CN101079689A - Method and device for virus scanning and processing of the data received by mobile phone - Google Patents

Method and device for virus scanning and processing of the data received by mobile phone Download PDF

Info

Publication number
CN101079689A
CN101079689A CN 200610026988 CN200610026988A CN101079689A CN 101079689 A CN101079689 A CN 101079689A CN 200610026988 CN200610026988 CN 200610026988 CN 200610026988 A CN200610026988 A CN 200610026988A CN 101079689 A CN101079689 A CN 101079689A
Authority
CN
China
Prior art keywords
data
submodule
virus
mobile phone
viral
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 200610026988
Other languages
Chinese (zh)
Other versions
CN100574181C (en
Inventor
王蕾
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Sunrise Simcom Electronic Technology Co Ltd
Original Assignee
Shanghai Chenxing Electronics Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Chenxing Electronics Science and Technology Co Ltd filed Critical Shanghai Chenxing Electronics Science and Technology Co Ltd
Priority to CNB2006100269884A priority Critical patent/CN100574181C/en
Publication of CN101079689A publication Critical patent/CN101079689A/en
Application granted granted Critical
Publication of CN100574181C publication Critical patent/CN100574181C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a virus scanning and disposing method and device for the received data of handset, which comprises the following steps: a. filtering the received data preliminarily; extracting the dubious data segment; b. proceeding secondary scanning for the extracted dubious data; examining whether the virus exists; c. killing virus if existing virus. The virus killing device contains data pack decoding submode, preliminary filter submode, dubious data extracting submode, secondary filter submode and virus disposing submode connected by data flow sequently. The invention needn' t scan entire data pack to reduce the examining scale, which accelerates the disposing speed to remain normal data information.

