CN100586064C - Method for searching and killing virus of network equipment - Google Patents
Method for searching and killing virus of network equipment Download PDFInfo
- Publication number
- CN100586064C CN100586064C CN200610060423A CN200610060423A CN100586064C CN 100586064 C CN100586064 C CN 100586064C CN 200610060423 A CN200610060423 A CN 200610060423A CN 200610060423 A CN200610060423 A CN 200610060423A CN 100586064 C CN100586064 C CN 100586064C
- Authority
- CN
- China
- Prior art keywords
- virus
- message
- network equipment
- poison
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
This invention is concerned with the method for checking and killing virus for network equipment includes: 1) the network equipment receives the information and calls the checking and killing virus module to processes the virus processing; 2) the checking and killing virus module sends the feedback information to the network equipment information handling module after the virus treatment for continuing disposal. The invention can use the network equipment checking and killing virus technique project on the information that sends to the terminal, reduce the attack to the terminal equipment by the virus and the maintenance the cost for the terminal, improve the reliability of the terminal; because of the equipment includes anti-virus software, and virus self-reduction, which reduces attack from the virus to the equipment, improve network safety.
Description
Technical field
The present invention relates to network equipment antivirus protection technical field, specifically, relate to malicious and the virus killing technology looked into of the network equipment.
Background technology
In mobile communication system, note virus comes into vogue; The mobile network can receive Packet Based Network now, and this has opened the gate for virus one to the attack of mobile device undoubtedly; Such as: BSC (Base StationController base station controller) can pass through on PDSN (the Packet Data Serving Node packet data serving node) internet, for the terminal use provides data service; IMS (IP Multimedia System) network can interconnect with diverse network, and it inserts the internet network by P-CSCF (Proxy-Call Session Control Function entity).
In data communication field, virus is more innumerable, such as: worm-type virus, shock wave virus etc., in a single day equipment meet with the attack of these viruses, will cause network paralysis.
Prior network device; as: MSC (mobile switching centre), PDSN (group data service node), switch, router, BSC (base station controller), HLR (attaching position register), HA (mobile IP home agent) etc. do not have the function of self-protection; in the face of the attack of the such virus of similar worm, equipment is with cisco unity malfunction.
Antivirus software mainly is installed in terminal now, need not regular update virus base (as: mobile phone and PC go up the antivirus software of installation etc.) of antivirus software be installed to portable terminal, disposes lower terminal, and antivirus software can't be installed at all; In addition, if do not surf the Net condition or PC can not be connected to portable terminal, even dispose good portable terminal, can not install and download antivirus software, these equipment will be subjected to the threat, the particularly threat of note virus of virus.
In addition, for the terminal that antivirus software is installed, each terminal all needs to safeguard, even needs manual the maintenance; If by virus attack, may also need specific maintaining unit maintenance, this maintenance cost that will cause terminal is than higher.
Summary of the invention
The object of the present invention is to provide a kind of network equipment to look into the method for poison and virus killing, to solve the problem of the network equipment being carried out antivirus protection.
For achieving the above object, technical scheme provided by the invention is as follows: a kind of network equipment is looked into the method for poison and virus killing, and described method comprises the steps:
A0, in network equipment code integrated look into poison and the virus killing module;
A, the network equipment judge whether to carry out virus treated after receiving message, if then call and look into poison and the virus killing module carries out changeing step b after the virus treated to described message, otherwise do not carry out virus treated;
B, described poison and the virus killing module looked into are finished after the described virus treated and are carried out subsequent treatment for the message processing module of the described network equipment described message feedback.
Wherein step b specifically comprises:
B1, described poison and the virus killing module looked into are finished the message processing module of described message feedback being given behind the poison the described network equipment of looking into to described message, if carry virus in the described message, described message processing module after receiving described message abandons it, if do not have virus in the described message, described message processing module sends described message.
Wherein step b specifically comprises:
B1, described poison and the virus killing module looked into are finished the message processing module of described message feedback being given after poison and the virus killing the described network equipment of looking into to described message, if carry virus in the described message, the message that described message processing module will send after SMS Tip also will be killed virus for the user who sends described message sends, if do not have virus in the described message, described message processing module sends described message.
Wherein also comprise after the step b:
When virus base upgrades, by file transfer protocol (FTP) FTP or text host-host protocol TFTP or serial ports new virus base is loaded in the described network equipment, the described network equipment is saved in described virus base in the nonvolatile storage, loads described virus base when the described network equipment starts automatically.
