2008-10-21 | Symanetc Corporation | System and method for correlating network traffic and corresponding file input/output traffic |
| US7690034B1 (en) | 2004-09-10 | 2010-03-30 | Symantec Corporation | Using behavior blocking mobility tokens to facilitate distributed worm detection |
| US7565686B1 (en) | 2004-11-08 | 2009-07-21 | Symantec Corporation | Preventing unauthorized loading of late binding code into a process |
| US8104086B1 (en) | 2005-03-03 | 2012-01-24 | Symantec Corporation | Heuristically detecting spyware/adware registry activity |
| EP1875662A2 (en) * | 2005-04-08 | 2008-01-09 | Vir2us, Inc. | Computer and method for safe usage of documents, email attachments and other content that may contain virus, spy-ware, or malicious code |
| US8316446B1 (en) | 2005-04-22 | 2012-11-20 | Blue Coat Systems, Inc. | Methods and apparatus for blocking unwanted software downloads |
| CN101558398B (en) * | 2005-05-05 | 2012-11-28 | 思科埃恩波特系统有限公司 | Detecting unwanted electronic mail messages based on probabilistic analysis of referenced resources |
| US7895651B2 (en) * | 2005-07-29 | 2011-02-22 | Bit 9, Inc. | Content tracking in a network security system |
| US8272058B2 (en) * | 2005-07-29 | 2012-09-18 | Bit 9, Inc. | Centralized timed analysis in a network security system |
| US8984636B2 (en) * | 2005-07-29 | 2015-03-17 | Bit9, Inc. | Content extractor and analysis system |
| US20070028291A1 (en) * | 2005-07-29 | 2007-02-01 | Bit 9, Inc. | Parametric content control in a network security system |
| JP2009512939A (en) * | 2005-10-21 | 2009-03-26 | ヴァー2アス インコーポレイテッド | Computer security method having operating system virtualization that allows multiple operating system instances to securely share a single machine resource |
| JP2007183838A (en) * | 2006-01-06 | 2007-07-19 | Fujitsu Ltd | Query parameter output page discovery program, query parameter output page discovery method, and query parameter output page discovery device |
| US8239915B1 (en) | 2006-06-30 | 2012-08-07 | Symantec Corporation | Endpoint management using trust rating data |
| US20080127348A1 (en) * | 2006-08-31 | 2008-05-29 | Kenneth Largman | Network computer system and method using thin user client and virtual machine to provide immunity to hacking, viruses and spy ware |
| US20080215852A1 (en) * | 2006-08-31 | 2008-09-04 | Kenneth Largman | System and Device Architecture For Single-Chip Multi-Core Processor Having On-Board Display Aggregator and I/O Device Selector Control |
| WO2008092031A2 (en) | 2007-01-24 | 2008-07-31 | Vir2Us, Inc. | Computer system architecture having isolated file system management for secure and reliable data processing |
| US8631227B2 (en) * | 2007-10-15 | 2014-01-14 | Cisco Technology, Inc. | Processing encrypted electronic documents |
| US8806618B2 (en) * | 2008-03-31 | 2014-08-12 | Microsoft Corporation | Security by construction for distributed applications |
| US8443447B1 (en) | 2009-08-06 | 2013-05-14 | Trend Micro Incorporated | Apparatus and method for detecting malware-infected electronic mail |
| US9406048B2 (en) * | 2010-07-07 | 2016-08-02 | Mark Meister | Email system for preventing inadvertant transmission of propriety message or documents to unintended recipient |
| US9049222B1 (en) * | 2012-02-02 | 2015-06-02 | Trend Micro Inc. | Preventing cross-site scripting in web-based e-mail |
| US10536408B2 (en) * | 2015-09-16 | 2020-01-14 | Litéra Corporation | Systems and methods for detecting, reporting and cleaning metadata from inbound attachments |
| US20180262457A1 (en) * | 2017-03-09 | 2018-09-13 | Microsoft Technology Licensing, Llc | Self-debugging of electronic message bugs |
| US11038916B1 (en) * | 2019-01-16 | 2021-06-15 | Trend Micro, Inc. | On-demand scanning of e-mail attachments |
| US11570186B2 (en) * | 2019-12-12 | 2023-01-31 | Intel Corporation | Security reporting via message tagging |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5623600A (en) * | 1995-09-26 | 1997-04-22 | Trend Micro, Incorporated | Virus detection and removal apparatus for computer networks |
| WO1998010342A2 (en) * | 1996-09-05 | 1998-03-12 | Cheyenne Software International Sales Corp. | Anti-virus agent for use with databases and mail servers |
| US5889943A (en) * | 1995-09-26 | 1999-03-30 | Trend Micro Incorporated | Apparatus and method for electronic mail virus detection and elimination |
| JPH11110211A (en) * | 1997-09-30 | 1999-04-23 | Brother Ind Ltd | Computer system, computer virus countermeasure method, and recording medium storing computer virus countermeasure program |