Description

Mobile phone is received method and the device that data are carried out virus scan and processing
Technical field
The present invention relates to preventing virus and killing method and the device that removes virus of a kind of mobile phone, specifically, is method and the device that carries out gas defence and virus killing about the data that receive at mobile phone.
Background technology
Along with popularizing that mobile phone is used, the particularly smart mobile phone widespread usage in people's life, mobile phone is connected on the diverse network more and more, the business of realization information and exchanges data.This just makes mobile phone become the object of attack of various viruses inevitably.Therefore, in mobile phone, carry out gas defence, the virus killing seem very necessary.
Than computer, its oneself characteristics are arranged for the gas defence of mobile phone, virus killing.At first, mobile phone all can't be compared with computer on the size of internal memory still is the processing speed of CPU, therefore needs to improve as much as possible the sweep speed of carrying out gas defence and virus killing, to reduce taking cpu resource.And from several mobile phone viruses of present discovery, the mobile phone infective virus has its specific channel.
Summary of the invention
The objective of the invention is own characteristic according to above-mentioned mobile phone a kind of method of the virus of protecting from infection and gas defence, virus killing device are provided.
Purpose of the present invention is achieved through the following technical solutions:
According to of the present invention a kind of, comprise the steps: receiving the method that data are carried out virus scan and processing
Step 1 is tentatively filtered the data that receive, and extracts the suspicious data section;
Step 2 is carried out secondary filter to the suspicious data section of extracting, and whether check has viral element to exist;
Step 3 is pointed out the user and is made respective handling according to scanning result.
Further, step S 1In said the data that receive are tentatively filtered, the multimedia message that is meant that mobile phone receives or the packet of Email, tentatively scan, coded system according to multimedia message, find header and body information, find out the accessory information that comprises, if find that the feasibility file is arranged or comprise some current Virus Name files by name by the decoded information head, then they are defined as suspicious content, and this segment data section is directly extracted;
Step S 2In saidly the suspicious data section of being extracted carried out the second time filter, be meant whether the feature code inspection according to the various viruses of having found has viral element to exist;
Wherein step 3 comprises: 1) preserve all data; 2) delete whole packet; 3) delete viral packet; 4) all data of shielding viral source side.
According to same total inventive concept, a kind of device that mobile phone reception data are carried out virus scan and processing of the present invention, comprise the decoded packet data submodule that connects with data flow successively, the first submodule that filters, suspicious data extracts sub-piece, secondary filter submodule and virus treated submodule, and normally receive submodule, wherein:
This decoded packet data submodule, the multimedia message that it receives mobile phone or the packet of Email are decoded, and find out header and body information according to coded system;
Should filter submodule for the first time, itself and decoded packet data submodule connect with data flow, find out the accessory information that comprises by the decoded information that receives, to containing enforceability files such as exe, sis, or contain some virus documents that name is called current discovery and all be defined as suspicious content, otherwise, be defined as normal content, contain viral data segment and normal data section thereby be separated into to doubt, make first filtration;
This suspicious data extracts submodule, and it connects with data flow with the first submodule that filters, and receives separate doubtful and contains viral data segment;
Be somebody's turn to do the normal submodule that receives, it connects the normal data section that reception is separated with the first submodule that filters mutually with data flow; This secondary filter submodule, itself and suspicious data extract submodule and connect with data flow, doubtfully contain viral data segment to what send here, whether have according to the various virus pattern code inspections of having found and to contain viral element, separate the normal data section that contains viral element, with contain containing of viral element of viral data segment, and the normal data section is sent into normal reception submodule; This virus treated submodule, it makes corresponding processing to the viral data segment that the secondary filter submodule is sent here according to user instruction.
Further, said virus treated submodule comprises the whole packet of deletion according to user instruction to the processing that mobile phone receives data, or only the data segment of virus is carried in deletion; Or all data that shielding viral source side sends after the user confirms.
Positive progressive effect of the present invention is: at the specific channel of mobile phone PI virus and the characteristics of data transmission format, provide a kind of high efficiency virus scan method and device.
Description of drawings
Fig. 1 is a program circuit schematic diagram of the present invention;
Fig. 2 is a block diagram of the present invention.
Embodiment
Provide preferred embodiment of the present invention below in conjunction with Fig. 1 and Fig. 2, and described in detail,, rather than be used for limiting scope of the present invention so that those skilled in the art are easier to understand architectural feature of the present invention and functional characteristics.
As Fig. 1, a kind of to receiving the program 1000 that data are carried out virus scan and processing:
Step 1000 mobile phone receives the packet of a multimedia message or Email;
Step 1001,1002, at first the packet that receives is carried out preliminary scanning, coded system according to multimedia message finds header and body information, finds out the accessory information that comprises by the decoded information head, if find to have enforceability files such as .exe .sis, the file that perhaps comprises some Virus Names of current discovery by name, then they are defined as suspicious content, execution in step 1003,1004; Otherwise execution in step 1005 normally receives data;
Step 1003 is if find the suspected virus content, just this data segment is directly extracted;
Step 1004 is carried out rescan to the data segment that extracts, and step 1006 checks whether have viral element to exist if virus-free existence makes execution in step 1005 according to the feature code of the various viruses of having found, and is normal. receive data; Otherwise execution in step 1007 if there is virus to exist, just pointed out the user, and is made corresponding processing according to user's instruction: can delete whole packet; Also only the data segment of virus is carried in deletion; Can also confirm all data that shielding viral source side, back sends the user.
Like this, just can scan whole packet, dwindle examination scope, thereby accelerate processing speed.And, after the discovery virus, can realize a virus-isolating data, keep normal data message.
See also Fig. 2, as shown in the figure, mobile phone gas defence of the present invention, virus killing module comprise the decoded packet data submodule 11 that connects with data flow successively, the first submodule 12 that filters, suspicious data extracts submodule 13, secondary filter submodule 14 and virus treated submodule 15, wherein:
This decoded packet data submodule 11, the multimedia message that mobile phone is received or the packet of Email are decoded, by the decoded information head, and find out the accessory information that comprises, if find to have the feasibility file, for example, exe, sis etc. or include some existing Virus Name files then are defined as suspicious content with them.Sending into first filtration submodule 12 filters for the first time, then, extracting submodule 13 through suspicious data again checks, if do not find suspicious content, then normal reception submodule 16 is sent in output, if find to have suspicious content, then secondary filter submodule 14 is taken out and sent into to this suspicious data section and carry out secondary filter, afterwards, confirm that virus-free element exists, must send into normal. receive submodule 16, if find to also have virus to exist, then send into virus treated submodule 15 and handle, or delete whole packet, or only deletion contains the data segment of virus, or shield all data that viral source side sends.