Wherein also comprise after the step b:
When described when looking into poison and virus killing module and upgrading, need the issue virus module to upgrade patch, look into poison and virus killing module patch after upgrading are loaded into the described network equipment and are saved in the nonvolatile storage, load described patch when the described network equipment starts automatically.
The wherein said network equipment is a mobile network appliance.
Wherein said mobile network appliance is base station controller BSC or moving exchanging center MSC or packet data serving node PDSN.
The present invention overcomes the deficiencies in the prior art, adopt at first integrated poison and the virus killing module looked in network equipment code, when the network equipment is received message, call and look into poison and the virus killing module looks into poison and virus killing is handled, and the message of looking into after poison and the virus killing is carried out the technical scheme of subsequent treatment by message processing module, the network equipment has carried out virus killing to the message that mails to terminal to be handled, reduced the attack of virus, reduced the maintenance cost of terminal, improved the reliability of terminal terminal equipment; In addition, virus also may be launched a offensive to the equipment in the network, because integrated antivirus software in the equipment has self-virus killing function, this will significantly reduce viral attack to the network equipment, the fail safe that has improved network.
Description of drawings
Fig. 1 is the flow chart of the embodiment of the invention one;
Fig. 2 is the flow chart of the embodiment of the invention two.
Embodiment
Basic ideas of the present invention are integrated virus killings and look into malicious module in network equipment code, when virus base upgrades, by FTP (file transfer protocol (FTP))/TFTP (text host-host protocol)/serial ports etc. new virus base is loaded in the network equipment, the network equipment is saved in virus base in the nonvolatile storage, loads virus base when the network equipment starts automatically; After the network equipment receives external message, this message is looked into poison and virus killing module as looking into poison and virus killing object reference, look into the poison and the virus killing module finish to this message look into the poison and the virus killing function, the result is fed back to the message processing module of the network equipment, after message processing module is received feedback, this message abandoned or the message that will finish extremely behind the poison sends to the user.
Below specify:
There are some Embedded controls or Business Processing code in the general inside of the network equipment, and these codes are compiled into binary file and are loaded in the equipment, like this, integrated if desired other functional module softwares, then need to provide the binary file that realizes this function, compiling together loads together.Can provide by antivirus software provider during realization and be compiled into binary file (also can be source code file), the equipment supplier compiles the code of these files in equipment, generation can be loaded into the executable file that moves in the equipment, then this file load is also moved in equipment.Wherein antivirus software need provide certain interface (can be function interface, also can be message interface), and the Service Processing Module in the network equipment calls its function interface or sends the reciprocal process that message realizes the message virus killing, looks into poison to it.Integrated poison and the virus killing module looked in network equipment code thus the time called and to be looked into poison and the virus killing module is killed virus external message being looked into poison and virus killing.
Wherein, the network equipment can be mobile network's a equipment, as: BSC, MSC, PDSN and PCF equipment such as (Packet Control Function Packet Control Function entities); Also can be that equipment (internet network) in the data communication is as equipment such as router, fire compartment walls; The load software that loads virus base can be FTP, TFTP, serial ports etc., also can be other load software.
When the network equipment is received external message, can be for further processing according to following rule 1:
Rule 1 stipulates that mainly which message need look into the poison and processings of killing the virus, and can define like this: generally signaling message does not need to look into and kill virus, and short message is just looked into and killed virus;
Perhaps, the data-message of receiving is just killed virus, the control messages of receiving is not killed virus;
Perhaps, receive that the message that send some IP address (also can be MAC Address, signalling point) just needs virus killing; That receives that some IP (also can be MAC Address, signalling point) address sends does not need virus killing, and other message all needs virus killing;
Perhaps, be that the message of this equipment is just killed virus for sending the destination; For the destination is that terminal use's message is just killed virus; For the destination is not that the message of this equipment is just killed virus.
When look into the poison and the virus killing module finish to this message look into the poison and the virus killing function, the result is fed back to message processing module, message processing module will be handled according to following rule 2 after receiving feedback:
How the message that rule 2 has mainly been stipulated to look into after poison is finished with virus killing is handled, and can define like this: the message of finding virus abandons, and the message that does not have virus is according to original flow processing;
Perhaps, the message of finding virus is not dealt with, the message before still will killing virus is according to original flow processing, and log information, and the message that does not have virus is according to original flow processing;
Perhaps, to finding viral message to sending SMS Tip of user of this message and to its virus killing, proceeding to handle after virus killing finishes, the message of not finding virus is according to original flow processing.