| JPH11224190A (en) * | 1998-02-09 | 1999-08-17 | Yaskawa Electric Corp | Method for protecting computer connected to computer network, and recording medium having recorded program therefor |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5951698A (en) * | 1996-10-02 | 1999-09-14 | Trend Micro, Incorporated | System, apparatus and method for the detection and removal of viruses in macros |
| US5956481A (en) * | 1997-02-06 | 1999-09-21 | Microsoft Corporation | Method and apparatus for protecting data files on a computer from virus infection |
| US5983348A (en) * | 1997-09-10 | 1999-11-09 | Trend Micro Incorporated | Computer network malicious code scanner |
| US6003132A (en) * | 1997-10-22 | 1999-12-14 | Rvt Technologies, Inc. | Method and apparatus for isolating a computer system upon detection of viruses and similar data |
| US6108799A (en) * | 1997-11-21 | 2000-08-22 | International Business Machines Corporation | Automated sample creation of polymorphic and non-polymorphic marcro viruses |
| US6338141B1 (en) * | 1998-09-30 | 2002-01-08 | Cybersoft, Inc. | Method and apparatus for computer virus detection, analysis, and removal in real time |
| US6230288B1 (en) * | 1998-10-29 | 2001-05-08 | Network Associates, Inc. | Method of treating whitespace during virus detection |
| US20030191957A1 (en) * | 1999-02-19 | 2003-10-09 | Ari Hypponen | Distributed computer virus detection and scanning |
| US6697950B1 (en) * | 1999-12-22 | 2004-02-24 | Networks Associates Technology, Inc. | Method and apparatus for detecting a macro computer virus using static analysis |
| US6701440B1 (en) * | 2000-01-06 | 2004-03-02 | Networks Associates Technology, Inc. | Method and system for protecting a computer using a remote e-mail scanning device |
-
2000
- 2000-07-05 GB GB0016553A patent/GB2357939B/en not_active Expired - Lifetime
-
2001
- 2001-03-20 US US09/812,409 patent/US20020004908A1/en not_active Abandoned
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5623600A (en) * | 1995-09-26 | 1997-04-22 | Trend Micro, Incorporated | Virus detection and removal apparatus for computer networks |
| US5889943A (en) * | 1995-09-26 | 1999-03-30 | Trend Micro Incorporated | Apparatus and method for electronic mail virus detection and elimination |
| WO1998010342A2 (en) * | 1996-09-05 | 1998-03-12 | Cheyenne Software International Sales Corp. | Anti-virus agent for use with databases and mail servers |
| JPH11110211A (en) * | 1997-09-30 | 1999-04-23 | Brother Ind Ltd | Computer system, computer virus countermeasure method, and recording medium storing computer virus countermeasure program |
| JPH11224190A (en) * | 1998-02-09 | 1999-08-17 | Yaskawa Electric Corp | Method for protecting computer connected to computer network, and recording medium having recorded program therefor |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1388068A4 (en) * | 2001-04-13 | 2009-04-29 | Nokia Inc | System and method for providing exploit protection for networks |
| EP1388068A1 (en) * | 2001-04-13 | 2004-02-11 | Nokia Inc. | System and method for providing exploit protection for networks |
| WO2002084495A1 (en) | 2001-04-13 | 2002-10-24 | Nokia, Inc. | System and method for providing exploit protection for networks |
| EP1671232A2 (en) * | 2003-10-10 | 2006-06-21 | Aladdin Knowledge Systems, Ltd. | A method and system for preventing exploiting an email message |
| EP1671232A4 (en) * | 2003-10-10 | 2013-04-10 | Safenet Data Security Israel Ltd | A method and system for preventing exploiting an email message |
| US10462164B2 (en) | 2005-06-09 | 2019-10-29 | Glasswall (Ip) Limited | Resisting the spread of unwanted code and data |
| US11799881B2 (en) | 2005-06-09 | 2023-10-24 | Glasswall (Ip) Limited | Resisting the spread of unwanted code and data |
| US11218495B2 (en) | 2005-06-09 | 2022-01-04 | Glasswall (Ip) Limited | Resisting the spread of unwanted code and data |
| US8185954B2 (en) | 2005-06-09 | 2012-05-22 | Glasswall (Ip) Limited | Resisting the spread of unwanted code and data |
| US10462163B2 (en) | 2005-06-09 | 2019-10-29 | Glasswall (Ip) Limited | Resisting the spread of unwanted code and data |
| US9516045B2 (en) | 2005-06-09 | 2016-12-06 | Glasswall (Ip) Limited | Resisting the spread of unwanted code and data |
| US10419456B2 (en) | 2005-06-09 | 2019-09-17 | Glasswall (Ip) Limited | Resisting the spread of unwanted code and data |
| US8869283B2 (en) | 2005-06-09 | 2014-10-21 | Glasswall (Ip) Limited | Resisting the spread of unwanted code and data |
| GB2427048A (en) * | 2005-06-09 | 2006-12-13 | Avecho Group Ltd | Detection of unwanted code or data in electronic mail |
| EP1897323A4 (en) * | 2005-06-30 | 2011-04-13 | Nokia Corp | SYSTEM AND METHOD FOR USING QUARANTIN NETWORKS TO PROTECT CELLULAR NETWORKS FROM VIRUSES AND TOWERS |
| EP1897323A1 (en) * | 2005-06-30 | 2008-03-12 | Nokia Corporation | System and method for using quarantine networks to protect cellular networks from viruses and worms |
| US9705911B2 (en) | 2005-06-30 | 2017-07-11 | Nokia Technologies Oy | System and method for using quarantine networks to protect cellular networks from viruses and worms |
| US10348748B2 (en) | 2006-12-04 | 2019-07-09 | Glasswall (Ip) Limited | Using multiple layers of policy management to manage risk |
| CN101611412B (en) * | 2006-12-04 | 2014-02-12 | 格拉斯沃(Ip)有限公司 | Improvements in resisting spread of unwanted code and data |
| WO2008068450A3 (en) * | 2006-12-04 | 2008-08-07 | Glasswall Ip Ltd | Improvements in resisting the spread of unwanted code and data |
| US9038174B2 (en) | 2006-12-04 | 2015-05-19 | Glasswall IP Limited | Resisting the spread of unwanted code and data |
| US8533824B2 (en) | 2006-12-04 | 2013-09-10 | Glasswall (Ip) Limited | Resisting the spread of unwanted code and data |
| CN103530558A (en) * | 2006-12-04 | 2014-01-22 | 格拉斯沃(Ip)有限公司 | Improvements in resisting the spread of unwanted code and data |
| US9729513B2 (en) | 2007-11-08 | 2017-08-08 | Glasswall (Ip) Limited | Using multiple layers of policy management to manage risk |
| US9003536B2 (en) | 2010-05-27 | 2015-04-07 | Qinetiq Limited | Content-checking of embedded content in digitally encoded documents |
| WO2011148122A1 (en) * | 2010-05-27 | 2011-12-01 | Qinetiq Limited | Content - checking of embedded content in digitally encoded documents |
| US9832222B2 (en) | 2013-10-04 | 2017-11-28 | Glasswall (Ip) Limited | Anti-malware mobile content data management apparatus and method |
| US10360388B2 (en) | 2014-11-26 | 2019-07-23 | Glasswall (Ip) Limited | Statistical analytic method for the determination of the risk posed by file based content |
| US9330264B1 (en) | 2014-11-26 | 2016-05-03 | Glasswall (Ip) Limited | Statistical analytic method for the determination of the risk posed by file based content |
| US9729564B2 (en) | 2014-11-26 | 2017-08-08 | Glasswall (Ip) Limited | Statistical analytic method for the determination of the risk posed by file based content |
| US10887261B2 (en) | 2015-07-30 | 2021-01-05 | Microsoft Technology Licensing, Llc | Dynamic attachment delivery in emails for advanced malicious content filtering |
| WO2017019717A1 (en) * | 2015-07-30 | 2017-02-02 | Microsoft Technology Licensing, Llc | Dynamic attachment delivery in emails for advanced malicious content filtering |
Also Published As
| Publication number | Publication date |
|---|---|
| GB0016553D0 (en) | 2000-08-23 |
| GB2357939B (en) | 2002-05-15 |
| US20020004908A1 (en) | 2002-01-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| GB2357939A (en) | E-mail virus detection and deletion | |
| US7877807B2 (en) | Method of and system for, processing email | |
| JP5118020B2 (en) | Identifying threats in electronic messages | |
| US6851058B1 (en) | Priority-based virus scanning with priorities based at least in part on heuristic prediction of scanning risk | |
| US7263561B1 (en) | Systems and methods for making electronic files that have been converted to a safe format available for viewing by an intended recipient | |
| EP1891571B1 (en) | Resisting the spread of unwanted code and data | |
| US8122508B2 (en) | Analyzing traffic patterns to detect infectious messages | |
| US7380277B2 (en) | Preventing e-mail propagation of malicious computer code | |
| US7640361B1 (en) | Systems and methods for converting infected electronic files to a safe format | |
| US8850566B2 (en) | Time zero detection of infectious messages | |
| GB2432933A (en) | Network security apparatus which extracts a data stream from network traffic and performs an initial operation on the data before scanning for viruses. | |
| US9294487B2 (en) | Method and apparatus for providing network security | |
| GB2400932A (en) | System for checking files for viruses | |
| US7448085B1 (en) | Method and apparatus for detecting malicious content in protected archives | |
| US8307438B2 (en) | System, method, and computer program product for conditionally performing a scan on data based on an associated data structure | |
| US7757288B1 (en) | Malicious e-mail attack inversion filter | |
| KR100496770B1 (en) | Virus email blocking algorithm and system | |
| AU2012258355B2 (en) | Resisting the Spread of Unwanted Code and Data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 732E | Amendments to the register in respect of changes of name or changes affecting rights (sect. 32/1977) |
Free format text: REGISTERED BETWEEN 20191031 AND 20191106 |
|
| PE20 | Patent expired after termination of 20 years |
Expiry date: 20200704 |