Claims (6)

1, a kind of method that mobile phone reception data are carried out virus scan and processing comprises step:
S 1The data that receive are tentatively filtered, extract the suspicious data section,
S 2Whether the suspicious data section of being extracted is carried out the second time filter, checking has viral element to exist;
S 3According to the filter result second time of being carried out, the prompting user also handles accordingly.
2, the method that mobile phone reception data are carried out virus scan and processing according to claim 1 is characterized in that step S 1In said the data that receive are tentatively filtered, the multimedia message that is meant that mobile phone receives or the packet of Email, tentatively scan, coded system according to multimedia message, find header and body information, find out the accessory information that comprises, if find that the feasibility file is arranged or comprise some current Virus Name files by name by the decoded information head, then they are defined as suspicious content, and this segment data section is directly extracted.
3, the method to mobile phone reception data virus scan and processing according to claim 1 is characterized in that step S 2In saidly the suspicious data section of being extracted carried out the second time filter, be meant whether the feature code inspection according to the various viruses of having found has viral element to exist.
4, according to claim 1 or the 3 described methods that mobile phone reception data are carried out virus scan and processing, it is characterized in that step S 3In said prompting user make corresponding processing, comprising: 1) preserve all data; Or 2) delete whole packet; Or 3) delete viral packet; Or 4) all data of shielding viral source side.
5, a kind of device that mobile phone reception data are carried out virus scan and processing, it is characterized in that, comprise the decoded packet data submodule (11) that connects with data flow successively, the first submodule (12) that filters, suspicious data extracts sub-piece (13), secondary filter submodule (14) and virus treated submodule (15), and normally receive submodule (16), wherein:
This decoded packet data submodule (11), the multimedia message that it receives mobile phone or the packet of Email are decoded, and find out header and body information according to coded system;
Should filter submodule (12) for the first time, itself and decoded packet data submodule (11) connect with data flow, find out the accessory information that comprises by the decoded information that receives, to containing enforceability files such as exe, sis, or contain some virus documents that name is called current discovery and all be defined as suspicious content, otherwise, be defined as normal content, contain viral data segment and normal data section thereby be separated into to doubt, make first filtration;
This suspicious data extracts submodule (13), and it connects with data flow with the first submodule (12) that filters, and receives separate doubtful and contains viral data segment;
Be somebody's turn to do the normal submodule (16) that receives, it connects the normal data section that reception is separated with the first submodule (12) that filters mutually with data flow;
This secondary filter submodule (14), itself and suspicious data extract submodule (13) and connect with data flow, doubtfully contain viral data segment to what send here, whether contain viral element according to the various virus pattern code inspections of having found, isolate the normal data section that does not contain viral element, with contain containing of viral element of viral data segment, and the normal data section is sent into normal reception submodule (16);
This virus treated submodule (15), it makes corresponding processing to the viral data segment that secondary filter submodule (14) is sent here according to user instruction.
6, the device that mobile phone reception data are carried out virus scan and processing according to claim 5, it is characterized in that, said virus treated submodule (15) comprises the whole packet of deletion according to user instruction to the processing that mobile phone receives data, or only the data segment of virus is carried in deletion; Or all data that shielding viral source side sends after the user confirms.
CNB2006100269884A 2006-05-26 2006-05-26 Mobile phone is received method and the device that data are carried out virus scan and processing Expired - Fee Related CN100574181C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB2006100269884A CN100574181C (en) 2006-05-26 2006-05-26 Mobile phone is received method and the device that data are carried out virus scan and processing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2006100269884A CN100574181C (en) 2006-05-26 2006-05-26 Mobile phone is received method and the device that data are carried out virus scan and processing