Above-mentioned rule 1 and rule 2 can dispose as required, also can be the default treatment processes in the software.
If look into poison and virus killing module upgrade, then can use the process upgrading of similar upgrading virus base to look into poison and virus killing module.
At first need integratedly in network equipment code look into poison and virus killing module and carry out the renewal of virus base where necessary, detailed process is as follows:
At first, integrated poison and the virus killing module looked in network equipment code when looking into poison and virus killing module and upgrade, is loaded into look into poison and virus killing module after upgrading in the network equipment as patch and is saved in the nonvolatile storage, loads patch during device start automatically.
In addition, when looking into poison and antivirus software virus base and upgrade, can be loaded in the network equipment by FTP/TFTP/ serial ports etc., load virus base after, equipment is saved in virus base in the nonvolatile storage, automatic loading virus base when the network equipment starts.
Wherein said nonvolatile storage can be FLASH (flash memory), EEPROM (electricallyerasable ROM (EEROM)), hard disk an or the like memory.
Finish above-mentioned in the network equipment integrated look into poison and virus killing module after, when the network equipment is received message, can look into and kill virus.
Embodiment one: present embodiment is an example with the MSC in the mobile network, and wherein rule 1 is defined as: general signaling message does not need to look into/kill virus, and short message is looked into/killed virus; Rule 2 is defined as the message of finding virus and abandons, and the message that does not have virus is according to original flow processing, and the flow process of looking into/killing virus as shown in Figure 1
Step 1: the network equipment receives external message;
Step 2: the network equipment is according to rule 1, and whether decision looks into poison and virus killing to this message, if do not need to look into poison and virus killing, changes step 7;
Step 3: if desired this message is looked into poison and virus killing, this message is looked into interface malicious and that the virus killing module provides as looking into poison and virus killing object reference;
Step 4: look into the poison and the virus killing finish to message look into the poison and the virus killing function, the result is fed back to original message processing module;
Step 5: after message processing module was received feedback, if find virus, the message that will comprise virus abandoned, if do not find virus, changeed step 6;
Step 6, message processing module send message according to former flow process;
Step 7, end.
Embodiment two: present embodiment is an example with the MSC in the mobile network, and wherein rule 1 is defined as: general signaling message does not need to look into/kill virus, and short message is just looked into poison and virus killing; Rule 2 is defined as that the message of finding virus is given the SMS Tip of user send this message and to its virus killing, the message after virus killing finishes is proceeded to handle, and the message of not finding virus is according to original flow processing, the flow process of looking into/killing virus as shown in Figure 2:
Step 1: the network equipment receives external message;
Step 2: equipment is according to rule 1, and whether decision need look into poison and virus killing to this message, if do not need to look into poison and virus killing, changes step 8;
Step 3: need look into poison and virus killing to this message if desired, this message be looked into poison as needs need look into interface malicious and that the virus killing module provides with the virus killing object reference; Be short message herein, need look into poison and virus killing;
Step 4: need look into the poison and the virus killing module finish to message look into the poison and the virus killing function, the result is fed back to original message processing module;
Step 5: after message processing module is received feedback, if find virus, system generates a SMS Tip 1, and the sender who this note 1 content is sent to the note of carrying virus (can directly send, also can send to Short Message Center earlier, Short Message Center is transmitted to terminal again), if do not find virus, change step 7;
The message that step 6, message processing module will finish behind the poison extremely sends according to former flow process;
Step 7, message processing module send message according to former flow process;
Step 8, end.
Claims (7)
1, a kind of network equipment is looked into the method for poison and virus killing, it is characterized in that, described method comprises the steps:
A0, in network equipment code integrated look into poison and the virus killing module;
A, the network equipment judge whether to carry out virus treated after receiving message, if then call and look into poison and the virus killing module carries out changeing step b after the virus treated to described message, otherwise do not carry out virus treated;
B, described poison and the virus killing module looked into are finished after the described virus treated and are carried out subsequent treatment for the message processing module of the described network equipment described message feedback.
2, method according to claim 1 is characterized in that, wherein step b specifically comprises:
B1, described poison and the virus killing module looked into are finished the message processing module of described message feedback being given behind the poison the described network equipment of looking into to described message, if carry virus in the described message, described message processing module after receiving described message abandons it, if do not have virus in the described message, described message processing module sends described message.
