Embodiment
In order to make the object, technical solutions and advantages of the present invention clearly, describe the present invention below in conjunction with the drawings and specific embodiments.
Method provided by the invention comprises the flow process shown in Fig. 1:
See the method flow diagram that Fig. 1, Fig. 1 provide for the embodiment of the present invention.As shown in Figure 1, this flow process can comprise the following steps:
Step 101, when scanning for each analyzing spot, from high in the clouds, the scanning obtained for this analyzing spot configures.
As one embodiment of the invention, in step 101, the described scanning configuration obtained from high in the clouds for this analyzing spot can comprise: when being synchronized feature database from high in the clouds, find the scanning of this analyzing spot to configure from described feature database; And when not from synchronous characteristic storehouse, high in the clouds, from synchronous characteristic storehouse, high in the clouds, and from described feature database, find the scanning of this analyzing spot to configure; Wherein, scanning configuration for all analyzing spots is comprised in described feature database and this each scanning configuration to be controlled in real time by high in the clouds and to upgrade.
Step 102, obtains the scanning logic for needing during described analyzing spot scanning to use from described scanning configuration.
Step 103, when the described scanning logic obtained is the scanning logic of high in the clouds setting, uses high in the clouds scanning logic to scan this analyzing spot.
Preferably, when the described scanning logic obtained is the scanning logic of client this locality, the present invention then uses the local scanning logic of client to scan this analyzing spot.
So far, the flow process shown in Fig. 1 is completed.
As can be seen from flow process shown in Fig. 1, in the present invention, not utilize to single solution for diverse problems the local scanning logic of client to scan analyzing spot, but control to decide to use the scanning logic of client this locality or use the scanning logic of high in the clouds setting to scan each analyzing spot based on high in the clouds.Due to high in the clouds intelligent, it is completely according to practical application with avoid harm effect to arrange and how to scan for this analyzing spot, and this obviously reduces harm compared to prior art.
Below flow process shown in Fig. 1 is described in detail:
See the detail flowchart that Fig. 2, Fig. 2 provide for the embodiment of the present invention.As shown in Figure 2, this flow process can comprise the following steps:
Step 201, from synchronous characteristic storehouse, high in the clouds.
This step 201 performs when the fail-safe software of client starts scanning.
Here, the scanning configuration of all analyzing spots is comprised in feature database and this all scanning configures and to be controlled in real time by high in the clouds and upgrade.
As one embodiment of the present of invention, the scanning configuration of different scanning point is mainly distinguished by the characteristic parameter of analyzing spot.Preferably, in the present invention, the characteristic parameter of analyzing spot at least comprises any one or any combination of following parameter: the file name that analyzing spot title, analyzing spot mark (ID), analyzing spot are associated, file chaining address, file MD5.
In addition, because the scanning just for analyzing spot in the feature database that this step 201 is synchronous configures, not other extra information, this can maximize and save time.Also have, sometimes may there are some problems in the network environment of user, these these steps 201 are carrying out some problems being difficult to expect may occur in synchronous process with high in the clouds, cause synchronous instability etc., when this occurs, the situations such as client meeting automatic decision user network, comprehensive various situation, carrying out repeatedly synchronously to Cloud Server of intelligence, ensures synchronous completing.
Step 202, when scanning analyzing spot, finds the scanning configuration of this analyzing spot from synchronous feature database.
Describe based on previous step 201: the scanning configuration of different scanning point is mainly distinguished by the characteristic parameter of analyzing spot, and therefore, the characteristic parameter searched by this analyzing spot in this step 202 is searched in feature database.
Based on this scanning configuration found, step 203, determines whether high in the clouds is provided with shielding scanning for this analyzing spot, if so, performs step 204, otherwise, perform step 205.