Publications (2)

Publication Number Publication Date
CN101079689A true CN101079689A (en) 2007-11-28
CN100574181C CN100574181C (en) 2009-12-23

Family

ID=38906944

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2006100269884A Expired - Fee Related CN100574181C (en) 2006-05-26 2006-05-26 Mobile phone is received method and the device that data are carried out virus scan and processing

Country Status (1)

Country Link
CN (1) CN100574181C (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102043840A (en) * 2010-12-13 2011-05-04 北京安天电子设备有限公司 Method and system for detecting and tracking cookie cache files
CN102045368A (en) * 2011-01-20 2011-05-04 中兴通讯股份有限公司 Virus preventing method of intelligent mobile terminal and system
CN102592103A (en) * 2011-01-17 2012-07-18 中国电信股份有限公司 Secure file processing method, equipment and system
CN102663285A (en) * 2012-03-21 2012-09-12 奇智软件(北京)有限公司 Extracting method and extracting device for APK (android package) virus characteristic code
CN102915359A (en) * 2012-10-16 2013-02-06 北京奇虎科技有限公司 File management method and device
CN103729937A (en) * 2013-12-20 2014-04-16 广西科技大学 Electric vehicle charging and billing monitor system
CN104376259A (en) * 2014-09-12 2015-02-25 腾讯科技(深圳)有限公司 Method and device for detecting viruses
CN104598819A (en) * 2015-01-09 2015-05-06 百度在线网络技术(北京)有限公司 Method, device and system for scanning packages
CN104715200A (en) * 2012-05-04 2015-06-17 北京奇虎科技有限公司 Method and device for identifying viral APK (Android application package file)
CN105991395A (en) * 2015-01-30 2016-10-05 杭州迪普科技有限公司 Attachment replacing method and attachment replacing device
CN107045610A (en) * 2017-05-08 2017-08-15 广东欧珀移动通信有限公司 Data migration method, terminal device and computer-readable recording medium
CN101656965B (en) * 2008-08-22 2017-10-03 Lg电子株式会社 Terminal and the method for protecteding from virus
CN112149115A (en) * 2020-08-28 2020-12-29 杭州安恒信息技术股份有限公司 Method and device for updating virus library, electronic device and storage medium

Cited By (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101656965B (en) * 2008-08-22 2017-10-03 Lg电子株式会社 Terminal and the method for protecteding from virus
CN102043840A (en) * 2010-12-13 2011-05-04 北京安天电子设备有限公司 Method and system for detecting and tracking cookie cache files
CN102592103A (en) * 2011-01-17 2012-07-18 中国电信股份有限公司 Secure file processing method, equipment and system
CN102045368A (en) * 2011-01-20 2011-05-04 中兴通讯股份有限公司 Virus preventing method of intelligent mobile terminal and system
WO2012097553A1 (en) * 2011-01-20 2012-07-26 中兴通讯股份有限公司 Virus prevention method and system for intelligent mobile terminal
CN102663285B (en) * 2012-03-21 2015-06-10 北京奇虎科技有限公司 Extracting method and extracting device for APK (android package) virus characteristic code
CN102663285A (en) * 2012-03-21 2012-09-12 奇智软件(北京)有限公司 Extracting method and extracting device for APK (android package) virus characteristic code
WO2013139216A1 (en) * 2012-03-21 2013-09-26 北京奇虎科技有限公司 Method and device for extracting characteristic code of apk virus
CN104715200A (en) * 2012-05-04 2015-06-17 北京奇虎科技有限公司 Method and device for identifying viral APK (Android application package file)
CN102915359A (en) * 2012-10-16 2013-02-06 北京奇虎科技有限公司 File management method and device
CN102915359B (en) * 2012-10-16 2016-08-10 北京奇虎科技有限公司 File management method and device
CN106203105A (en) * 2012-10-16 2016-12-07 北京奇虎科技有限公司 File management method and device
CN106203105B (en) * 2012-10-16 2019-07-09 北京奇虎科技有限公司 File management method and device
CN103729937A (en) * 2013-12-20 2014-04-16 广西科技大学 Electric vehicle charging and billing monitor system
CN104376259A (en) * 2014-09-12 2015-02-25 腾讯科技(深圳)有限公司 Method and device for detecting viruses
CN104598819A (en) * 2015-01-09 2015-05-06 百度在线网络技术(北京)有限公司 Method, device and system for scanning packages
CN104598819B (en) * 2015-01-09 2017-12-26 百度在线网络技术(北京)有限公司 A kind of methods, devices and systems for scan compression bag
CN105991395A (en) * 2015-01-30 2016-10-05 杭州迪普科技有限公司 Attachment replacing method and attachment replacing device
CN105991395B (en) * 2015-01-30 2019-04-09 杭州迪普科技股份有限公司 Attachment replacement method and device
CN107045610A (en) * 2017-05-08 2017-08-15 广东欧珀移动通信有限公司 Data migration method, terminal device and computer-readable recording medium
CN107045610B (en) * 2017-05-08 2020-06-12 Oppo广东移动通信有限公司 Data migration method, terminal device and computer readable storage medium
CN112149115A (en) * 2020-08-28 2020-12-29 杭州安恒信息技术股份有限公司 Method and device for updating virus library, electronic device and storage medium

