Summary of the invention
In view of above-mentioned existing antivirus software can't effectively detect and defends unknown file, and the killing result affects limited problem, has proposed the present invention in order to a kind of fileinfo collection method and device that overcomes the problems referred to above or address the above problem at least in part is provided.
According to one aspect of the present invention, a kind of fileinfo collection method is provided, comprise: the corporate intranet Control Server obtains the file characteristic of file to be detected from terminal, and wherein, file to be detected is the file that increases newly in the terminal and/or has carried out the file of revising; Control Server judges whether the file characteristic of the normal executable file of storing in the file characteristic of file to be detected and the file characteristic database in the Control Server and the file characteristic of virus document mate; If the file characteristic of file to be detected does not all mate with the file characteristic of normal executable file and the file characteristic of described virus document, then Control Server determines that file to be detected is unknown file; Control Server returns the message that file to be detected is unknown file to terminal, and notification terminal is uploaded the fileinfo of unknown file; Control Server receives and the fileinfo of the unknown file that collection terminal is uploaded.
Alternatively, the file characteristic of file to be detected is to the MD5 value behind the file content use MD5 algorithm of file to be detected; Obtain from terminal at the corporate intranet Control Server before the step of file characteristic of file to be detected, also comprise: Control Server obtains the file content of normal executable file and the file content of virus document; Respectively the file content of normal executable file and the file content of virus document are used the MD5 algorithm, obtain the MD5 value of normal executable file and the MD5 value of virus document; The MD5 value of normal executable file is saved as the file characteristic of normal executable file, the MD5 value of virus document is saved as the file characteristic of virus document.
Alternatively, the Control Server step of obtaining the file characteristic of file to be detected from terminal comprises: the Control Server receiving terminal uses the MD5 value of the file to be detected of http protocol encapsulation.
Alternatively, Control Server receives and the step of the fileinfo of the unknown file that collection terminal is uploaded comprises: Control Server receives and the fileinfo of the unknown file that collection terminal is directly uploaded by the terminal backstage, wherein, the fileinfo of unknown file uses the http protocol encapsulation.
Alternatively, Control Server receive and the step of the fileinfo of the unknown file that collection terminal is uploaded after, also comprise: Control Server is analyzed the fileinfo of unknown file, determines whether unknown file is secure file; If determine that unknown file is not secure file, then record the MD5 value of unknown file, forbid the unknown file operation.
Alternatively, Control Server receives and the step of the fileinfo of the unknown file that collection terminal is uploaded comprises: Control Server receives and the MD5 value of the unknown file that collection terminal is uploaded, and following information one of at least: the ProductName under the digital signature of unknown file, fileversion number, filename, the unknown file, Production Version, the affiliated company's copyright information of unknown file.
Alternatively, the file that increases newly in the terminal is that terminal is by current all non-existent new files in corporate intranet all terminals that confirm, corporate intranet; The file that has carried out revising is that terminal is by current all non-existent amended files in corporate intranet all terminals that confirm, corporate intranet.
According to a further aspect in the invention, a kind of fileinfo gathering-device is provided, be arranged at the Control Server end of corporate intranet, this document information collection apparatus comprises: acquisition module, be used for obtaining from the terminal of corporate intranet the file characteristic of file to be detected, wherein, file to be detected is the file that increases newly in the terminal and/or has carried out the file of revising; Judge module, whether the file characteristic of the normal executable file of storing in the file characteristic database for the file characteristic of judging file to be detected and Control Server and the file characteristic of virus document mate; Determination module judges that the file characteristic of file to be detected and the file characteristic of normal executable file and the file characteristic of virus document all do not mate, and determine that then file to be detected is unknown file if be used for judge module; Collection module be used for returning the message that file to be detected is unknown file to terminal, and notification terminal is uploaded the fileinfo of unknown file; The fileinfo of the unknown file that reception and collection terminal are uploaded.
Alternatively, the file characteristic of file to be detected is to the MD5 value behind the file content use MD5 algorithm of file to be detected; This document information collection apparatus also comprises: preserve module, be used for obtaining the file content of normal executable file and the file content of virus document before acquisition module obtains the file characteristic of file to be detected from the terminal of corporate intranet; Respectively the file content of normal executable file and the file content of virus document are used the MD5 algorithm, obtain the MD5 value of normal executable file and the MD5 value of virus document; The MD5 value of normal executable file is saved as the file characteristic of normal executable file, the MD5 value of virus document is saved as the file characteristic of virus document.