3, method according to claim 1 is characterized in that, wherein step b specifically comprises:
B1, described poison and the virus killing module looked into are finished the message processing module of described message feedback being given after poison and the virus killing the described network equipment of looking into to described message, if carry virus in the described message, the message that described message processing module will send after SMS Tip also will be killed virus for the user who sends described message sends, if do not have virus in the described message, described message processing module sends described message.
4, method according to claim 1 is characterized in that, wherein also comprises after the step b:
When virus base upgrades, by file transfer protocol (FTP) FTP or text host-host protocol TFTP or serial ports new virus base is loaded in the described network equipment, the described network equipment is saved in described virus base in the nonvolatile storage, loads described virus base when the described network equipment starts automatically.
5, method according to claim 1 is characterized in that, wherein also comprises after the step b:
When described when looking into poison and virus killing module and upgrading, need the issue virus module to upgrade patch, look into poison and virus killing module patch after upgrading are loaded into the described network equipment and are saved in the nonvolatile storage, load described patch when the described network equipment starts automatically.
6, method according to claim 1 is characterized in that, the described network equipment is a mobile network appliance.
7, method according to claim 6 is characterized in that, described mobile network appliance is base station controller BSC or moving exchanging center MSC or packet data serving node PDSN.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610060423A CN100586064C (en) | 2006-04-18 | 2006-04-18 | Method for searching and killing virus of network equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610060423A CN100586064C (en) | 2006-04-18 | 2006-04-18 | Method for searching and killing virus of network equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1983927A CN1983927A (en) | 2007-06-20 |
| CN100586064C true CN100586064C (en) | 2010-01-27 |
Family
ID=38166188
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610060423A Expired - Fee Related CN100586064C (en) | 2006-04-18 | 2006-04-18 | Method for searching and killing virus of network equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100586064C (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103888914B (en) * | 2012-12-24 | 2018-05-11 | 中国移动通信集团河北有限公司 | A kind of method and apparatus for removing multimedia message virus |
| CN107329753B (en) * | 2017-06-28 | 2021-07-16 | 联想(北京)有限公司 | Firmware interface code adjusting method and electronic equipment |
-
2006
- 2006-04-18 CN CN200610060423A patent/CN100586064C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1983927A (en) | 2007-06-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100433899C (en) | Method and system for ensuring safe data service in mobile communication system | |
| US8051480B2 (en) | System and method for monitoring and analyzing multiple interfaces and multiple protocols | |
| KR101042733B1 (en) | System-on-chip based malware detecting apparatus in mobile device | |
| CN101189859A (en) | Wireless communication network security method and system | |
| GB2368233A (en) | Maintaining virus detection software in a mobile wireless device | |
| JP2008501269A (en) | Filtering unwanted messages in wireless communication systems | |
| US20060236390A1 (en) | Method and system for detecting malicious wireless applications | |
| KR20060130178A (en) | Isolation and remediation of a communication device | |
| WO2008001333A2 (en) | Smart-card centric spam protection | |
| WO2007105051A2 (en) | Method, mobile terminal and computer program product for interworking via a card application toolkit | |
| CN104159231A (en) | Method for optimizing background flow of client, and client | |
| CN100586064C (en) | Method for searching and killing virus of network equipment | |
| EP1897323A1 (en) | System and method for using quarantine networks to protect cellular networks from viruses and worms | |
| KR100557022B1 (en) | System and Method for providing protection for the wireless communication devices against the wireless virus | |
| KR100642998B1 (en) | Policy message transmission method for upgrade policy of mobile | |
| CN104239790B (en) | Treatment method of virus and device | |
| CN101039324B (en) | Method, system and apparatus for defending network virus | |
| CN101568082A (en) | Collocation method of base station parameters | |
| CN109547998B (en) | Management method, device and storage medium for virtual user identity identification card | |
| CA2731659C (en) | System and method for providing access to a service relating to an account for an electronic device in a network | |
| CN111262846B (en) | Control method of bus controller, bus controller and readable storage medium | |
| KR101058301B1 (en) | System-on-chip based malware detection device in mobile terminal | |
| KR20110069473A (en) | Gateway server between mobile application and service server and system for mobile internet communication comprising the same | |
| CA2544036C (en) | Method and system for detecting and handling malicious wireless applications | |
| KR101042794B1 (en) | System-on-chip and asic based malware detecting apparatus in mobile device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100127 Termination date: 20130418 |