Also Published As

Publication number Publication date
CN100574181C (en) 2009-12-23

Similar Documents

Publication Publication Date Title
CN101079689A (en) Method and device for virus scanning and processing of the data received by mobile phone
US10462164B2 (en) Resisting the spread of unwanted code and data
RU107616U1 (en) SYSTEM OF QUICK ANALYSIS OF DATA STREAM ON THE AVAILABILITY OF MALICIOUS OBJECTS
US8042184B1 (en) Rapid analysis of data stream for malware presence
EP1959367B1 (en) Automatic extraction of signatures for Malware
US20020004908A1 (en) Electronic mail message anti-virus system and method
US8489390B2 (en) System and method for generating vocabulary from network data
US7134142B2 (en) System and method for providing exploit protection for networks
US6851058B1 (en) Priority-based virus scanning with priorities based at least in part on heuristic prediction of scanning risk
US20060288418A1 (en) Computer-implemented method with real-time response mechanism for detecting viruses in data transfer on a stream basis
US20060174345A1 (en) Apparatus and method for acceleration of malware security applications through pre-filtering
US20070039051A1 (en) Apparatus And Method For Acceleration of Security Applications Through Pre-Filtering
CN101611412A (en) To stoping the improvement of harmful code and data diffusion
EP3268887A1 (en) Secure document transmission
Puchalski et al. Stegomalware detection through structural analysis of media files
CN111083307A (en) File detection and cracking method based on steganography
US20050060583A1 (en) System and method for advanced intrusion avoidance
AU2012258355B9 (en) Resisting the Spread of Unwanted Code and Data
Lin et al. Hardware-software codesign for high-speed signature-based virus scanning
JP2001067216A (en) Logical method and system for defending and removing computer virus
US20140157412A1 (en) Device, method and non-transitory computer readable storage medium thereof for performing anonymous testing on electronic digital
CN201515388U (en) antivirus gateway
CN114647849A (en) Method and device for detecting potentially dangerous file, electronic equipment and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C56 Change in the name or address of the patentee

Owner name: SHANGHAI CHENXING SIMCOM ELECTRONIC TECHNOLOGY CO.

Free format text: FORMER NAME: SHANGHAI CHENXING ELECTRONIC TECHNOLOGY CO., LTD.

CP01 Change in the name or title of a patent holder

Address after: 201700 Shengli Road, Qingpu District, Shanghai, No. 888

Patentee after: Shanghai Sunrise Simcom Electronic Technology Co., Ltd.

Address before: 201700 Shengli Road, Qingpu District, Shanghai, No. 888

Patentee before: Shanghai Chenxing Electronics Science & Technology Co., Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20091223

Termination date: 20180526