After the fail-safe software version of client has been issued, due to the BUG of this fail-safe software or when designing this fail-safe software the certain situation do not considered, some points (being referred to as analyzing spot) can be caused to cause risk to user, such as delete normal file or cause system cisco unity malfunction, in order to stop dangerous expansion, need to shield timely the risk that this analyzing spot causes user, namely need high in the clouds to arrange shielding scanning according to actual conditions for this analyzing spot, the scanning such as arranging this analyzing spot of shielding in scanning configuration describes.So, when starting to scan this analyzing spot, if find that high in the clouds has been provided with the scanning of this analyzing spot of shielding in the configuration of this analyzing spot, then do not scan for this analyzing spot, to avoid extra risk.
Step 204, terminates the scanning to this analyzing spot, when this analyzing spot is not last analyzing spot, obtains next analyzing spot and returns the search operation of step 202 for this next analyzing spot, otherwise, terminate scanning process.
Step 205, obtains the scanning logic for needing during described analyzing spot scanning to use from the scanning configuration that this finds.
Step 206, when the described scanning logic obtained is the scanning logic of high in the clouds setting, use high in the clouds scanning logic to scan this analyzing spot, when the described scanning logic obtained is the scanning logic of client this locality, use the local scanning logic of client to scan this analyzing spot.
In the present invention, the scanning logic used is needed during analyzing spot scanning, whether mainly depended on by high in the clouds uses the local scanning logic of client can to configure to analyzing spot by successful scan, such as, high in the clouds monitors some analyzing spots, and after client attempts single pass by the local scanning logic of client, high in the clouds finds that client does not report the data of these analyzing spots, this means that these analyzing spots are not arrived by client scan, based on this, high in the clouds is for ensureing that client follow up scan is to these analyzing spots, just need scanning logic corresponding for the configuration of these analyzing spots in feature database, i.e. high in the clouds scanning logic.After completing these configurations, these config updates are extremely synchronized in the feature database of client by high in the clouds, and these analyzing spots are informed to client, can scan these analyzing spots to guarantee that client is follow-up.
Step 207, in the scanning process of described analyzing spot, if find risk, then controls to determine whether to shield this risk based on high in the clouds, if so, then the scanning performing this analyzing spot is continued, until the end of scan of this analyzing spot, return step 204, otherwise, show this risk to user.
Why perform step 207, fundamental purpose is: when controlled, control the risk brought to user.
So far, the flow process shown in Fig. 2 is completed.
In the present invention, after scanning process terminates, the present invention also for showing the risk of user to repair, specifically flow process as shown in Figure 3.
The risk provided for the embodiment of the present invention see Fig. 3, Fig. 3 repairs process flow diagram.This flow process performs when receiving the risk reparation that user triggers.As shown in Figure 3, this flow process can comprise the following steps:
Step 301, for each risk of showing, the control based on high in the clouds determines whether to repair this risk, if not, performs step 302, if so, performs step 303.
After scanning process terminates, find that part can show the risk of user, then all can once judge for each risk of showing: the control namely based on high in the clouds determines whether to repair this risk, if and high in the clouds has shielded this risk of reparation, then can not perform real reparation operation, prevent from repairing the risk that may cause to user, specifically see step 302.
Preferably, in the present invention, for ease of performing step 301, the feature database in above-mentioned steps 201 also can comprise the configuration for risk item further, and this configuration is called repairs configuration.Wherein, this reparation configuration can be controlled in real time by high in the clouds and upgrade, and it comprises the description of whether repairing risk.Wherein, whether this repairs risk and refuses completely whether bring harm to user in reparation risk and arrange.
Step 302, terminates the reparation to this risk, this risk for show last risk time, obtain the next item down risk and return the determination operation of step 301 for this next item down risk, otherwise, terminate to repair flow process.
Step 303, control to determine to use the reparation logic of client this locality or the reparation logic using high in the clouds to arrange to repair this risk based on high in the clouds, if the former, client local restore logic is then used to repair this risk, if the latter, then use high in the clouds to repair logic and this risk is repaired.