Alternatively, acquisition module is used for obtaining the MD5 value that terminal is used the file to be detected of http protocol encapsulation from the terminal of corporate intranet.
Alternatively, collection module be used for returning the message that file to be detected is unknown file to terminal, and notification terminal is uploaded the fileinfo of unknown file; And, receive and the fileinfo of the unknown file that collection terminal is directly uploaded by the terminal backstage, wherein, the fileinfo of unknown file uses the http protocol encapsulation.
Alternatively, also comprise: analysis module, be used for collection module receive and the fileinfo of the unknown file that collection terminal is uploaded after, the fileinfo of unknown file is analyzed, determine whether unknown file is secure file; If determine that unknown file is not secure file, then record the MD5 value of unknown file, forbid the unknown file operation.
Alternatively, the fileinfo of the unknown file that collection module is collected comprises: the MD5 value of unknown file, and following information is one of at least: the ProductName under the digital signature of unknown file, fileversion number, filename, the unknown file, Production Version, the affiliated company's copyright information of unknown file.
Alternatively, the file that increases newly in the terminal is that terminal is by current all non-existent new files in corporate intranet all terminals that confirm, corporate intranet; The file that has carried out revising is that terminal is by current all non-existent amended files in corporate intranet all terminals that confirm, corporate intranet.
According to fileinfo collection scheme of the present invention, at the Control Server end of corporate intranet except the file characteristic (being virus characteristic) of preserving virus document, also preserve simultaneously the file characteristic of normal executable file, by these file characteristics, when the terminal of corporate intranet has increased file newly or file has been carried out modification, can these files to be detected of terminal be detected, when these file characteristics of preserving in the file characteristic of the file to be detected of terminal to report and the Control Server all do not mate, the file to be detected that terminal then is described is unknown file, at this moment, notification terminal also requires the fileinfo of terminal to report file to be detected, Control Server is by the fileinfo of this unknown file of content collecting of terminal to report, in order to carry out identification and the judgement of follow-up other terminal unknown file.Unknown file might be normal file, but more may be the file (such as the virus document etc. of distortion) that system is had harm, if unknown file information is not collected and then is carried out unknown file control according to existing scheme, then may be caused harm system and user's consequence; And by the solution of the present invention, by the collection to the fileinfo of unknown file, can understand the unknown file situation, and then the character of judgement unknown file, in time management and defence, the security that can greatly improve all terminals in the whole system reduces system safety hazards; And, the Control Server end can use the fileinfo of the unknown file of this collection, the file to be detected of follow-up other terminal is detected and judges, expand the unknown file impact of a terminal to whole system, further improved Security of the system, and unknown file detects and treatment effeciency.
Above-mentioned explanation only is the general introduction of technical solution of the present invention, for can clearer understanding technological means of the present invention, and can be implemented according to the content of instructions, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings in more detail.Although shown exemplary embodiment of the present disclosure in the accompanying drawing, yet should be appreciated that and to realize the disclosure and the embodiment that should do not set forth limits here with various forms.On the contrary, it is in order to understand the disclosure more thoroughly that these embodiment are provided, and can with the scope of the present disclosure complete convey to those skilled in the art.
Embodiment one
With reference to Fig. 1, show the flow chart of steps according to a kind of fileinfo collection method of the embodiment of the invention one.
The fileinfo collection method of present embodiment may further comprise the steps:
Step S102: the Control Server of corporate intranet obtains the file characteristic of file to be detected from the terminal of corporate intranet.
Wherein, file to be detected is the file that increases newly in the terminal and/or has carried out the file of revising.
The file that increases newly in the terminal may be the newly-increased file of the machine only, and may have the new file that also may all not have in other terminal in the corporate intranet; Also may be the new file for whole corporate intranet, that is, terminal be by current all non-existent new files in corporate intranet all terminals that confirm, corporate intranet.Equally, the file that has carried out revising may be the file that amended file only limits to the machine, and may have this amended file that also may all not have in other terminal in the corporate intranet; Also may be for whole corporate intranet carrying out the file of revising, that is, terminal is by current all non-existent amended files in corporate intranet all terminals that confirm, corporate intranet.Can determine whether there is corresponding file in other terminal by information interaction between the terminal.Like this, for whole corporate intranet, greatly reduced file data to be detected and because detect the information interaction amount that produces, improved detection efficiency.
