CN102982121B - A kind of file scanning method, file scanning device and file detection system - Google Patents
A kind of file scanning method, file scanning device and file detection system Download PDFInfo
- Publication number
- CN102982121B CN102982121B CN201210451286.6A CN201210451286A CN102982121B CN 102982121 B CN102982121 B CN 102982121B CN 201210451286 A CN201210451286 A CN 201210451286A CN 102982121 B CN102982121 B CN 102982121B
- Authority
- CN
- China
- Prior art keywords
- file
- scanned
- characteristic information
- scanning
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000001514 detection method Methods 0.000 title claims abstract description 11
- 238000012986 modification Methods 0.000 claims description 61
- 230000004048 modification Effects 0.000 claims description 61
- 238000012544 monitoring process Methods 0.000 claims description 11
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000005259 measurement Methods 0.000 claims description 5
- 230000000977 initiatory effect Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 description 8
- 230000008859 change Effects 0.000 description 5
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 4
- 230000009471 action Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the invention discloses a kind of file scanning method, file scanning device and file detection system, again scan the long problem of required time to solve.Described a kind of file scanning method comprises: the current attribute information obtaining file to be scanned; Access local cache database, judges the characteristic information of scanning that whether there is described file to be scanned in described local cache database; If exist, then scanned characteristic information described in resolving and obtained scan attribute information, and described in judging, whether scan attribute information is consistent with described current attribute information; If consistent, then scan the current characteristic information of characteristic information as described file to be scanned described in reading; If inconsistent, then calculated the current characteristic information of described file to be scanned by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.The present invention obtains the time of identical file feature when can reduce scanning again, improve the speed of file scan.
Description
Technical field
The embodiment of the present invention relates to scanning technique field, is specifically related to a kind of file scanning method, file scanning device and file detection system.
Background technology
Along with popularizing of computing machine, service end and user side all need to scan the file in computing machine thus the Malwares such as Timeliness coverage virus.But when scanning, need a large amount of CPU computings and disk operating, the speed of the very long and influential system of scanning process.In the file of these scannings, many files are had to be all identical, the installation kit file etc. of the file of such as Windows, help file, compressed file and a lot of software.
When the above-mentioned file with same characteristic features being scanned in currently available technology, files all in first time meeting scan full hard disk computing machine, and all the elements of meeting scanning document, therefore for comprising the many files of content, its time expended when scanning is quite long, the resource taken is also quite a lot of, thus causes the time of first time scanning very long.And the scanning again after scanning for the first time also needs again to obtain these features, to such an extent as to sweep velocity is still very slow.
Summary of the invention
In view of the above problems, the present invention is proposed to provide a kind of overcoming the problems referred to above or a kind of file scanning method solved the problem at least in part, file scanning device and file detection system and corresponding file detection system.
According to an aspect of the present invention, provide a kind of file scanning method, comprising:
Obtain the current attribute information of file to be scanned;
Access local cache database, judges the characteristic information of scanning that whether there is file to be scanned in local cache database;
If exist, then resolve and scanned characteristic information and obtain scan attribute information, and judge that whether scan attribute information is consistent with current attribute information;
If consistent, then read and scanned the current characteristic information of characteristic information as file to be scanned; If inconsistent, then calculated the current characteristic information of file to be scanned by current attribute information, and stored in local cache database as the characteristic information of scanning scanned next time.
In the embodiment of the present invention, also comprise: if there is not the characteristic information of scanning of file to be scanned in local cache database, the current characteristic information of file to be scanned is then calculated by current attribute information, and stored in local cache database as the characteristic information of scanning scanned next time.
In the embodiment of the present invention, also comprise: monitor file to be scanned, when operation modified by file to be scanned, invalid flag is arranged to the characteristic information of scanning of file to be scanned in local cache database.
In the embodiment of the present invention, read before having scanned the current characteristic information of characteristic information as file to be scanned, also comprise: judge whether the characteristic information of scanning of file to be scanned comprises invalid flag, if do not comprise invalid flag, then read and scanned the current characteristic information of characteristic information as file to be scanned; If comprise invalid flag, then calculated the current characteristic information of file to be scanned by current attribute information, and stored in local cache database as the characteristic information of scanning scanned next time.
In the embodiment of the present invention, the current attribute information obtaining file to be scanned comprises:
Read the path of file to be scanned;
The current attribute information of file to be scanned is obtained according to the path of file to be scanned.
In the embodiment of the present invention, access local cache database comprises:
According to the coordinates measurement key assignments of file to be scanned, and according to key assignments access local cache database; Wherein, local cache database take key assignments as access index.
In the embodiment of the present invention, the current attribute information of file to be scanned comprises: the creation-time of the size of file, the last modification time of file and file;
The characteristic information of scanning of file to be scanned comprises: attribute information and eigenwert, eigenwert is calculated by attribute information.
According to a further aspect in the invention, provide a kind of file scanning device, comprising:
Attribute acquisition module, is suitable for the current attribute information obtaining file to be scanned;
Judge module, is suitable for accessing local cache database, judges the characteristic information of scanning that whether there is file to be scanned in local cache database; If exist, then resolve and scanned characteristic information and obtain scan attribute information, and judge that whether scan attribute information is consistent with current attribute information;
Read module, is suitable for when scan attribute information is consistent with current attribute information, reads and has scanned the current characteristic information of characteristic information as file to be scanned;
Computing module, be suitable for when scan attribute information and current attribute information inconsistent time, calculated the current characteristic information of file to be scanned by current attribute information, and stored in local cache database as the characteristic information of scanning scanned next time.
In the embodiment of the present invention, computing module is also suitable for: when there is not the characteristic information of scanning of file to be scanned in local cache database, the current characteristic information of file to be scanned is calculated by current attribute information, and stored in local cache database as the characteristic information of scanning scanned next time.
In the embodiment of the present invention, also comprise: monitoring module, be suitable for monitoring file to be scanned, when operation modified by file to be scanned, invalid flag is arranged to the characteristic information of scanning of file to be scanned in local cache database.
In the embodiment of the present invention, before judge module is also suitable for reading and scans the current characteristic information of characteristic information as file to be scanned, judge whether the characteristic information of scanning of file to be scanned comprises invalid flag;
When the characteristic information of scanning that read module is also suitable for file to be scanned does not comprise invalid flag, read and scanned the current characteristic information of characteristic information as file to be scanned;
When the characteristic information of scanning that computing module is also suitable for file to be scanned comprises invalid flag, calculated the current characteristic information of file to be scanned by current attribute information, and stored in local cache database as the characteristic information of scanning scanned next time.
In the embodiment of the present invention, attribute acquisition module comprises:
Path reading submodule, is suitable for the path of reading file to be scanned;
Acquisition of information submodule, is suitable for the current attribute information obtaining file to be scanned according to the path of file to be scanned.
In the embodiment of the present invention, the current attribute information of file to be scanned comprises: the creation-time of the size of file, the last modification time of file and file;
The characteristic information of scanning of file to be scanned comprises: attribute information and eigenwert, eigenwert is calculated by attribute information.
According to a further aspect in the invention, provide a kind of file detection system, comprising:
Main interface module, is suitable for initiating file scan operation to package module, and specifies file to be scanned;
Package module, is suitable for calling scan module;
Scan module, is suitable for scanning file to be scanned and the characteristic information of the described file to be scanned of calling data storehouse operational module acquisition;
Database operating modules, is suitable for the characteristic information reading described file to be scanned.
In the embodiment of the present invention, also comprise:
Driver module, is suitable for monitoring described file to be scanned, when operation modified by described file to be scanned, the file modification message comprising the retouching operation that described file to be scanned carries out is sent to described messenger service module;
Messenger service module, is suitable for the file modification message receiving the transmission of described driver module, and described file modification message is sent to described database operating modules;
Described database operating modules, is also suitable for the file modification message receiving the transmission of described messenger service module, and arranges invalid flag according to the database file that described file modification message is corresponding to this file.
Compared with prior art, the present invention includes following advantage:
First, the embodiment of the present invention is by access local cache database, judge the characteristic information of scanning that whether there is described file to be scanned in described local cache database, exist in local cache database file to be scanned the characteristic information of scanning and consistent with current attribute information time, the current characteristic information of characteristic information as described file to be scanned is scanned in direct reading cache data storehouse, and do not need again to calculate current characteristic information by current attribute information, thus when can reduce scanning again, obtain the time of identical file feature, substantially increase the speed of file scan, save system resource.
Secondly, even if do not exist in the embodiment of the present invention local cache database file to be scanned scan characteristic information or exist in local cache database file to be scanned the characteristic information of scanning and inconsistent with current attribute information time, calculated the current characteristic information of described file to be scanned by current attribute information when present scan, and stored in described local cache database as the characteristic information of scanning scanned next time, when like this this file being scanned again, just directly can find the characteristic information of this file from cache database, the progress again scanned can be accelerated.
Finally, the described file to be scanned of embodiment of the present invention monitoring, when operation modified by described file to be scanned, arranges invalid flag to the characteristic information of scanning of file to be scanned in described local cache database.That is, once file there occurs retouching operation, such as, write operation or attribute are revised, just an invalid flag is arranged to the characteristic information of scanning of the file to be scanned stored in local cache database, represent this and scanned characteristic information and lost efficacy, when carrying out next time scanning, need the current characteristic information being recalculated described file to be scanned by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.Avoid that file content changes and the size of file is identical, and the creation-time of the last modification time of file and file is when also changing into identical, if only judge that scan attribute information is consistent with current attribute information, just in direct reading cache data storehouse, scan the faulty operation of characteristic information as the current characteristic information of described file to be scanned.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of instructions, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows a kind of according to an embodiment of the invention process flow diagram of file scanning method;
Fig. 2 shows the process flow diagram of another kind of according to an embodiment of the invention file scanning method;
Fig. 3 shows a kind of according to an embodiment of the invention structured flowchart of file scanning device;
Fig. 4 shows the structured flowchart of another kind of according to an embodiment of the invention file scanning device;
Fig. 5 shows a kind of according to an embodiment of the invention structured flowchart of file detection system.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
The embodiment of the present invention can be applied in the scanning engine of wooden horse cloud killing, and this engine can use in conjunction with the product that safety is relevant, comprises antivirus software, and Active Defending System Against utilizes in server killing related software with other.The embodiment of the present invention can be applied to computer system/server, and it can operate with other universal or special computing system environment numerous or together with configuring.The example of the well-known computing system being suitable for using together with computer system/server, environment and/or configuration includes but not limited to: personal computer system, server computer system, thin client, thick client computer, hand-held or laptop devices, system based on microprocessor, Set Top Box, programmable consumer electronics, NetPC Network PC, minicomputer system, large computer system and comprise the distributed cloud computing technology environment of above-mentioned any system, etc.
Computer system/server can describe under the general linguistic context of the computer system executable instruction (such as program module) performed by computer system.Usually, program module can comprise routine, program, target program, assembly, logic, data structure etc., and they perform specific task or realize specific abstract data type.Computer system/server can be implemented in distributed cloud computing environment, and in distributed cloud computing environment, task is performed by the remote processing devices by communication network links.In distributed cloud computing environment, program module can be positioned at and comprise on the Local or Remote computing system storage medium of memory device.
Embodiment one:
With reference to Fig. 1, show the process flow diagram of a kind of file scanning method of the embodiment of the present invention, the present embodiment specifically can comprise the following steps:
S101, obtains the current attribute information of file to be scanned.
The current attribute information obtaining file to be scanned described in the present embodiment comprises:
Read the path of file to be scanned;
The current attribute information of file to be scanned is obtained according to the path of described file to be scanned.
Particularly, first by traversal file directory to be scanned, the path of file to be scanned can be extracted from described file directory to be scanned; Secondly file to be scanned can be found by the path of file to be scanned; Finally read the current attribute information of file to be scanned.In the present embodiment, the current attribute information of file to be scanned comprises: the creation-time of the size of file, the last modification time of file and file.
Such as, the path of file to be scanned be C: programfiles msngamingzone windows rvsezm.exe, according to this path, just can find file rvsezm.exe to be scanned from C dish, then the current attribute information of file to be scanned is read, specifically comprise the size of file: the last modification time of 41.5KB, file: on August 10th, 2009, the creation-time of 10:11:21 and/or file: on August 17th, 2004,20:00:00.
S102, access local cache database.
The characteristic information of scanning document is preserved in local cache database, concrete, described characteristic information comprises attribute information and eigenwert, attribute information comprises the size of above-mentioned file, the last modification time of file and the creation-time of file, eigenwert is calculated by attribute information, such as by the size of file, the last modification time of file and the creation-time of file calculate md5-challenge (MD5 in full, message-digestalgorithm5), Secure Hash Algorithm (SHA1 in full, the eigenwert such as SecureHashAlgorithm).