In the present invention, preferably, for ease of performing this step 303, the reparation logic for risk can be increased in above-mentioned reparation configuration, and be issued to client.Wherein, when repairing risk, need the reparation logic used, mainly depended on by high in the clouds and use client local restore logic whether successfully can repair this risk to configure.Such as, in time there is a kind of new virus, client does not also have ability to remove this new virus completely according to this locality existing reparation logic, so, client all can scan this new virus when each scanning always, and uses local restore logic cannot thoroughly remove this new virus, based on this, high in the clouds, for guaranteeing that client thoroughly repairs this new virus, just needs for reparation logic corresponding to this new virus configuration.After completing these configurations, when client scans this new virus again, just can use the reparation logic that high in the clouds configures, to reach the object of thoroughly repairing.
So far, the flow process shown in Fig. 3 is completed.
As can be seen from describing above, the present invention is in execution scanning with when repairing, for different analyzing spots and risk, need a process that can control scanning input and reparation in a controlled fashion, namely determine whether real scanning according to the configuration in high in the clouds and repair, thus the risk brought to user can be controlled when controlled, and can prevent from continuing to cause risk to other user by high in the clouds mechanism rapidly when user feeds back risk time.Thus fundamentally solve the risk caused to user.
Below device provided by the invention is described:
See the structure drawing of device that Fig. 4, Fig. 4 provide for the embodiment of the present invention.As shown in Figure 4, this device can comprise:
First acquiring unit, for when scanning for each analyzing spot, from high in the clouds, the scanning obtained for this analyzing spot configures;
Second acquisition unit, for obtaining the scanning logic for needing during described analyzing spot scanning to use from described scanning configuration;
Scanning element, when the scanning logic for obtaining at described second acquisition unit is high in the clouds scanning logic, uses high in the clouds scanning logic to start to scan this analyzing spot.
Preferably, described scanning element, also for when the scanning logic that described second acquisition unit obtains is the scanning logic of client this locality, uses the local scanning logic of client to scan this analyzing spot.
In the present invention, the scanning configuration that described first acquiring unit obtains from high in the clouds for this analyzing spot can be: when being synchronized feature database from high in the clouds, find the scanning of this analyzing spot to configure from described feature database; And when not from synchronous characteristic storehouse, high in the clouds, from synchronous characteristic storehouse, high in the clouds, and from described feature database, find the scanning of this analyzing spot to configure; Wherein, scanning configuration for all analyzing spots is comprised in described feature database and this all scanning configures and to be controlled in real time by high in the clouds and upgrade
Preferably, as shown in Figure 4, this device comprises further:
Scanning judging unit, for determining whether to scan for this analyzing spot based on described scanning configuration, if so, then triggers the operation that described scanning element continues to perform this analyzing spot of scanning, otherwise, terminate the scanning to this analyzing spot.
In the present invention, whether described scanning configuration also comprises carries out shielding the setting scanned for analyzing spot; Based on this, based on described scanning configuration, described scanning judging unit determines whether that carrying out scanning for this analyzing spot comprises: scan configuration in exist for this analyzing spot carry out shield scanning arranging time, determine not scan for this analyzing spot, otherwise, determine to scan for this analyzing spot.
In addition, in the present invention, as shown in Figure 4, this device also comprises: risk supervision unit, the 3rd acquiring unit and risk repair unit;
Wherein, risk supervision unit, during for risk being detected in the scanning process of described scanning element, determine whether this risk is the risk that high in the clouds has shielded, if not, then show this risk, if, then continue to trigger the scanning that described scanning element performs this analyzing spot, until the end of scan of this analyzing spot.
3rd acquiring unit, for after scanning process terminates, for each risk of showing, carries out the reparation logic of repairing for this risk from high in the clouds acquisition;
Risk repairs unit, for when the reparation logic obtained is the reparation logic of client this locality, use client local restore logic to repair this risk, when the reparation logic obtained is the reparation logic of high in the clouds setting, uses high in the clouds to repair logic and repair this risk.
So far, complete device provided by the invention to describe.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within the scope of protection of the invention.