When terminal had increased file newly or carried out file modification, terminal reported Control Server automatically with the file characteristic that this increases the file of file or modification newly, triggered the file characteristic that Control Server obtains the file to be detected of terminal.For example, in terminal, there is certain file to be modified, then triggers Control Server and obtain the fileinfo collection that this document carries out follow-up unknown file detection; Perhaps, when having copied file by third party device such as USB flash disk to terminal, then trigger Control Server and obtain the fileinfo collection that this document carries out follow-up unknown file detection; Perhaps, when initial terminal is carried out system's installation, trigger Control Server and obtain the file characteristic that all are fit into the file of terminal, and carry out the fileinfo collection that follow-up unknown file detects.But be not limited to this, in actual applications, those skilled in the art also can arrange suitable rule, when satisfying arrange regular, by the file characteristic of terminal to report or server active obtaining file to be detected.
File characteristic is the characteristic information of file, can reflect that a file is different from the characteristics of other file, can be used as the unique identification of file, as, by the MD5 value of fileinfo calculating, the digital signature of file, the version number of file, the ProductName under the file, the Production Version under the file, exabyte, company's copyright information even the whole file etc. under the file.
Step S104: Control Server judges whether the file characteristic of the normal executable file of storing in the file characteristic of file to be detected and the file characteristic database in the Control Server and the file characteristic of virus document mate.
Store simultaneously the file characteristic of normal executable file and the file characteristic of virus document (being virus characteristic) in the file characteristic database of Control Server, the above-mentioned file characteristic of storage can by the heap file data analysis of collecting is extracted, also can be collected storage by other appropriate ways.
Step S106: if the file characteristic of file to be detected does not all mate with the file characteristic of normal executable file and the file characteristic of virus document, then Control Server determines that file to be detected is unknown file.
Step S108: Control Server returns the message that file to be detected is unknown file to terminal, and notification terminal is uploaded the fileinfo of unknown file.
Step S110: Control Server receives and the fileinfo of the unknown file that collection terminal is uploaded.
Pass through present embodiment, at the Control Server end except the file characteristic (being virus characteristic) of preserving virus document, also preserve simultaneously the file characteristic of normal executable file, when the terminal of corporate intranet has increased file newly or file has been carried out modification, can these files to be detected of terminal be detected by these file characteristics, when these file characteristics of preserving in the file characteristic of the file to be detected of terminal to report and the Control Server all do not mate, the file to be detected that terminal then is described is unknown file, at this moment, notification terminal also requires the fileinfo of terminal to report file to be detected, Control Server is by the fileinfo of this unknown file of content collecting of terminal to report, in order to carry out identification and the judgement of follow-up other terminal unknown file.Unknown file might be normal file, but more may be the file (such as the virus document etc. of distortion) that system is had harm, if unknown file information is not collected and then is carried out unknown file control according to existing scheme, then may be caused harm system and user's consequence; And the scheme by present embodiment by the collection to the fileinfo of unknown file, can be understood the unknown file situation, and then the character of judgement unknown file, in time management and defence, the security that can greatly improve all terminals in the whole system reduces system safety hazards; And, the Control Server end can use the fileinfo of the unknown file of this collection, the file to be detected of follow-up other terminal is detected and judges, expand the unknown file impact of a terminal to whole system, further improved Security of the system, and unknown file detects and treatment effeciency.
Need to prove that fileinfo collection scheme of the present invention is except applicable to the corporate intranet scene, also applicable to the unit scene.Embodiment one is illustrated fileinfo collection scheme of the present invention from the corporate intranet scene, and hereinafter embodiment two is explained the present invention from the unit scene.
Embodiment two
With reference to Fig. 2, show the flow chart of steps according to a kind of fileinfo collection method of the embodiment of the invention two.
Present embodiment is explained fileinfo collection method of the present invention take the local antivirus software of unit as example.
The fileinfo collection method of present embodiment may further comprise the steps:
Step S202: the local antivirus software of corporate intranet terminal obtains the file characteristic of normal executable file and the file characteristic of virus document, and is saved in the file characteristic database of local antivirus software.
The corporate intranet terminal can be obtained the file characteristic of normal executable file and the file characteristic of virus document from the Control Server end of corporate intranet, also can be self-contained file characteristic, can also be file is carried out spanned file feature behind the collection analysis.
In the present embodiment, the file characteristic of normal executable file and the file characteristic of virus document all are the forms of MD5 value, and MD5 value information amount is little, is convenient to relative discern, and collision rate is low, can effectively distinguish each file characteristic.Certainly, other suitable file characteristic form is applicable too, such as the calculated value that draws by Secure Hash Algorithm such as Sha1.
Step S204: local antivirus software obtains the file characteristic of file to be detected.
When the corporate intranet terminal has increased file newly and/or carried out file modification, will trigger this step.File to be detected in the present embodiment is the file that increases newly in the terminal and/or has carried out the file of revising.
In the present embodiment, the form of the file characteristic of the file characteristic of file to be detected and the normal executable file of storage and the file characteristic of virus document is consistent, is the form of MD5 value.
Need to prove that when generating the MD5 value, the generation parameter of MD5 can suitably be chosen by those skilled in the art, such as filename, file size, feature vocabulary, file content etc.In the present embodiment, no matter be the MD5 value of file to be detected, or the MD5 value of the MD5 value of normal executable file and virus document all is to obtain after file content is used the MD5 algorithm.Use the MD5 algorithm to obtain the MD5 value to file content, can more effectively represent the file characteristic of file.In addition, the generating algorithm of file characteristic also is not limited to the MD5 algorithm, can also be for other appropriate algorithm, such as Secure Hash Algorithm such as Sha1.
Step S206: local antivirus software judges whether the file characteristic of the normal executable file of storing in the file characteristic of file to be detected and the file characteristic database and the file characteristic of virus document mate, if coupling, execution in step S208; If do not mate, execution in step S210.
Whether the MD5 value of the MD5 value of also namely, judging file to be detected and normal executable file or the MD5 value of virus document be consistent.
Step S208: according to matching result, determine that file to be detected is normal executable file or is virus document, if normal executable file is then let pass; If virus document then carries out checking and killing virus and processes, finish this flow process.
Step S210: local antivirus software determines that file to be detected is unknown file, collects the fileinfo of this unknown file.
As, collect the MD5 value of this unknown file, and following information is one of at least: the company's copyright information under the ProductName under the digital signature of this unknown file, fileversion number, filename, this unknown file, Production Version, this unknown file etc.
Step S212: local antivirus software is analyzed the fileinfo of this unknown file, determines whether this unknown file is secure file; If determine that this unknown file is not secure file, then record the MD5 value of this unknown file, forbid this unknown file operation; If determine that this unknown file is secure file, then let pass.
By present embodiment, realized that local antivirus software to detection and the defence of unknown file, has reduced the security risk of local system.
Embodiment three
With reference to Fig. 3, show the flow chart of steps according to a kind of fileinfo collection method of the embodiment of the invention three.
Present embodiment still is the fileinfo collection scheme under the corporate intranet scene, and present embodiment is explained fileinfo collection method of the present invention take the Control Server end antivirus software of corporate intranet as example.
The fileinfo collection method of present embodiment may further comprise the steps:
Step S302: the Control Server of corporate intranet obtains the file content of normal executable file and the file content of virus document.
Step S304: Control Server uses the MD5 algorithm to the file content of normal executable file and the file content of virus document respectively, obtains the MD5 value of normal executable file and the MD5 value of virus document.
Step S306: Control Server is saved to the MD5 value of the MD5 value of normal executable file and virus document in the file characteristic database of antivirus software of Control Server, respectively as the file characteristic of normal executable file and the file characteristic of virus document.
Step S308: the terminal of corporate intranet is found file to be detected, obtains the file content of file to be detected, to the file content use MD5 algorithm of file to be detected, obtains the MD5 value of file to be detected.
Wherein, file to be detected is the file that increases newly in the terminal and/or has carried out the file of revising.
Step S310: terminal uses http protocol that the MD5 value of file to be detected is packaged into message, sends to Control Server.
Such as, terminal the MD5 value of file to be detected is transmit a request to Control Server as the content of POST with http protocol.
Step S312: the Control Server receiving terminal uses the message of http protocol encapsulation, obtains the MD5 value of file to be detected from message.
Step S314: Control Server judges whether the MD5 value of the normal executable file of storing in the MD5 value of file to be detected and the file characteristic database and the MD5 value of virus document mate, if coupling, then execution in step S316; If do not mate, execution in step S318 then.
Step S316: Control Server is according to matching result, determines that file to be detected is normal executable file or is virus document, and to return file to be detected be normal executable file or be the message of virus document to terminal, finishes this flow process.
Terminal can be carried out follow-up processing according to message content after receiving the message that Control Server returns, such as killing virus or carry out file to be detected etc.
Step S318: Control Server determines that file to be detected is unknown file, return the message that file to be detected is unknown file to terminal, and notification terminal is uploaded the fileinfo of this unknown file.
Step S320: terminal use http protocol encapsulates the fileinfo of this unknown file, and directly is uploaded to Control Server by the terminal backstage.
As, terminal is uploaded the MD5 value of this unknown file, and following information one of at least: the company's copyright information under the ProductName under the digital signature of this unknown file, fileversion number, filename, this unknown file, Production Version, this unknown file etc.
In the present embodiment, terminal is the MD5 value of unknown file, and file digital signature, filename, fileversion number, ProductName, Production Version, the copyright(of company copyright information), send Control Server as the content of POST with http protocol.
Step S322: the Control Server receiving terminal is also preserved by the fileinfo of the unknown file that directly upload on the terminal backstage, returns to terminal and uploads success message.
Step S324: Control Server is analyzed the fileinfo of this unknown file, determines whether this unknown file is secure file; If be defined as secure file, notification terminal this unknown file of letting pass then; If determine not to be secure file, then record the MD5 value of this unknown file, notification terminal is forbidden this unknown file operation.
For example, terminal place computer inserts USB flash disk under user's subjective consciousness, has copied a file to the terminal of Intranet.At this time, terminal just can mail to Control Server to file characteristic does inquiry, when being unknown file, the Control Server judgement issues upload notifications to terminal, terminal just mails to Control Server to the fileinfo of this document so, Control Server will record the fileinfo of this document, in order to make reference to the keeper.As, realize the function of 360 privately owned clouds.360 privately owned clouds need to make up private database, and private database is used for clearance and the forbidding of all Intranet files of control, by fileinfo is analyzed, can determine to let pass or this forbids this document.
Pass through present embodiment, realized based on the antivirus software terminal of corporate intranet and the C/S framework of Control Server, terminal is done the inquiry of file by http protocol, Control Server passes through Query Result, unknown file is done upload notifications, and terminal sends the fileinfo of unknown file by next HTTP request.The scheme of present embodiment can be utilized the antivirus software terminal at corporate intranet, the file characteristic of the file that monitors (such as MD5 value of file), sending to Control Server identifies, when the Control Server qualification result for not being normal file, neither when virus, this document namely is unknown file, and Control Server is namely notified the antivirus software terminal information of presenting a paper, and the fileinfo of submission will be kept on the Control Server.Control Server can be controlled the file that all terminals are uploaded to be needed, the initiatively background scanning All Files of notification terminal of also having the ability, and unknown file submission Control Server.Compare any unknown file of the traditional forms of enterprises's not management and control of level antivirus software, intranet security risk and evidence obtaining all want relatively easy.
Embodiment four
With reference to Fig. 4, show the structured flowchart according to a kind of fileinfo gathering-device of the embodiment of the invention four.
The fileinfo gathering-device of present embodiment is arranged at the Control Server end of corporate intranet, this device comprises: acquisition module 402, be used for obtaining from the terminal of corporate intranet the file characteristic of file to be detected, wherein, file to be detected is the file that increases newly in the terminal and/or has carried out the file of revising; Judge module 404, whether the file characteristic of the normal executable file of storing in the file characteristic database for the file characteristic of judging file to be detected and Control Server and the file characteristic of virus document mate; Determination module 406 judges that the file characteristic of file to be detected and the file characteristic of normal executable file and the file characteristic of virus document all do not mate, and determine that then file to be detected is unknown file if be used for judge module 404; Collection module 408 be used for returning the message that file to be detected is unknown file to terminal, and notification terminal is uploaded the fileinfo of unknown file; The fileinfo of the unknown file that reception and collection terminal are uploaded.
Preferably, the file characteristic of file to be detected is to the MD5 value behind the file content use MD5 algorithm of file to be detected; The fileinfo gathering-device of present embodiment also comprises: preserve module 410, be used for obtaining the file content of normal executable file and the file content of virus document before acquisition module 402 obtains the file characteristic of file to be detected from terminal; Respectively the file content of normal executable file and the file content of virus document are used the MD5 algorithm, obtain the MD5 value of normal executable file and the MD5 value of virus document; The MD5 value of normal executable file is saved as the file characteristic of normal executable file, the MD5 value of virus document is saved as the file characteristic of virus document.
Preferably, acquisition module 402 is used for obtaining the MD5 value that terminal is used the file to be detected of http protocol encapsulation from the terminal of corporate intranet.
Preferably, collection module 408 be used for returning the message that file to be detected is unknown file to terminal, and notification terminal is uploaded the fileinfo of unknown file; And, receive and the fileinfo of the unknown file that collection terminal is directly uploaded by the terminal backstage, wherein, the fileinfo of unknown file uses the http protocol encapsulation.
Preferably, the fileinfo gathering-device of present embodiment also comprises: analysis module 412, be used for after collection module 408 is collected the fileinfo of unknown file, the fileinfo of unknown file being analyzed, and determine whether unknown file is secure file; If determine that unknown file is not secure file, then record the MD5 value of unknown file, forbid the unknown file operation.
Preferably, the fileinfo of the unknown file that collection module 408 is collected comprises the MD5 value of unknown file, and following information one of at least: the ProductName under the digital signature of unknown file, fileversion number, filename, the unknown file, Production Version, the affiliated company's copyright information of unknown file.
Preferably, the file that increases newly in the terminal is that terminal is by current all non-existent new files in corporate intranet all terminals that confirm, corporate intranet; The file that has carried out revising is that terminal is by current all non-existent amended files in corporate intranet all terminals that confirm, corporate intranet.
The fileinfo gathering-device of present embodiment is used for realizing the fileinfo collection method of the corresponding Control Server end of aforementioned a plurality of embodiment of the method, and the beneficial effect with corresponding embodiment of the method, does not repeat them here.
The fileinfo collection scheme of unknown file provided by the invention efficiently solves the problem that existing antivirus software can't effectively detect and defend unknown file, has realized detection and the defence of unknown file.In addition, Control Server is uploaded the mechanism of unknown file all in the enterprise in distributed antivirus software terminal, can realize more other application based on this function, the for example transmission of file evidence obtaining, to the automatic identifying system of unknown file, based on the unknown file quantitative proportion in the net and safety estimation system of the unknown file quantity in the computing machine etc.
Intrinsic not relevant with any certain computer, virtual system or miscellaneous equipment at this algorithm that provides.Various general-purpose systems also can be with using based on the teaching at this.According to top description, the desired structure of system that structure has the present invention program is apparent.In addition, the present invention is not also for any certain programmed language.Should be understood that and to utilize various programming languages to realize content of the present invention described here, and the top description that language-specific is done is in order to disclose preferred forms of the present invention.
In the instructions that provides herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can be put into practice in the situation of these details not having.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the description to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes in the above.Yet the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires the more feature of feature clearly put down in writing than institute in each claim.Or rather, as claims reflected, inventive aspect was to be less than all features of the disclosed single embodiment in front.Therefore, follow claims of embodiment and incorporate clearly thus this embodiment into, wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can adaptively change and they are arranged in one or more equipment different from this embodiment the module in the equipment among the embodiment.Can be combined into a module or unit or assembly to the module among the embodiment or unit or assembly, and can be divided into a plurality of submodules or subelement or sub-component to them in addition.In such feature and/or process or unit at least some are mutually repelling, and can adopt any combination to disclosed all features in this instructions (comprising claim, summary and the accompanying drawing followed) and so all processes or the unit of disclosed any method or equipment make up.Unless in addition clearly statement, disclosed each feature can be by providing identical, being equal to or the alternative features of similar purpose replaces in this instructions (comprising claim, summary and the accompanying drawing followed).
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature rather than further feature included among other embodiment, the combination of the feature of different embodiment means and is within the scope of the present invention and forms different embodiment.For example, in claims, the one of any of embodiment required for protection can be used with array mode arbitrarily.
All parts embodiment of the present invention can realize with hardware, perhaps realizes with the software module of moving at one or more processor, and perhaps the combination with them realizes.It will be understood by those of skill in the art that and to use in practice microprocessor or digital signal processor (DSP) to realize according to some or all some or repertoire of parts in the fileinfo collection scheme of the unknown file of the embodiment of the invention.The present invention can also be embodied as be used to part or all equipment or the device program (for example, computer program and computer program) of carrying out method as described herein.Such realization program of the present invention can be stored on the computer-readable medium, perhaps can have the form of one or more signal.Such signal can be downloaded from internet website and obtain, and perhaps provides at carrier signal, perhaps provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation of the scope that does not break away from claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed in element or step in the claim.Being positioned at word " " before the element or " one " does not get rid of and has a plurality of such elements.The present invention can realize by means of the hardware that includes some different elements and by means of the computing machine of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to come imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title with these word explanations.