According to the coordinates measurement key assignments of described file to be scanned, and local cache database can be accessed according to described key assignments in the present embodiment; Wherein, described local cache database take key assignments as access index.
It should be noted that, in file scan process, obtaining eigenwert is a very important step.Need the level of security judging file according to described eigenwert afterwards.
S103, judges the characteristic information of scanning that whether there is described file to be scanned in described local cache database.
According to the description in step S102, the characteristic information of scanning document is preserved in local cache database, the implication of scanning document carries out overscanning before being in the present embodiment, for file to be scanned, it also likely carried out overscanning before this scanning, for this scanning, this file is file to be scanned, and for scanning next time, this file is scanning document.
Need the characteristic information of scanning judging whether to exist in local cache database this file to be scanned in step s 103, if there is the characteristic information of scanning of this file to be scanned in local cache database, illustrate that this file carried out overscanning before this scanning, this time scanning is for again to scan, and has scanned characteristic information and obtain scan attribute information described in execution step S104 resolves; If there is not the characteristic information of scanning of this file to be scanned in local cache database, illustrate that this file to be scanned did not carry out overscanning before this scanning, this time scanning is first time scanning, perform step S107 calculates described file to be scanned current characteristic information by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.The characteristic information that the file of such first time scanning calculates just is stored into cache database has suffered as having scanned characteristic information, time this file scans again, just can find the characteristic information of scanning of this file from cache database.
S104, when there is the characteristic information of scanning of described file to be scanned in local cache database, having scanned characteristic information and having obtained scan attribute information described in parsing.
Characteristic information comprises attribute information and eigenwert, resolve in step S104 and scanned characteristic information and just can obtain scan attribute information, the namely creation-time of the size of file, the last modification time of file and file, these scan attribute information be stored in cache database.
S105, described in judgement, whether scan attribute information is consistent with described current attribute information, if unanimously, performs step S106, if inconsistent, then performs step S107.
The information of scan attribute obtained in the current attribute information of the file to be scanned obtained in step S101 and step S104 is compared, judge above-mentioned current attribute information and whether scan attribute information is consistent, particularly, judge that whether the size of the file that above-mentioned current attribute information and scan attribute packets of information contain is consistent, whether the last modification time of file creation-time that is whether consistent, file is consistent.Only have the last modification time of the size of above-mentioned file, file all consistent with the creation-time three of file, just judge that scan attribute information is consistent with current attribute information, as long as above-mentioned three has one inconsistent, all judge that scan attribute information and current attribute information are inconsistent.
S106, has scanned the current characteristic information of characteristic information as described file to be scanned described in reading.
For example: scan A .exe file also obtains MD5 in full.
First time, when scanning, needs the content of complete reading A.exe, then calculates the MD5 of A.exe file content, and stored in database.
When second time scans, if the last modification time of the file size of A.exe, file, file creation time do not change, and not there is write operation in file, the so direct MD5 value obtaining A.exe from database.
When the described information of scan attribute is consistent with described current attribute information time, the current characteristic information of characteristic information as described file to be scanned is scanned in direct reading cache data storehouse, and do not need the calculating being re-started eigenwert again by current attribute information, save the time obtaining eigenwert, thus the time saved needed for file scan, and then accelerate the speed of file scan.
S107, calculates the current characteristic information of described file to be scanned by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.
When the described information of scan attribute and described current attribute information inconsistent time, illustrate that this file is probably revised, therefore the current characteristic information of characteristic information as described file to be scanned can not be scanned directly in reading cache data storehouse, and need the current characteristic information being calculated described file to be scanned by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.
Certainly, if judge the characteristic information of scanning that there is not described file to be scanned in local cache database in step S103, also the current characteristic information being calculated described file to be scanned by described current attribute information is needed, and stored in described local cache database as the characteristic information of scanning scanned next time.
First, the present embodiment is by access local cache database, judge the characteristic information of scanning that whether there is described file to be scanned in described local cache database, exist in local cache database file to be scanned the characteristic information of scanning and consistent with current attribute information time, the current characteristic information of characteristic information as described file to be scanned is scanned in direct reading cache data storehouse, and do not need again to calculate current characteristic information by current attribute information, thus when can reduce scanning again, obtain the time of identical file feature, substantially increase the speed of file scan, do not need again from the full content of disk file reading, thus save the system resources consumption that repetitive read-write disk file brings.Secondly, even if do not exist in the present embodiment local cache database file to be scanned scan characteristic information or exist in local cache database file to be scanned the characteristic information of scanning and inconsistent with current attribute information time, calculated the current characteristic information of described file to be scanned by current attribute information when present scan, and stored in described local cache database as the characteristic information of scanning scanned next time, when like this this file being scanned again, just directly can find the characteristic information of this file from cache database, the progress again scanned can be accelerated.
It should be noted that, for aforesaid embodiment of the method, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the application is not by the restriction of described sequence of movement, because according to the application, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in instructions all belongs to preferred embodiment, and involved action might not be that the application is necessary.
Embodiment two:
With reference to Fig. 2, show the process flow diagram of a kind of file scanning method of the embodiment of the present invention, the present embodiment specifically can comprise the following steps:
S201, obtains the current attribute information of file to be scanned.
In the present embodiment, by traversal file directory to be scanned, the path of file to be scanned can be extracted from described file directory to be scanned.Then can find file to be scanned by the path of file to be scanned, then read the current attribute information of file to be scanned.In the present embodiment, the current attribute information of file to be scanned comprises: the creation-time of the size of file, the last modification time of file and file.
Such as, the path of file to be scanned be C: programfiles msngamingzone windows rvsezm.exe, according to this path, just can find file rvsezm.exe to be scanned from C dish, then the current attribute information of file to be scanned is read, specifically comprise the size of file: the last modification time of 41.5KB, file: on August 10th, 2009, the creation-time of 10:11:21 and/or file: on August 17th, 2004,20:00:00.
S202, access local cache database.
The characteristic information of scanning document is preserved in local cache data, concrete, described characteristic information comprises attribute information and eigenwert, attribute information comprises the creation-time of the size of above-mentioned file, the last modification time of file and file, eigenwert is calculated by attribute information, such as calculate the eigenwerts such as full text MD5, SHA1 by the creation-time of the size of file, the last modification time of file and file.
According to the coordinates measurement key assignments of described file to be scanned, and local cache database can be accessed according to described key assignments in the present embodiment; Wherein, described local cache database take key assignments as access index.
S203, judges the characteristic information of scanning that whether there is described file to be scanned in described local cache database, if exist, then performs step S204, if do not exist, then performs step S208.
According to the description in step S202, the characteristic information of scanning document is preserved in local cache database, the implication of scanning document carries out overscanning before being in the present embodiment, for file to be scanned, it also likely carried out overscanning before this scanning, for this scanning, this file is file to be scanned, and for scanning next time, this file is scanning document.
The characteristic information of scanning judging whether to exist in local cache database this file to be scanned is needed in step S203, if there is the characteristic information of scanning of this file to be scanned in local cache database, illustrate that this file carried out overscanning before this scanning, scanned characteristic information described in execution step S204 resolves and obtained scan attribute information; If there is not the characteristic information of scanning of this file to be scanned in local cache database, illustrate that this file to be scanned did not carry out overscanning before this scanning, perform step S207 calculates described file to be scanned current characteristic information by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.The characteristic information that the file of such first time scanning calculates just is stored into cache database has suffered as having scanned characteristic information, time this file scans again, just can find the characteristic information of scanning of this file from cache database.
S204, has scanned characteristic information and has obtained scan attribute information described in parsing.
Scan characteristic information and comprise attribute information and eigenwert, resolve in step S204 and scanned characteristic information and just can obtain scan attribute information, the namely creation-time of the size of file, the last modification time of file and file, these scan attribute information be stored in cache database.
S205, described in judgement, whether scan attribute information is consistent with described current attribute information, if unanimously, performs step S206, if inconsistent, then performs step S208.
The information of scan attribute obtained in the current attribute information of the file to be scanned obtained in step S201 and step S204 is compared, judge above-mentioned current attribute information and whether scan attribute information is consistent, particularly, judge that whether the size of the file that above-mentioned current attribute information and scan attribute packets of information contain is consistent, whether the last modification time of file creation-time that is whether consistent, file is consistent.Only have the last modification time of the size of above-mentioned file, file all consistent with the creation-time three of file, just judge that scan attribute information is consistent with current attribute information, as long as above-mentioned three has one inconsistent, all judge that scan attribute information and current attribute information are inconsistent.
S206, judges whether the characteristic information of scanning of described file to be scanned comprises invalid flag, if do not comprise invalid flag, then performs step S207, if comprise invalid flag, then performs step S208.
It should be noted that, even if judge in step S205 that the make peace creation-time of file of the last modification time one that is in the same size, file of the file that scan attribute information contains with described current attribute packets of information is all consistent, can not determine that file did not carry out amendment.Because the creation-time of the last modification time of file and file can be revised, if file content changes and the size of file is identical, and the creation-time of the last modification time of file and file also changes into identical, the result that scan attribute information is consistent with described current attribute information will be obtained in step S205, and clearly file content there occurs change, therefore the described file to be scanned of the present embodiment monitoring, when operation modified by described file to be scanned, invalid flag is arranged to the characteristic information of scanning of file to be scanned in described local cache database.That is, once file there occurs retouching operation, such as, write operation or attribute are revised, just an invalid flag is arranged to the characteristic information of scanning of the file to be scanned stored in local cache database, represent this to have scanned characteristic information and lost efficacy, when carrying out next time scanning, need to perform step S208, the current characteristic information of described file to be scanned is recalculated by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.
S207, has scanned the current characteristic information of characteristic information as described file to be scanned described in reading.
When the described information of scan attribute is consistent with described current attribute information, and file to be scanned scan characteristic information when not comprising invalid flag, the current characteristic information of characteristic information as described file to be scanned is scanned in direct reading cache data storehouse, and do not need the calculating being re-started eigenwert again by current attribute information, save the time obtaining eigenwert, wherein the content description information such as file characteristic value only accounts for a very little part for whole file, when user side scanning document content description information part, the spent time is far smaller than the time scanning whole file, thus the time saved needed for file scan, and then accelerate the speed of file scan.
S208, calculates the current characteristic information of described file to be scanned by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.
When the described information of scan attribute and described current attribute information inconsistent, or file to be scanned scan characteristic information when comprising invalid flag, illustrate that this file has carried out retouching operation, therefore the current characteristic information of characteristic information as described file to be scanned can not be scanned directly in reading cache data storehouse, and need the current characteristic information being calculated described file to be scanned by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.
Certainly, if judge the characteristic information of scanning that there is not described file to be scanned in local cache database in step S203, also the current characteristic information being calculated described file to be scanned by described current attribute information is needed, and stored in described local cache database as the characteristic information of scanning scanned next time.
It should be noted that, even if judge in step S205 that the make peace creation-time of file of the last modification time one that is in the same size, file of the file that scan attribute information contains with described current attribute packets of information is all consistent, can not determine that file did not carry out amendment.Because the creation-time of the last modification time of file and file can be revised, if file content changes and the size of file is identical, and the creation-time of the last modification time of file and file also changes into identical, will obtain the result that scan attribute information is consistent with described current attribute information in step S205, and clearly file content there occurs change.
Therefore on the basis of embodiment one, the present embodiment two monitors described file to be scanned, when operation modified by described file to be scanned, arranges invalid flag to the characteristic information of scanning of file to be scanned in described local cache database.That is, once file there occurs retouching operation, such as, write operation or attribute are revised, just an invalid flag is arranged to the characteristic information of scanning of the file to be scanned stored in local cache database, represent this to have scanned characteristic information and lost efficacy, when carrying out next time scanning, need to perform step S208 recalculates described file to be scanned current characteristic information by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.Avoid that file content changes and the size of file is identical, and the creation-time of the last modification time of file and file is when also changing into identical, if only judge that scan attribute information is consistent with current attribute information, just in direct reading cache data storehouse, scan the faulty operation of characteristic information as the current characteristic information of described file to be scanned.
It should be noted that, for aforesaid embodiment of the method, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the application is not by the restriction of described sequence of movement, because according to the application, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in instructions all belongs to preferred embodiment, and involved action might not be that the application is necessary.
Embodiment three:
With reference to Fig. 3, show the structured flowchart of a kind of file scanning device of the embodiment of the present invention, the present embodiment specifically can comprise with lower module:
Attribute acquisition module 301, is suitable for the current attribute information obtaining file to be scanned.
In the present embodiment, above-mentioned attribute acquisition module 301 comprises:
Path reading submodule, is suitable for the path of reading file to be scanned;
Acquisition of information submodule, is suitable for the current attribute information obtaining file to be scanned according to the path of described file to be scanned.
Particularly, path reading submodule can by traversal file directory to be scanned, the path of file to be scanned is extracted from described file directory to be scanned, then acquisition of information submodule can find file to be scanned by the path of file to be scanned, then reads the current attribute information of file to be scanned.In the present embodiment, the current attribute information of file to be scanned comprises: the creation-time of the size of file, the last modification time of file and file.
Such as, the path of the file to be scanned that path reading submodule obtains be C: programfiles msngamingzone windows rvsezm.exe, acquisition of information submodule is according to this path, just can find file rvsezm.exe to be scanned from C dish, then the current attribute information of file to be scanned is read, specifically comprise the size of file: the last modification time of 41.5KB, file: on August 10th, 2009, the creation-time of 10:11:21 and/or file: on August 17th, 2004,20:00:00.
Judge module 302, is suitable for accessing local cache database, judges the characteristic information of scanning that whether there is described file to be scanned in described local cache database; If exist, then scanned characteristic information described in resolving and obtained scan attribute information, and described in judging, whether scan attribute information is consistent with described current attribute information.
The characteristic information of scanning document is preserved in local cache data, concrete, described characteristic information comprises attribute information and eigenwert, attribute information comprises the creation-time of the size of above-mentioned file, the last modification time of file and file, eigenwert is calculated by attribute information, such as calculate the eigenwerts such as full text MD5, SHA1 by the creation-time of the size of file, the last modification time of file and file.
The implication of scanning document carries out overscanning before being in the present embodiment, for file to be scanned, it also likely carried out overscanning before this scanning, and for this scanning, this file is file to be scanned, and for scanning next time, this file is scanning document.
Judge module 302 needs the characteristic information of scanning judging whether to exist in local cache database this file to be scanned, if there is the characteristic information of scanning of this file to be scanned in local cache database, illustrate that this file carried out overscanning before this scanning, therefore scanned characteristic information described in resolving and obtained scan attribute information, and described in judging, whether scan attribute information is consistent with described current attribute information; If consistent, then enter read module 303, if inconsistent, then enter computing module 304.
In the present embodiment, the characteristic information of scanning of file to be scanned comprises: attribute information and eigenwert, described eigenwert is calculated by described attribute information.Judge module 302 is resolved and is scanned characteristic information and just can obtain scan attribute information, namely can obtain the size of file, the last modification time of file and the creation-time of file, these scan attribute information be stored in cache database.
The information of scan attribute that the current attribute information of the file to be scanned that attribute acquisition module 301 obtains by judge module 302 and access local cache database obtain is compared, judge above-mentioned current attribute information and whether scan attribute information is consistent, particularly, judge that whether the size of the file that above-mentioned current attribute information and scan attribute packets of information contain is consistent, whether the last modification time of file creation-time that is whether consistent, file is consistent.Only have the last modification time of the size of above-mentioned file, file all consistent with the creation-time three of file, just judge that scan attribute information is consistent with current attribute information, as long as above-mentioned three has one inconsistent, all judge that scan attribute information and current attribute information are inconsistent.
Read module 303, is suitable for, when the described information of scan attribute is consistent with described current attribute information, having scanned the current characteristic information of characteristic information as described file to be scanned described in reading.
Read module 303 is when the described information of scan attribute is consistent with described current attribute information time, the current characteristic information of characteristic information as described file to be scanned is scanned in direct reading cache data storehouse, and do not need the calculating being re-started eigenwert again by current attribute information, save the time obtaining eigenwert, thus the time saved needed for file scan, and then accelerate the speed of file scan.
Computing module 304, be suitable for when the described information of scan attribute and described current attribute information inconsistent time, the current characteristic information of described file to be scanned is calculated by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.
When the described information of scan attribute and described current attribute information inconsistent time, illustrate that this file is probably revised, therefore the current characteristic information of characteristic information as described file to be scanned can not be scanned directly in reading cache data storehouse, and need the current characteristic information being calculated described file to be scanned by computing module 304, and stored in described local cache database as the characteristic information of scanning scanned next time.The characteristic information that the file of such first time scanning calculates just is stored into cache database has suffered as having scanned characteristic information, time this file carries out after carrying out scanning again, just can find the characteristic information of scanning of this file from cache database.
In a preferred embodiment of the present embodiment, above-mentioned computing module 304 is also suitable for when there is not the characteristic information of scanning of described file to be scanned in described local cache database, the current characteristic information of described file to be scanned is calculated by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.
Certainly, if judge module 302 judges the characteristic information of scanning that there is not described file to be scanned in local cache database, also the current characteristic information being calculated described file to be scanned by computing module 304 is needed, and stored in described local cache database as the characteristic information of scanning scanned next time.
For device embodiment, due to itself and embodiment of the method basic simlarity, so description is fairly simple, relevant part illustrates see the part of Fig. 1 embodiment of the method.
Embodiment four:
With reference to Fig. 4, show the structured flowchart of the another kind of file scanning device of the embodiment of the present invention, the present embodiment specifically can comprise with lower module:
Attribute acquisition module 401, is suitable for the current attribute information obtaining file to be scanned.
In the present embodiment, above-mentioned attribute acquisition module 401 comprises:
Path reading submodule, is suitable for the path of reading file to be scanned;
Acquisition of information submodule, is suitable for the current attribute information obtaining file to be scanned according to the path of described file to be scanned.
Particularly, path reading submodule can by traversal file directory to be scanned, the path of file to be scanned is extracted from described file directory to be scanned, then acquisition of information submodule can find file to be scanned by the path of file to be scanned, then reads the current attribute information of file to be scanned.In the present embodiment, the current attribute information of file to be scanned comprises: the creation-time of the size of file, the last modification time of file and file.
Such as, the path of the file to be scanned that path reading submodule obtains be C: programfiles msngamingzone windows rvsezm.exe, acquisition of information submodule is according to this path, just can find file rvsezm.exe to be scanned from C dish, then the current attribute information of file to be scanned is read, specifically comprise the size of file: the last modification time of 41.5KB, file: on August 10th, 2009, the creation-time of 10:11:21 and/or file: on August 17th, 2004,20:00:00.
Judge module 402, is suitable for accessing local cache database, judges the characteristic information of scanning that whether there is described file to be scanned in described local cache database; If exist, then scanned characteristic information described in resolving and obtained scan attribute information, and described in judging, whether scan attribute information is consistent with described current attribute information.
The characteristic information of scanning document is preserved in local cache data, concrete, described characteristic information comprises attribute information and eigenwert, attribute information comprises the creation-time of the size of above-mentioned file, the last modification time of file and file, eigenwert is calculated by attribute information, such as calculate the eigenwerts such as full text MD5, SHA1 by the creation-time of the size of file, the last modification time of file and file.
Above-mentioned judge module 402 is by following submodule access local cache database: key assignments generates submodule, is suitable for the coordinates measurement key assignments according to described file to be scanned;
Key assignments access submodule, is suitable for according to described key assignments access local cache database;
Wherein, described local cache database take key assignments as access index.
The implication of scanning document carries out overscanning before being in the present embodiment, for file to be scanned, it also likely carried out overscanning before this scanning, and for this scanning, this file is file to be scanned, and for scanning next time, this file is scanning document.
Judge module 402 needs the characteristic information of scanning judging whether to exist in local cache database this file to be scanned, if there is the characteristic information of scanning of this file to be scanned in local cache database, illustrate that this file carried out overscanning before this scanning, therefore scanned characteristic information described in resolving and obtained scan attribute information, and described in judging, whether scan attribute information is consistent with described current attribute information; If consistent, then enter read module 403, if inconsistent, then enter computing module 404.If certainly there is not the characteristic information of scanning of this file to be scanned in local cache database, illustrate that this file to be scanned did not carry out overscanning before this scanning, also computing module 404 calculates described file to be scanned current characteristic information by described current attribute information is entered, and stored in described local cache database as the characteristic information of scanning scanned next time.The characteristic information that the file of such first time scanning calculates just is stored into cache database has suffered as having scanned characteristic information, time this file scans again, just can find the characteristic information of scanning of this file from cache database.
In the present embodiment, the characteristic information of scanning of file to be scanned comprises: attribute information and eigenwert, described eigenwert is calculated by described attribute information.Judge module 402 is resolved and is scanned characteristic information and just can obtain scan attribute information, the namely creation-time of the size of file, the last modification time of file and file, these scan attribute information be stored in cache database.
The information of scan attribute that the current attribute information of the file to be scanned that attribute acquisition module 401 obtains by judge module 402 and access local cache database obtain is compared, judge above-mentioned current attribute information and whether scan attribute information is consistent, particularly, judge that whether the size of the file that above-mentioned current attribute information and scan attribute packets of information contain is consistent, whether the last modification time of file creation-time that is whether consistent, file is consistent.Only have the last modification time of the size of above-mentioned file, file all consistent with the creation-time three of file, just judge that scan attribute information is consistent with current attribute information, as long as above-mentioned three has one inconsistent, all judge that scan attribute information and current attribute information are inconsistent.
It should be noted that, even if judge module 402 judges the last modification time one that is in the same size, file of the file that scan attribute information contains with described current attribute packets of information, the make peace creation-time of file is all consistent, can not determine that file did not carry out amendment.Because the creation-time of the last modification time of file and file can be revised, if file content changes and the size of file is identical, and the creation-time of the last modification time of file and file also changes into identical, will obtain the result that scan attribute information is consistent with described current attribute information in judge module 402, and clearly file content there occurs change.
Therefore described in the present embodiment, device also comprises:
Monitoring module 405, is suitable for monitoring described file to be scanned, when operation modified by described file to be scanned, arranges invalid flag to the characteristic information of scanning of file to be scanned in described local cache database.
The described file to be scanned of monitoring module monitoring, when operation modified by described file to be scanned, arranges invalid flag to the characteristic information of scanning of file to be scanned in described local cache database.That is, once file there occurs retouching operation, such as, write operation or attribute are revised, just an invalid flag is arranged to the characteristic information of scanning of the file to be scanned stored in local cache database, represent this to have scanned characteristic information and lost efficacy, when carrying out next time scanning, need to enter computing module 404, the current characteristic information of described file to be scanned is recalculated by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.
Accordingly, described judge module 402, before being also suitable for reading and scanning the current characteristic information of characteristic information as described file to be scanned, judges whether the characteristic information of scanning of described file to be scanned comprises invalid flag.
Read module 403, when the characteristic information of scanning being also suitable for described file to be scanned does not comprise invalid flag, has scanned the current characteristic information of characteristic information as described file to be scanned described in reading.
When described judge module 402 judges that scan attribute information is consistent with described current attribute information, and file to be scanned scan characteristic information when not comprising invalid flag, the current characteristic information of characteristic information as described file to be scanned is scanned in direct reading cache data storehouse, and do not need the calculating being re-started eigenwert again by current attribute information, save the time obtaining eigenwert, thus the time saved needed for file scan, and then accelerate the speed of file scan.
Computing module 404, when the characteristic information of scanning being also suitable for described file to be scanned comprises invalid flag, the current characteristic information of described file to be scanned is calculated by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.
When the described information of scan attribute and described current attribute information inconsistent, or file to be scanned scan characteristic information when comprising invalid flag, illustrate that this file has carried out retouching operation, therefore the current characteristic information of characteristic information as described file to be scanned can not be scanned directly in reading cache data storehouse, and need the current characteristic information being calculated described file to be scanned by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.The characteristic information that the file of such first time scanning calculates just is stored into cache database has suffered as having scanned characteristic information, time this file carries out after carrying out scanning again, just can find the characteristic information of scanning of this file from cache database.
Certainly, if judge module 402 judges the characteristic information of scanning that there is not described file to be scanned in local cache database, also the current characteristic information being calculated described file to be scanned by computing module 404 is needed, and stored in described local cache database as the characteristic information of scanning scanned next time.
For device embodiment, due to itself and embodiment of the method basic simlarity, so description is fairly simple, relevant part illustrates see the part of Fig. 2 embodiment of the method.
Embodiment five:
With reference to Fig. 5, show the structured flowchart of a kind of file detection system of the embodiment of the present invention, the present embodiment specifically can comprise with lower module:
Main interface module 501, is suitable for initiating file scan operation to package module, and specifies file to be scanned;
The file to be scanned that main interface module 501 is specified in the present embodiment can be a file, also can be multiple file.
Package module 502, is suitable for calling scan module;
Scan module 503, is suitable for scanning file to be scanned and the characteristic information of the described file to be scanned of calling data storehouse operational module acquisition;
Scan module 503 can calling data storehouse operational module 504 in the present embodiment, and database operating modules 504 obtains the characteristic information of described file to be scanned.
Database operating modules 504, is suitable for the characteristic information reading described file to be scanned.
In a preferred embodiment of the present embodiment, described file detection system also comprises:
Driver module 505, is suitable for monitoring described file to be scanned, when operation modified by described file to be scanned, the file modification message comprising the retouching operation that described file to be scanned carries out is sent to described messenger service module;
Messenger service module 506, is suitable for the file modification message receiving the transmission of described driver module, and described file modification message is sent to described database operating modules;
During specific implementation, messenger service module 506 can be called and drive calling module (Fig. 5 is not shown) to carry out calling driver module 505 and obtain file modification message.
Described database operating modules 504, is also suitable for the file modification message receiving the transmission of described messenger service module, and arranges invalid flag according to the database file that described file modification message is corresponding to this file.
After described database operating modules 504 arranges invalid flag according to the database file that described file modification message is corresponding to this file, scan module 503 successfully cannot obtain the characteristic information of described file to be scanned, because now the characteristic information of file to be scanned lost efficacy, need to recalculate characteristic information, the associated description of device embodiment that can be shown in Figure 4.
For system embodiment, due to itself and device embodiment basic simlarity, so description is fairly simple, relevant part illustrates see the part of Fig. 4 device embodiment.
Each embodiment in this instructions all adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar part mutually see.
Those skilled in the art are easy to it is envisioned that: the combination in any application of each embodiment above-mentioned is all feasible, therefore the combination in any between each embodiment above-mentioned is all the embodiment of the application, but this instructions does not just detail one by one at this as space is limited.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In instructions provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary array mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the some or all parts in the file scanning device of the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.
Claims (11)
1. a file scanning method, comprising:
Obtain the current attribute information of file to be scanned;
Access local cache database, judges the characteristic information of scanning that whether there is described file to be scanned in described local cache database;
If exist, then scanned characteristic information described in resolving and obtained scan attribute information, and described in judging, whether scan attribute information is consistent with described current attribute information;
If consistent, then judge whether the characteristic information of scanning of described file to be scanned comprises invalid flag; If do not comprise invalid flag, then scan the current characteristic information of characteristic information as described file to be scanned described in reading; If comprise invalid flag, then calculated the current characteristic information of described file to be scanned by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time; Wherein, when described invalid flag operates for modifying when described file to be scanned, to the mark scanning characteristic information setting of file to be scanned in described local cache database;
If inconsistent, then calculated the current characteristic information of described file to be scanned by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.
2. method according to claim 1, also comprises:
If there is not the characteristic information of scanning of described file to be scanned in described local cache database, the current characteristic information of described file to be scanned is then calculated by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.
3. method according to claim 1, the current attribute information of described acquisition file to be scanned comprises: the path of reading file to be scanned;
The current attribute information of file to be scanned is obtained according to the path of described file to be scanned.
4. method according to claim 3, described access local cache database comprises:
According to the coordinates measurement key assignments of described file to be scanned, and according to described key assignments access local cache database; Wherein, described local cache database take key assignments as access index.
5. method according to claim 1,
The current attribute information of described file to be scanned comprises: the creation-time of the size of file, the last modification time of file and file;
The characteristic information of scanning of described file to be scanned comprises: attribute information and eigenwert, described eigenwert is calculated by described attribute information.
6. a file scanning device, comprising:
Attribute acquisition module, is suitable for the current attribute information obtaining file to be scanned;
Judge module, is suitable for accessing local cache database, judges the characteristic information of scanning that whether there is described file to be scanned in described local cache database; If exist, then scanned characteristic information described in resolving and obtained scan attribute information, and described in judging, whether scan attribute information is consistent with described current attribute information;
Read module, is suitable for, when the described information of scan attribute is consistent with described current attribute information, having scanned the current characteristic information of characteristic information as described file to be scanned described in reading;
Computing module, be suitable for when the described information of scan attribute and described current attribute information inconsistent time, the current characteristic information of described file to be scanned is calculated by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time;
Wherein, before described judge module is also suitable for reading and scans the current characteristic information of characteristic information as described file to be scanned, judge whether the characteristic information of scanning of described file to be scanned comprises invalid flag; When described invalid flag operates for modifying when described file to be scanned, to the mark scanning characteristic information setting of file to be scanned in described local cache database;
When the characteristic information of scanning that described read module is also suitable for described file to be scanned does not comprise invalid flag, described in reading, scan the current characteristic information of characteristic information as described file to be scanned;
When the characteristic information of scanning that described computing module is also suitable for described file to be scanned comprises invalid flag, the current characteristic information of described file to be scanned is calculated by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.
7. device according to claim 6, described computing module is also suitable for: when there is not the characteristic information of scanning of described file to be scanned in described local cache database, the current characteristic information of described file to be scanned is calculated by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.
8. device according to claim 6, described attribute acquisition module comprises:
Path reading submodule, is suitable for the path of reading file to be scanned;
Acquisition of information submodule, is suitable for the current attribute information obtaining file to be scanned according to the path of described file to be scanned.
9. device according to claim 6,
The current attribute information of described file to be scanned comprises: the creation-time of the size of file, the last modification time of file and file;
The characteristic information of scanning of described file to be scanned comprises: attribute information and eigenwert, described eigenwert is calculated by described attribute information.
10. a file detection system, comprising:
Main interface module, is suitable for initiating file scan operation to package module, and specifies file to be scanned;
Package module, is suitable for calling scan module;
Scan module, is suitable for scanning file to be scanned and the characteristic information of the described file to be scanned of calling data storehouse operational module acquisition;
Database operating modules, is suitable for the characteristic information reading described file to be scanned;
Wherein, described scan module comprises:
Attribute acquisition module, is suitable for the current attribute information obtaining file to be scanned;
Judge module, is suitable for accessing local cache database, judges the characteristic information of scanning that whether there is described file to be scanned in described local cache database; If exist, then scanned characteristic information described in resolving and obtained scan attribute information, and described in judging, whether scan attribute information is consistent with described current attribute information;
Read module, is suitable for, when the described information of scan attribute is consistent with described current attribute information, having scanned the current characteristic information of characteristic information as described file to be scanned described in reading;
Computing module, be suitable for when the described information of scan attribute and described current attribute information inconsistent time, the current characteristic information of described file to be scanned is calculated by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time;
Wherein, before described judge module is also suitable for reading and scans the current characteristic information of characteristic information as described file to be scanned, judge whether the characteristic information of scanning of described file to be scanned comprises invalid flag; When described invalid flag operates for modifying when described file to be scanned, to the mark scanning characteristic information setting of file to be scanned in described local cache database;
When the characteristic information of scanning that described read module is also suitable for described file to be scanned does not comprise invalid flag, described in reading, scan the current characteristic information of characteristic information as described file to be scanned;
When the characteristic information of scanning that described computing module is also suitable for described file to be scanned comprises invalid flag, the current characteristic information of described file to be scanned is calculated by described current attribute information, and stored in described local cache database as the characteristic information of scanning scanned next time.
11. systems according to claim 10, also comprise:
Driver module, is suitable for monitoring described file to be scanned, when operation modified by described file to be scanned, the file modification message comprising the retouching operation that described file to be scanned carries out is sent to messenger service module;
Messenger service module, is suitable for the file modification message receiving the transmission of described driver module, and described file modification message is sent to described database operating modules;
Described database operating modules, is also suitable for the file modification message receiving the transmission of described messenger service module, and arranges invalid flag according to the database file that described file modification message is corresponding to this file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210451286.6A CN102982121B (en) | 2012-11-12 | 2012-11-12 | A kind of file scanning method, file scanning device and file detection system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210451286.6A CN102982121B (en) | 2012-11-12 | 2012-11-12 | A kind of file scanning method, file scanning device and file detection system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102982121A CN102982121A (en) | 2013-03-20 |
| CN102982121B true CN102982121B (en) | 2015-11-11 |
Family
ID=47856139
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210451286.6A Active CN102982121B (en) | 2012-11-12 | 2012-11-12 | A kind of file scanning method, file scanning device and file detection system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102982121B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104427401B (en) * | 2013-08-30 | 2018-07-06 | 联想(北京)有限公司 | Obtain the method and electronic equipment of data |
| CN103607433B (en) * | 2013-11-01 | 2018-05-04 | 北京奇安信科技有限公司 | A kind of method and device in terminal deployment file in batches |
| CN104933021B (en) * | 2014-03-21 | 2017-11-03 | 北大方正集团有限公司 | Verification passes version method and apparatus before print |
| CN104133881B (en) * | 2014-07-25 | 2018-04-27 | 广东睿江云计算股份有限公司 | A kind of method and apparatus for adjusting the file cache time |
| CN104182519B (en) * | 2014-08-25 | 2018-03-02 | 百度在线网络技术(北京)有限公司 | A kind of file scanning method and device |
| CN105447035B (en) * | 2014-08-29 | 2018-12-25 | 华为技术有限公司 | data scanning method and device |
| CN106909845A (en) * | 2015-12-23 | 2017-06-30 | 北京奇虎科技有限公司 | A kind of method and apparatus of program object scanning |
| CN107451152B (en) * | 2016-05-31 | 2021-06-11 | 阿里巴巴集团控股有限公司 | Computing device, data caching and searching method and device |
| CN108717516B (en) * | 2018-05-18 | 2020-06-12 | 云易天成(北京)安全科技开发有限公司 | File labeling method, terminal and medium |
| CN109145602B (en) * | 2018-07-06 | 2020-06-02 | 成都亚信网络安全产业技术研究院有限公司 | Lesso software attack protection method and device |
| CN109325347B (en) * | 2018-08-27 | 2020-11-03 | 杭州安恒信息技术股份有限公司 | Method, system and device for searching and killing jump virus and readable storage medium |
| CN109522315B (en) * | 2018-10-26 | 2021-10-22 | 苏宁易购集团股份有限公司 | Database processing method and system |
| CN110413589A (en) * | 2019-07-30 | 2019-11-05 | 中国联合网络通信集团有限公司 | Approaches to IM and platform based on interspace file system |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101639880A (en) * | 2008-07-31 | 2010-02-03 | 华为技术有限公司 | File test method and device |
| CN102750463A (en) * | 2011-12-16 | 2012-10-24 | 北京安天电子设备有限公司 | System and method for improving file rescanning speed |
-
2012
- 2012-11-12 CN CN201210451286.6A patent/CN102982121B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101639880A (en) * | 2008-07-31 | 2010-02-03 | 华为技术有限公司 | File test method and device |
| CN102750463A (en) * | 2011-12-16 | 2012-10-24 | 北京安天电子设备有限公司 | System and method for improving file rescanning speed |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102982121A (en) | 2013-03-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102982121B (en) | A kind of file scanning method, file scanning device and file detection system | |
| US9948670B2 (en) | Cloud security-based file processing by generating feedback message based on signature information and file features | |
| US9953162B2 (en) | Rapid malware inspection of mobile applications | |
| US10043011B2 (en) | Methods and systems for providing recommendations to address security vulnerabilities in a network of computing systems | |
| CN102982284B (en) | For the scanning device of rogue program killing, cloud management equipment and method and system | |
| CN103390130B (en) | Based on the method for the rogue program killing of cloud security, device and server | |
| US20180082061A1 (en) | Scanning device, cloud management device, method and system for checking and killing malicious programs | |
| CN103279707B (en) | A kind of for the method for Initiative Defense rogue program, equipment | |
| CN103559443A (en) | Virus scanning method and device for multi-core device | |
| CN103761478A (en) | Judging method and device of malicious files | |
| CN102999722B (en) | File detection system | |
| US20160321450A1 (en) | Method and Apparatus for Managing Super User Password on Smart Mobile Terminal | |
| CN103207970A (en) | Virus file scanning method and device | |
| US11048621B2 (en) | Ensuring source code integrity in a computing environment | |
| CN105095367A (en) | Method and device for acquiring client data | |
| CN103679027A (en) | Searching and killing method and device for kernel level malware | |
| CN103617390A (en) | Malicious webpage judgment method, device and system | |
| CN103559447A (en) | Detection method, detection device and detection system based on virus sample characteristics | |
| US11100233B2 (en) | Optimizing operating system vulnerability analysis | |
| CN103473350B (en) | Document handling method and equipment | |
| CN104504331A (en) | Virtualization security detection method and system | |
| CN102915359A (en) | File management method and device | |
| CN105426272A (en) | Backup method and device for application programs | |
| US20140283080A1 (en) | Identifying stored vulnerabilities in a web service | |
| CN104462975A (en) | Program scanning method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220713 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |