CN104462601A - File scanning method, device and system - Google Patents

File scanning method, device and system Download PDF

Info

Publication number
CN104462601A
CN104462601A CN201410854196.0A CN201410854196A CN104462601A CN 104462601 A CN104462601 A CN 104462601A CN 201410854196 A CN201410854196 A CN 201410854196A CN 104462601 A CN104462601 A CN 104462601A
Authority
CN
China
Prior art keywords
file
scanned
specified segment
cloud server
instruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201410854196.0A
Other languages
Chinese (zh)
Other versions
CN104462601B (en
Inventor
汪圣平
杨晓东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Technology Group Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201410854196.0A priority Critical patent/CN104462601B/en
Publication of CN104462601A publication Critical patent/CN104462601A/en
Priority to PCT/CN2015/094707 priority patent/WO2016107309A1/en
Application granted granted Critical
Publication of CN104462601B publication Critical patent/CN104462601B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a file scanning method, device and system, and relates to the technical field of information security. The file scanning method, device and system aim at achieving the efficient cloud engine electronic file searching and killing. According to the main technical scheme, when a file to be scanned is uploaded to a cloud server so that searching and killing can be conducted, a client-side can upload a segment, containing the file type, of the file first according to the indication of the cloud server, the cloud server analyses the segment to determine the type of the file, the position of the file segment uploaded by the client-side is determined according to the type of the file, the client-side is indicated to only send the file segment which may contain security problems to the cloud server according to the indication of the cloud server so that searching and killing can be conducted, and security of the file is confirmed. The file scanning method, device and system are mainly used for the cloud searching and killing process of the file.

Description

File scanning method, Apparatus and system
Technical field
The present invention relates to a kind of field of information security technology, particularly relate to a kind of file scanning method, Apparatus and system.
Background technology
What use along with computer popularizes, and a kind of newtype file-e-file is born.E-file is generated by robot calculator and processes, and its information is with binary digital code record and represent, it is recorded in tape with code form, disk, the carriers such as CD, relies on computer system access and the file that can transmit on a communication network.The safety of e-file is most important.Killing engine at present for e-file is generally divided into local engine and cloud engine.Wherein, local engine scans e-file in this locality; Cloud engine needs, by files passe cloud server, to be scanned e-file by cloud server.When using cloud engine, need whole files passe high in the clouds, for inefficiency large files.
Summary of the invention
In view of this, the invention provides a kind of file scanning method, Apparatus and system, fundamental purpose is to realize efficient cloud engine killing e-file.
According to one aspect of the invention, provide a kind of file scanning method, comprising:
File scan request is sent to cloud server;
Receive first instruction of uploading file to be scanned that described cloud server sends, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file;
According to described first instruction, the first specified segment of described file to be scanned is uploaded to described cloud server, so that described cloud server obtains the type of file to be scanned according to described first specified segment;
Receive the second instruction of the uploading scanned file that described cloud server sends, described second instruction is used to indicate the second specified segment uploading file to be scanned, may occur the fragment of safety problem in the described second specified segment file to be scanned that to be described cloud server determine according to the type of file to be scanned;
According to described second instruction, described second specified segment is uploaded to described cloud server, so that the content of described cloud server to described second specified segment scans, determines the security of file to be scanned.
According to another aspect of the present invention, provide a kind of file scanning method, comprising:
Receive the file scan request that client sends;
Send first instruction of uploading file to be scanned to described client, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file;
Receive the first specified segment of described client upload, and carry out described first specified segment resolving the type obtaining described file to be scanned;
Described second specified segment is determined according to the type of described file to be scanned, and second instruction of uploading the second specified segment of file to be scanned is sent to described client, described second specified segment is the fragment that may occur safety problem in described file to be scanned;
Receive the second specified segment of described client upload, the content of described second specified segment is scanned, determines the security of file to be scanned.
According to another aspect of the present invention, provide a kind of client, comprising:
Scan request transmitting element, for sending file scan request to cloud server;
First receiving element, for receiving first instruction of uploading file to be scanned that described cloud server sends, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file;
First file transmitting element, for the first specified segment of described file to be scanned being uploaded to described cloud server according to described first instruction, so that described cloud server obtains the type of file to be scanned according to described first specified segment;
Second receiving element, for receiving second instruction of uploading file to be scanned that described cloud server sends, described second instruction is used to indicate the second specified segment uploading file to be scanned, may occur the fragment of safety problem in the described second specified segment file to be scanned that to be described cloud server determine according to the type of file to be scanned;
Second file transmitting element, for described second specified segment being uploaded to described cloud server according to described second instruction, so that the content of described cloud server to described second specified segment scans, determines the security of file to be scanned.
According to another aspect of the present invention, provide a kind of cloud server, comprising:
Scan request receiving element, for receiving the file scan request that client sends;
First transmitting element, for sending first instruction of uploading file to be scanned to described client, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file;
First receiving element, for receiving the first specified segment of described client upload, and carries out described first specified segment resolving the type obtaining described file to be scanned;
Determining unit, for determining described second specified segment according to the type of described file to be scanned;
Second transmitting element, for sending second instruction of uploading the second specified segment of file to be scanned to described client, described second specified segment is the fragment that may occur safety problem in described file to be scanned;
Second receiving element, for receiving the second specified segment of described client upload, scanning the content of described second specified segment, determining the security of file to be scanned.
According to another aspect of the present invention, provide a kind of document scanning system, comprising:
Client as above; With cloud server as above.
By technique scheme, the technical scheme that the embodiment of the present invention provides at least has following advantages:
File scanning method provided by the invention, Apparatus and system, when files passe cloud server to be scanned is carried out killing, client can according to the fragment of an include file type of the first transmitting file of the instruction of cloud server, cloud server determines the type of file to this fragment analysis, and then the position of file fragment according to the type determination client upload of file, there is the fragment of safety problem in the file of the file fragment of this position the type often, the file fragment likely comprising safety problem only sends to cloud server to carry out killing according to the instruction of cloud server by client.Like this, the content that the fragment of first include file type is carried is less, its flow taken is less, its can be very fast be transferred to cloud server, second file fragment that may comprise safety problem, compare whole file, it is also small amount, transmission is in a network also very fast, cloud server is very fast to the killing also comparing whole file during its killing, and this second fragment is the fragment that may occur safety problem determined according to file type, can ensure the accuracy of file killing like this.To sum up, efficient cloud engine killing e-file is achieved.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of instructions, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Accompanying drawing explanation
By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:
Fig. 1 shows the process flow diagram of a kind of client-side file scanning method that the embodiment of the present invention provides;
Fig. 2 shows the process flow diagram of a kind of cloud server side file scanning method that the embodiment of the present invention provides;
Fig. 3 shows the process flow diagram of the another kind of client-side file scanning method that the embodiment of the present invention provides;
Fig. 4 shows the process flow diagram of the another kind of cloud server side file scanning method that the embodiment of the present invention provides;
Fig. 5 shows the composition frame chart of a kind of client that the embodiment of the present invention provides;
Fig. 6 shows the composition frame chart of the another kind of client that the embodiment of the present invention provides;
Fig. 7 shows the composition frame chart of the another kind of client that the embodiment of the present invention provides;
Fig. 8 shows the composition frame chart of a kind of cloud server that the embodiment of the present invention provides;
Fig. 9 shows the composition frame chart of the another kind of cloud server that the embodiment of the present invention provides;
Figure 10 shows the composition frame chart of the another kind of cloud server that the embodiment of the present invention provides;
Figure 11 shows the composition frame chart of a kind of document scanning system that the embodiment of the present invention provides.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
The embodiment of the present invention provides a kind of file scanning method, and the method is the method that client is surveyed, and as shown in Figure 1, the method comprises:
101, file scan request is sent to cloud server.
When the file of client needs to carry out killing scanning, client sends file scan request to cloud server, after cloud server receives this file scan request, to send the instruction of upload file to this client.In embodiments of the present invention, cloud server needs the type obtaining file to be scanned from client, and determine that this class file is often which place exists leak or threat etc. easily by the safety problem of attacking according to file type, or hacker often attacks which place of this class file.Therefore, cloud server, after receiving file scan request, first sends the first instruction to client, performs 102.
102, receive first instruction of uploading file to be scanned that described cloud server sends, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file.
This first specified segment is the fragment comprising file type as above, and this fragment is generally in front several byte that file starts, such as, before 4K.Therefore, relatively large file, shared by this first specified segment, byte generally can be ignored.Therefore this first specified segment transmit shared resource in a network and time of using all few.Accelerate file scan to a certain extent.
Wherein, the size of this first specified segment, is generally rule of thumb arranged, and be such as 4K, concrete, the embodiment of the present invention does not limit this.The byte of this 4K length is enough to state current various types of file.In addition, wherein comprising except the byte except representing file type, also comprising the byte representing file size and file attribute.The concrete embodiment of the present invention does not limit this.
103, according to described first instruction, the first specified segment of described file to be scanned is uploaded to described cloud server, so that described cloud server obtains the type of file to be scanned according to described first specified segment.
Client obtains described first specified segment according to this first instruction, first specified segment of described file to be scanned is uploaded to described cloud server, so that cloud server resolves described first specified segment, obtain the type of file to be scanned, and obtain the second specified segment according to described file type, and send instruction to this client, allow it upload the second specified segment to cloud server.
104, the second instruction of the uploading scanned file that described cloud server sends is received, described second instruction is used to indicate the second specified segment uploading file to be scanned, may occur the fragment of safety problem in the described second specified segment file to be scanned that to be described cloud server determine according to the type of file to be scanned.
105, according to described second instruction, described second specified segment is uploaded to described cloud server, so that the content of described cloud server to described second specified segment scans, determines the security of file to be scanned.
The embodiment of the present invention also provides a kind of file scanning method, and the method is the method for cloud server side, and as shown in Figure 2, the method comprises:
201, the file scan request that client sends is received.
202, send first instruction of uploading file to be scanned to described client, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file.
About the associated description of the first specified segment, be described in 102, will repeat no more herein.
203, receive the first specified segment of described client upload, and carry out described first specified segment resolving the type obtaining described file to be scanned.
204, described second specified segment is determined according to the type of described file to be scanned, and second instruction of uploading the second specified segment of file to be scanned is sent to described client, described second specified segment is the fragment that may occur safety problem in described file to be scanned.
It should be noted that, the file of one type, there is safety problem, easily often limited by the place attacked in it, it generally appears at certain or some fixing places, like this when carrying out killing scanning to file, only need to determine to carry out killing for the content in some places of this type file according to the type of file, just can determine the security of file.This position is generally rule of thumb arrange, or obtains according to some rule detection, and concrete, the embodiment of the present invention does not limit this.
205, receive the second specified segment of described client upload, the content of described second specified segment is scanned, determines the security of file to be scanned.
In the embodiment of the present invention, when files passe cloud server to be scanned is carried out killing, client can according to the fragment of an include file type of the first transmitting file of the instruction of cloud server, cloud server determines the type of file to this fragment analysis, and then the position of file fragment according to the type determination client upload of file, there is the fragment of safety problem in the file of the file fragment of this position the type often, the file fragment likely comprising safety problem only sends to cloud server to carry out killing according to the instruction of cloud server by client.Like this, the content that the fragment of first include file type is carried is less, its flow taken is less, its can be very fast be transferred to cloud server, second file fragment that may comprise safety problem, compare whole file, it is also small amount, transmission is in a network also very fast, cloud server is very fast to the killing also comparing whole file during its killing, and this second fragment is the fragment that may occur safety problem determined according to file type, can ensure the accuracy of file killing like this.To sum up, efficient cloud engine killing e-file is achieved.
The embodiment of the present invention also provides a kind of file scanning method, and as shown in Figure 3, the method comprises:
301, client determines the size of file to be scanned; When the size of described file to be scanned is greater than predetermined value, perform 302; When the size of described file to be scanned is less than or equal to predetermined value, perform 307.
It should be noted that, carry out a Filter Examination for file to be scanned, when file is not very large time, killing scanning can be carried out in client this locality, when file is very large time, send it to cloud server, carry out killing scanning by cloud server.When arranging this file size threshold value, the minimum size being generally not less than the first specified segment of this threshold value.Certainly, the embodiment of the present invention does not limit this, also can be less than the size of this first specified segment.
302, file scan request is sent to cloud server.
303, this client receives first instruction of uploading file to be scanned that described cloud server sends, and described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file.
Wherein, about the associated description of the first specified segment, can with reference to the associated description at 102 places, the embodiment of the present invention does not limit this.
304, the first specified segment of described file to be scanned is uploaded to described cloud server according to described first instruction by this client, so that described cloud server obtains the type of file to be scanned according to described first specified segment.
305, this client receives the second instruction of the uploading scanned file that described cloud server sends, described second instruction is used to indicate the second specified segment uploading file to be scanned, may occur the fragment of safety problem in the described second specified segment file to be scanned that to be described cloud server determine according to the type of file to be scanned.
306, described second specified segment is uploaded to described cloud server according to described second instruction by this client, so that the content of described cloud server to described second specified segment scans, determines the security of file to be scanned.
Wherein, cloud server, when instruction second specified segment, is sometimes directly specified concrete fragment, is sometimes then indicated the side-play amount of relative first specified segment.When directly specifying concrete fragment, client directly obtains corresponding fragment, and this fragment is uploaded to cloud server.When comprising the side-play amount of the length of the second specified segment and relative first instruction fragment in described second instruction of cloud server instruction, describedly described second specified segment is uploaded to described cloud server according to described second instruction and can adopts but be not limited to following method and realize, the method comprises:
1, the starting position of described second specified segment is calculated according to described first instruction fragment and described side-play amount.
2, described second specified segment is obtained according to the length of described starting position and described second specified segment.
3, described second specified segment obtained is uploaded to described cloud server.
307, this client receives the scanning result of the file described to be scanned that described cloud server sends, by described scanning result output display.Terminate the cloud server scanning of file herein.
Conveniently user knows the security of file to be scanned, after server scans the security of the second specified segment determination file beyond the clouds, scanning result can also be sent to client by cloud server, after client receives this scanning result, by this scanning result output display.Wherein, the mode of this output display can be prompting frame formula, and can be also dialog box formula, the concrete embodiment of the present invention limit this.When showing, can be word, also can be music, or picture, or animation, and can also be above-mentioned combination, the concrete embodiment of the present invention limit this.
308, by the local killing engine of described client, described file to be scanned is scanned, determine the security of file to be scanned, and by scanning result output display.Terminate the killing scanning of file herein.
When determining Documents Comparison hour, files passe cloud server also can need not be realized scan killing fast, specifically by the local killing engine of described client, described file to be scanned being scanned, determining the security of file to be scanned.About the concrete grammar of local killing engine, can adopt current any one, the concrete embodiment of the present invention does not limit this.
The embodiment of the present invention also provides a kind of file scanning method, and the method is the method for cloud server side, and as shown in Figure 4, the method comprises:
401, the file scan request that client sends is received.
402, send first instruction of uploading file to be scanned to described client, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file.
Wherein, the associated description about the first specified segment can with reference to the associated description at 102 places, and the embodiment of the present invention will repeat no more herein.
403, receive the first specified segment of described client upload, type information and the size of resolving the described file to be scanned of acquisition are carried out to described first specified segment.
Described first specified segment, except include file type information, also comprises size and the attribute information of file.The embodiment of the present invention, treating after scanning document first specified segment resolves, can obtain type information and the size information of file.If the size of the first specified segment is greater than the size of file to be scanned, client is after receiving the first instruction, the full content of file to be scanned all can be uploaded to cloud server, therefore, when the size of client to the file uploaded does not judge, cloud server, after receiving the first specified segment, can be compared to the size of the size of the first specified segment and the file to be scanned uploaded, to avoid unnecessary data transmission.
404, judge whether the size of described file to be scanned is greater than the size of described first specified segment; If determine, the size of described file to be scanned is greater than the size of described first specified segment, then perform 405; If determine, the size of described file to be scanned is less than or equal to the size of described first specified segment, then perform 408.
When determining that the size of described file to be scanned is less than or equal to the size of described first specified segment, cloud server does not need again to send the second instruction to client, just directly can carry out killing scanning to the content comprising file to be scanned the first specified segment in full, determine the security of file.When determining that the size of described file to be scanned is greater than the size of described first specified segment, this file to be scanned is comparatively large, needs cloud server again to send files passe instruction to client.
405, described second specified segment is determined according to the type of described file to be scanned, and second instruction of uploading the second specified segment of file to be scanned is sent to described client, described second specified segment is the fragment that may occur safety problem in described file to be scanned.
406, receive the second specified segment of described client upload, the content of described second specified segment is scanned, determines the security of file to be scanned.
407, the scanning result of described file to be scanned is sent to described client.Terminate the scanning of this file to be scanned.
408, the first specified segment of described file to be scanned is scanned, determine the security of file to be scanned, and perform 407.
In the embodiment of the present invention, when files passe cloud server to be scanned is carried out killing, client can according to the fragment of an include file type of the first transmitting file of the instruction of cloud server, cloud server determines the type of file to this fragment analysis, and then the position of file fragment according to the type determination client upload of file, there is the fragment of safety problem in the file of the file fragment of this position the type often, the file fragment likely comprising safety problem only sends to cloud server to carry out killing according to the instruction of cloud server by client.Like this, the content that the fragment of first include file type is carried is less, its flow taken is less, its can be very fast be transferred to cloud server, second file fragment that may comprise safety problem, compare whole file, it is also small amount, transmission is in a network also very fast, cloud server is very fast to the killing also comparing whole file during its killing, and this second fragment is the fragment that may occur safety problem determined according to file type, can ensure the accuracy of file killing like this.To sum up, efficient cloud engine killing e-file is achieved.
And, in the embodiment of the present invention, due to small documents, in the local killing of client, than being uploaded to cloud server, to carry out the killing efficiency of killing high, in order to ensure the high speed killing of all size file, before sending file scan request to cloud server, can first detecting the size treating killing file, when determining that the size of file to be scanned is greater than certain value, just carrying out the killing of cloud server; Small documents has then carried out killing scanning in client this locality, determines the security of file.
Further, when the size of client to file does not detect, after cloud server receives the first specified segment that client uploads according to cloud server, determine the size of file to be scanned and the relation of the first specified segment size, when the size of file to be scanned is less than or equal to the size of the first specified segment, by directly scanning the first specified segment, determine the security of file.When only having the size when file to be scanned to be greater than the size of the first specified segment, just send the instruction of uploading the second specified segment to client.In order to avoid small documents repeat transmission.
Based on said method, the embodiment of the present invention also provides a kind of client, and as shown in Figure 5, this client comprises:
Scan request transmitting element 51, for sending file scan request to cloud server.
First receiving element 52, for receiving first instruction of uploading file to be scanned that described cloud server sends, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file.
First file transmitting element 53, for the first specified segment of described file to be scanned being uploaded to described cloud server according to described first instruction, so that described cloud server obtains the type of file to be scanned according to described first specified segment.
Second receiving element 54, for receiving second instruction of uploading file to be scanned that described cloud server sends, described second instruction is used to indicate the second specified segment uploading file to be scanned, may occur the fragment of safety problem in the described second specified segment file to be scanned that to be described cloud server determine according to the type of file to be scanned.
Second file transmitting element 55, for described second specified segment being uploaded to described cloud server according to described second instruction, so that the content of described cloud server to described second specified segment scans, determines the security of file to be scanned.
Further, as shown in Figure 6, this client also comprises:
Scanning result receiving element 56, for receiving the scanning result of the file described to be scanned that described cloud server sends.
Output display unit 57, for by described scanning result output display.
When comprising the side-play amount of the length of the second specified segment and relative first instruction fragment in described second instruction, described second file transmitting element 55 comprises:
Computing module, for calculating the starting position of described second specified segment according to described first instruction fragment and described side-play amount.
Acquisition module, obtains described second specified segment for the length according to described starting position and described second specified segment.
File send module, for being uploaded to described cloud server by described second specified segment obtained.
Further, as shown in Figure 7, this client also comprises:
Judging unit 58, for determining the size of file to be scanned.
Described scan request transmitting element 51 also for, when the size of described file to be scanned is greater than predetermined value, send file scan request to cloud server.
Scanning element 59, for when the size of described file to be scanned is less than or equal to predetermined value, is scanned described file to be scanned by the local killing engine of described client, determines the security of file to be scanned.
The embodiment of the present invention also provides a kind of cloud server, and as shown in Figure 8, this cloud server comprises:
Scan request receiving element 61, for receiving the file scan request that client sends.
First transmitting element 62, for sending first instruction of uploading file to be scanned to described client, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file.
First receiving element 63, for receiving the first specified segment of described client upload;
Resolution unit 64, resolves for carrying out described first specified segment the type obtaining described file to be scanned.
Determining unit 65, for determining described second specified segment according to the type of described file to be scanned;
Second transmitting element 66, for sending second instruction of uploading the second specified segment of file to be scanned to described client, described second specified segment is the fragment that may occur safety problem in described file to be scanned.
Second receiving element 67, for receiving the second specified segment of described client upload.
Scanning element 68, for scanning the content of described second specified segment, determines the security of file to be scanned.
Further, as shown in Figure 9, this cloud server also comprises:
Scanning result transmitting element 69, for after the security determining file to be scanned, sends to described client by the scanning result of described file to be scanned.
Further, as shown in Figure 10, this cloud server also comprises:
Described resolution unit 64 also for, when also comprising the size of file in described first specified segment, carry out resolving obtaining the size of described file to be scanned to described first specified segment.
Judging unit 610, for judging whether the size of described file to be scanned is greater than the size of described first specified segment.
Described determining unit 65 also for, when determining that the size of described file to be scanned is greater than the size of described first specified segment, determine described second specified segment according to the type of described file to be scanned.
Described scanning element 68 also for, when determining that the size of described file to be scanned is less than or equal to the size of described first specified segment, the first specified segment of described file to be scanned being scanned, determines the security of file to be scanned.
The embodiment of the present invention also provides a kind of document scanning system, and as shown in figure 11, this document scanning system comprises:
Client 71 and cloud server 72.
It should be noted that, about the description that client 71 is relevant with cloud server 72, please refer to the associated description in Fig. 1 to Figure 10, the embodiment of the present invention will repeat no more herein.
In the embodiment of the present invention, when files passe cloud server to be scanned is carried out killing, client can according to the fragment of an include file type of the first transmitting file of the instruction of cloud server, cloud server determines the type of file to this fragment analysis, and then the position of file fragment according to the type determination client upload of file, there is the fragment of safety problem in the file of the file fragment of this position the type often, the file fragment likely comprising safety problem only sends to cloud server to carry out killing according to the instruction of cloud server by client.Like this, the content that the fragment of first include file type is carried is less, its flow taken is less, its can be very fast be transferred to cloud server, second file fragment that may comprise safety problem, compare whole file, it is also small amount, transmission is in a network also very fast, cloud server is very fast to the killing also comparing whole file during its killing, and this second fragment is the fragment that may occur safety problem determined according to file type, can ensure the accuracy of file killing like this.To sum up, efficient cloud engine killing e-file is achieved.
And, in the embodiment of the present invention, due to small documents, in the local killing of client, than being uploaded to cloud server, to carry out the killing efficiency of killing high, in order to ensure the high speed killing of all size file, before sending file scan request to cloud server, can first detecting the size treating killing file, when determining that the size of file to be scanned is greater than certain value, just carrying out the killing of cloud server; Small documents has then carried out killing scanning in client this locality, determines the security of file.
Further, when the size of client to file does not detect, after cloud server receives the first specified segment that client uploads according to cloud server, determine the size of file to be scanned and the relation of the first specified segment size, when the size of file to be scanned is less than or equal to the size of the first specified segment, by directly scanning the first specified segment, determine the security of file.When only having the size when file to be scanned to be greater than the size of the first specified segment, just send the instruction of uploading the second specified segment to client.In order to avoid small documents repeat transmission.
Embodiments of the invention disclose:
A1, a kind of file scanning method, comprising:
File scan request is sent to cloud server;
Receive first instruction of uploading file to be scanned that described cloud server sends, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file;
According to described first instruction, the first specified segment of described file to be scanned is uploaded to described cloud server, so that described cloud server obtains the type of file to be scanned according to described first specified segment;
Receive the second instruction of the uploading scanned file that described cloud server sends, described second instruction is used to indicate the second specified segment uploading file to be scanned, may occur the fragment of safety problem in the described second specified segment file to be scanned that to be described cloud server determine according to the type of file to be scanned;
According to described second instruction, described second specified segment is uploaded to described cloud server, so that the content of described cloud server to described second specified segment scans, determines the security of file to be scanned.
A2, method as described in A1, also comprise:
Receive the scanning result of the file described to be scanned that described cloud server sends, and by described scanning result output display.
A3, method as described in A2, when comprising the side-play amount of the length of the second specified segment and relative first instruction fragment in described second instruction, being describedly uploaded to described cloud server according to described second instruction by described second specified segment and comprising:
The starting position of described second specified segment is calculated according to described first instruction fragment and described side-play amount;
Length according to described starting position and described second specified segment obtains described second specified segment;
Described second specified segment obtained is uploaded to described cloud server.
A4, method according to any one of A1-A3, also comprise:
Determine the size of file to be scanned;
When the size of described file to be scanned is greater than predetermined value, perform described to the request of cloud server transmission file scan.
A5, method as described in A4, also comprise:
When the size of described file to be scanned is less than or equal to predetermined value, by the local killing engine of described client, described file to be scanned is scanned, determine the security of file to be scanned.
B6, a kind of file scanning method, comprising:
Receive the file scan request that client sends;
Send first instruction of uploading file to be scanned to described client, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file;
Receive the first specified segment of described client upload, and carry out described first specified segment resolving the type obtaining described file to be scanned;
Described second specified segment is determined according to the type of described file to be scanned, and second instruction of uploading the second specified segment of file to be scanned is sent to described client, described second specified segment is the fragment that may occur safety problem in described file to be scanned;
Receive the second specified segment of described client upload, the content of described second specified segment is scanned, determines the security of file to be scanned.
B7, method as described in B6, after the security determining file to be scanned, also comprise:
The scanning result of described file to be scanned is sent to described client.
B8, method as described in B6 or B7, when also comprising the size of file to be scanned in described first specified segment, also comprise:
Carry out described first specified segment resolving the size obtaining described file to be scanned;
Judge whether the size of described file to be scanned is greater than the size of described first specified segment;
If determine, the size of described file to be scanned is greater than the size of described first specified segment, then perform the described type according to described file to be scanned and determine described second specified segment, and send second instruction of uploading the second specified segment of file to be scanned to described client.
B9, method as described in B8, also comprise:
If determine, the size of described file to be scanned is less than or equal to the size of described first specified segment, then scan the first specified segment of described file to be scanned, determine the security of file to be scanned.
C10, a kind of client, comprising:
Scan request transmitting element, for sending file scan request to cloud server;
First receiving element, for receiving first instruction of uploading file to be scanned that described cloud server sends, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file;
First file transmitting element, for the first specified segment of described file to be scanned being uploaded to described cloud server according to described first instruction, so that described cloud server obtains the type of file to be scanned according to described first specified segment;
Second receiving element, for receiving second instruction of uploading file to be scanned that described cloud server sends, described second instruction is used to indicate the second specified segment uploading file to be scanned, may occur the fragment of safety problem in the described second specified segment file to be scanned that to be described cloud server determine according to the type of file to be scanned;
Second file transmitting element, for described second specified segment being uploaded to described cloud server according to described second instruction, so that the content of described cloud server to described second specified segment scans, determines the security of file to be scanned.
C11, client as described in C10, also comprise:
Described receiving element also for, receive the scanning result of file described to be scanned that described cloud server sends;
Output display unit, for by described scanning result output display.
C12, client as described in C11, when comprising the side-play amount of the length of the second specified segment and relative first instruction fragment in described second instruction, described second file transmitting element comprises:
Computing module, for calculating the starting position of described second specified segment according to described first instruction fragment and described side-play amount;
Acquisition module, obtains described second specified segment for the length according to described starting position and described second specified segment;
File send module, for being uploaded to described cloud server by described second specified segment obtained.
C12, client according to any one of C10-C12, also comprise:
Judging unit, for determining the size of file to be scanned;
Described scan request transmitting element also for, when the size of described file to be scanned is greater than predetermined value, send file scan request to cloud server.
C13, client as described in C13, also comprise:
Scanning element, for when the size of described file to be scanned is less than or equal to predetermined value, is scanned described file to be scanned by the local killing engine of described client, determines the security of file to be scanned.
D15, a kind of cloud server, comprising:
Scan request receiving element, for receiving the file scan request that client sends;
First transmitting element, for sending first instruction of uploading file to be scanned to described client, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file;
First receiving element, for receiving the first specified segment of described client upload;
Resolution unit, resolves for carrying out described first specified segment the type obtaining described file to be scanned;
Determining unit, for determining described second specified segment according to the type of described file to be scanned;
Second transmitting element, for sending second instruction of uploading the second specified segment of file to be scanned to described client, described second specified segment is the fragment that may occur safety problem in described file to be scanned;
Second receiving element, for receiving the second specified segment of described client upload;
Scanning element, for scanning the content of described second specified segment, determines the security of file to be scanned.
D16, cloud server as described in D15, also comprise:
Scanning result transmitting element, for after the security determining file to be scanned, sends to described client by the scanning result of described file to be scanned.
D17, cloud server as described in D15 or D16, also comprise:
Described resolution unit also for, when also comprising the size of file in described first specified segment, carry out resolving obtaining the size of described file to be scanned to described first specified segment;
Judging unit, for judging whether the size of described file to be scanned is greater than the size of described first specified segment;
Described determining unit also for, when determining that the size of described file to be scanned is greater than the size of described first specified segment, determine described second specified segment according to the type of described file to be scanned.
D17, cloud server as described in D16, also comprise:
Described scanning element also for, when determining that the size of described file to be scanned is less than or equal to the size of described first specified segment, the first specified segment of described file to be scanned being scanned, determines the security of file to be scanned.
E18, a kind of document scanning system, comprising:
Client according to any one of claim C10-C14;
With the cloud server such as according to any one of claim D15-D 17.
In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part described in detail, can see the associated description of other embodiments.
Be understandable that, the correlated characteristic in said method and device can reference mutually.In addition, " first ", " second " in above-described embodiment etc. are for distinguishing each embodiment, and do not represent the quality of each embodiment.
Those skilled in the art can be well understood to, and for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In instructions provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary array mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize the some or all parts in file scanning method according to the embodiment of the present invention, Apparatus and system.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.

Claims (10)

1. a file scanning method, is characterized in that, comprising:
File scan request is sent to cloud server;
Receive first instruction of uploading file to be scanned that described cloud server sends, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file;
According to described first instruction, the first specified segment of described file to be scanned is uploaded to described cloud server, so that described cloud server obtains the type of file to be scanned according to described first specified segment;
Receive the second instruction of the uploading scanned file that described cloud server sends, described second instruction is used to indicate the second specified segment uploading file to be scanned, may occur the fragment of safety problem in the described second specified segment file to be scanned that to be described cloud server determine according to the type of file to be scanned;
According to described second instruction, described second specified segment is uploaded to described cloud server, so that the content of described cloud server to described second specified segment scans, determines the security of file to be scanned.
2. method according to claim 1, is characterized in that, also comprises:
Receive the scanning result of the file described to be scanned that described cloud server sends, and by described scanning result output display.
3. method according to claim 2, it is characterized in that, when comprising the side-play amount of the length of the second specified segment and relative first instruction fragment in described second instruction, describedly according to described second instruction, described second specified segment being uploaded to described cloud server and comprising:
The starting position of described second specified segment is calculated according to described first instruction fragment and described side-play amount;
Length according to described starting position and described second specified segment obtains described second specified segment;
Described second specified segment obtained is uploaded to described cloud server.
4. the method according to any one of claim 1-3, is characterized in that, also comprises:
Determine the size of file to be scanned;
When the size of described file to be scanned is greater than predetermined value, perform described to the request of cloud server transmission file scan.
5. method according to claim 4, is characterized in that, also comprises:
When the size of described file to be scanned is less than or equal to predetermined value, by the local killing engine of described client, described file to be scanned is scanned, determine the security of file to be scanned.
6. a file scanning method, is characterized in that, comprising:
Receive the file scan request that client sends;
Send first instruction of uploading file to be scanned to described client, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file;
Receive the first specified segment of described client upload, and carry out described first specified segment resolving the type obtaining described file to be scanned;
Described second specified segment is determined according to the type of described file to be scanned, and second instruction of uploading the second specified segment of file to be scanned is sent to described client, described second specified segment is the fragment that may occur safety problem in described file to be scanned;
Receive the second specified segment of described client upload, the content of described second specified segment is scanned, determines the security of file to be scanned.
7. method according to claim 6, is characterized in that, after the security determining file to be scanned, also comprises:
The scanning result of described file to be scanned is sent to described client.
8. a client, is characterized in that, comprising:
Scan request transmitting element, for sending file scan request to cloud server;
First receiving element, for receiving first instruction of uploading file to be scanned that described cloud server sends, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file;
First file transmitting element, for the first specified segment of described file to be scanned being uploaded to described cloud server according to described first instruction, so that described cloud server obtains the type of file to be scanned according to described first specified segment;
Second receiving element, for receiving second instruction of uploading file to be scanned that described cloud server sends, described second instruction is used to indicate the second specified segment uploading file to be scanned, may occur the fragment of safety problem in the described second specified segment file to be scanned that to be described cloud server determine according to the type of file to be scanned;
Second file transmitting element, for described second specified segment being uploaded to described cloud server according to described second instruction, so that the content of described cloud server to described second specified segment scans, determines the security of file to be scanned.
9. a cloud server, is characterized in that, comprising:
Scan request receiving element, for receiving the file scan request that client sends;
First transmitting element, for sending first instruction of uploading file to be scanned to described client, described first instruction is used to indicate the first specified segment uploading file to be scanned, and described first specified segment comprises the type information of file;
First receiving element, for receiving the first specified segment of described client upload;
Resolution unit, resolves for carrying out described first specified segment the type obtaining described file to be scanned;
Determining unit, for determining described second specified segment according to the type of described file to be scanned;
Second transmitting element, for sending second instruction of uploading the second specified segment of file to be scanned to described client, described second specified segment is the fragment that may occur safety problem in described file to be scanned;
Second receiving element, for receiving the second specified segment of described client upload;
Scanning element, for scanning the content of described second specified segment, determines the security of file to be scanned.
10. a document scanning system, is characterized in that, comprising:
Client as claimed in claim 8;
With cloud server as claimed in claim 9.
CN201410854196.0A 2014-12-31 2014-12-31 File scanning method, device and system Active CN104462601B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201410854196.0A CN104462601B (en) 2014-12-31 2014-12-31 File scanning method, device and system
PCT/CN2015/094707 WO2016107309A1 (en) 2014-12-31 2015-11-16 File scanning method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410854196.0A CN104462601B (en) 2014-12-31 2014-12-31 File scanning method, device and system

Publications (2)

Publication Number Publication Date
CN104462601A true CN104462601A (en) 2015-03-25
CN104462601B CN104462601B (en) 2017-04-12

Family

ID=52908636

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410854196.0A Active CN104462601B (en) 2014-12-31 2014-12-31 File scanning method, device and system

Country Status (2)

Country Link
CN (1) CN104462601B (en)
WO (1) WO2016107309A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105590058A (en) * 2015-12-18 2016-05-18 北京奇虎科技有限公司 Virtual machine escape detection method and apparatus
WO2016107309A1 (en) * 2014-12-31 2016-07-07 北京奇虎科技有限公司 File scanning method, device and system
CN112347041A (en) * 2020-11-03 2021-02-09 紫光云引擎科技(苏州)有限公司 Industrial cloud application store system file uploading security scanning method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070180530A1 (en) * 2005-08-31 2007-08-02 Microsoft Corporation Unwanted file modification and transactions
CN102902915A (en) * 2012-09-29 2013-01-30 北京奇虎科技有限公司 System for detecting behavior feature of file
CN103914655A (en) * 2014-03-17 2014-07-09 北京奇虎科技有限公司 Downloaded file security detection method and device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102982284B (en) * 2012-11-30 2016-04-20 北京奇虎科技有限公司 For the scanning device of rogue program killing, cloud management equipment and method and system
CN104462601B (en) * 2014-12-31 2017-04-12 北京奇安信科技有限公司 File scanning method, device and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070180530A1 (en) * 2005-08-31 2007-08-02 Microsoft Corporation Unwanted file modification and transactions
CN102902915A (en) * 2012-09-29 2013-01-30 北京奇虎科技有限公司 System for detecting behavior feature of file
CN103914655A (en) * 2014-03-17 2014-07-09 北京奇虎科技有限公司 Downloaded file security detection method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016107309A1 (en) * 2014-12-31 2016-07-07 北京奇虎科技有限公司 File scanning method, device and system
CN105590058A (en) * 2015-12-18 2016-05-18 北京奇虎科技有限公司 Virtual machine escape detection method and apparatus
CN112347041A (en) * 2020-11-03 2021-02-09 紫光云引擎科技(苏州)有限公司 Industrial cloud application store system file uploading security scanning method and system

Also Published As

Publication number Publication date
CN104462601B (en) 2017-04-12
WO2016107309A1 (en) 2016-07-07

Similar Documents

Publication Publication Date Title
CN108763928B (en) Open source software vulnerability analysis method and device and storage medium
US9953162B2 (en) Rapid malware inspection of mobile applications
US10200391B2 (en) Detection of malware in derived pattern space
RU2551820C2 (en) Method and apparatus for detecting viruses in file system
US10785246B2 (en) Mining attack vectors for black-box security testing
CN102982121B (en) A kind of file scanning method, file scanning device and file detection system
EP2110771B1 (en) Probabilistic shellcode detection
US20180082061A1 (en) Scanning device, cloud management device, method and system for checking and killing malicious programs
EP3215975A1 (en) Method and system for behavior query construction in temporal graphs using discriminative sub-trace mining
CN102867147B (en) A kind of method and apparatus of file scan
US9355250B2 (en) Method and system for rapidly scanning files
CN103678692A (en) Safety scanning method and device of downloaded file
CN111563015B (en) Data monitoring method and device, computer readable medium and terminal equipment
CN104462985A (en) Detecting method and device of bat loopholes
CN110023938B (en) System and method for determining file similarity by using function length statistics
US10255436B2 (en) Creating rules describing malicious files based on file properties
WO2018060461A1 (en) Detecting malicious scripts
CN104462601A (en) File scanning method, device and system
CN105187439A (en) Phishing website detection method and device
CN104598818A (en) System and method for detecting file in virtual environment
CN104504331A (en) Virtualization security detection method and system
CN104021338A (en) Method, device and system for startup item detection
CN102999722B (en) File detection system
US20170351761A1 (en) Optimizing web crawling through web page pruning
CN115495740A (en) Virus detection method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20170112

Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26,

Applicant after: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD.

Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park)

Applicant before: Beijing Qihoo Technology Co., Ltd.

Applicant before: Qizhi Software (Beijing) Co., Ltd.

GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: 100088 Building 3 332, 102, 28 Xinjiekouwai Street, Xicheng District, Beijing

Patentee after: Qianxin Technology Group Co., Ltd.

Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing.

Patentee before: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD.