CN104598819B - A kind of methods, devices and systems for scan compression bag - Google Patents
A kind of methods, devices and systems for scan compression bag Download PDFInfo
- Publication number
- CN104598819B CN104598819B CN201510012586.8A CN201510012586A CN104598819B CN 104598819 B CN104598819 B CN 104598819B CN 201510012586 A CN201510012586 A CN 201510012586A CN 104598819 B CN104598819 B CN 104598819B
- Authority
- CN
- China
- Prior art keywords
- file
- compressed package
- potential danger
- security attribute
- bag
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a kind of method for being used for scan compression bag in computer equipment, wherein, this method comprises the following steps:A. when the file security attribute of the file in the bag security attribute or the compressed package of compressed package to be scanned indicates potential danger file to be present in the compressed package, the compressed package is not decompressed, directly obtains the file feature information of the potential danger file;B. according to the file feature information of the potential danger file, the file security attribute of the potential danger file is redefined, and performs corresponding operating.The method according to the invention, the scanning of compressed package can be realized in the case where not decompressed to compressed package, so as to improve the scan efficiency of compressed package.
Description
Technical field
The present invention relates to field of computer technology, more particularly to a kind of methods, devices and systems for scan compression bag.
Background technology
In the prior art, in scan compression bag, need first to decompress compressed package, then to decompressing obtained file
It is scanned, this make it that scan efficiency is relatively low.Particularly in some user environments, it is often necessary to which same compressed package is carried out
Multiple scanning, and be required to first decompress the compressed package when scanning the compressed package every time, this causes the efficiency of scanning more
To reduce.
The content of the invention
It is an object of the invention to provide a kind of methods, devices and systems for scan compression bag.
According to an aspect of the present invention, there is provided a kind of method for being used for scan compression bag in computer equipment, wherein,
This method comprises the following steps:
A. when the file security attribute instruction of the file in the bag security attribute or the compressed package of compressed package to be scanned should
When potential danger file in compressed package be present, the compressed package is not decompressed, directly obtain the potential danger file
File feature information;
B. according to the file feature information of the potential danger file, the file for redefining the potential danger file is pacified
Full attribute, and perform corresponding operating.
According to another aspect of the present invention, a kind of dress for being used for scan compression bag in computer equipment is additionally provided
Put, wherein, the device includes following device:
For when the file security attribute instruction of the file in the bag security attribute or the compressed package of compressed package to be scanned
When potential danger file in the compressed package be present, the compressed package is not decompressed, directly obtain the potential danger file
File feature information device;
For the file feature information according to the potential danger file, the file of the potential danger file is redefined
Security attribute, and perform the device of corresponding operating.
Compared with prior art, the present invention has advantages below:1) computer equipment can be according to having generated the compressed package
The file security attribute of the file of bag security attribute and/or the compressed package, in the case where not decompressed to the compressed package
Complete the scanning to the compressed package;2) when potential danger file in compressed package be present, computer equipment can be to the compression
It is latent to redefine directly according to the file feature information of potential danger file in compressed package in the case that bag is decompressed
In the file security attribute of dangerous file, and corresponding operating is performed, also, computer equipment need not be to the safety in compressed package
File is rescaned, and so as to largely save time and the computer resource needed for scanning, is improved
The scan efficiency of compressed package;3) computer equipment can come more according to the file security attribute of the potential danger file redefined
The file security attribute of file in the bag security attribute and/or compressed package of new compressed package, for afterwards to the compressed package again
Secondary scanning;4) computer equipment still can be by obtaining secure file quantity and calculating the number of scanned potential danger file
Amount, to carry out normal scanning file counting;5) when potential danger file in compressed package be present, can be worked as according to computer equipment
Preceding performance determines whether to perform decompression operation before the compressed package is scanned;6) when being secure file in compressed package
When, computer equipment need not decompress to the compressed package, directly can be updated according to the quantity of documents in the compressed package
Scanning and counting, and terminate the scanning of the compressed package.
Brief description of the drawings
By reading the detailed description made to non-limiting example made with reference to the following drawings, of the invention is other
Feature, objects and advantages will become more apparent upon:
Fig. 1 is the schematic flow sheet of the method for scan compression bag of one embodiment of the invention;
Fig. 2 is the schematic flow sheet of the method for scan compression bag of another embodiment of the present invention;
Fig. 3 is the schematic flow sheet of the method for scan compression bag of another embodiment of the present invention;
Fig. 4 is the structural representation of the device for scan compression bag of one embodiment of the invention;
Fig. 5 is the structural representation of the device for scan compression bag of another embodiment of the present invention;
Fig. 6 is the structural representation of the device for scan compression bag of another embodiment of the present invention.
Same or analogous reference represents same or analogous part in accompanying drawing.
Embodiment
The present invention is described in further detail below in conjunction with the accompanying drawings.
Fig. 1 is the schematic flow sheet of the method for scan compression bag of one embodiment of the invention.
Wherein, the method for the present embodiment is mainly realized by computer equipment;The computer equipment is set including network
Standby and user equipment.The network equipment includes but is not limited to the service of single network server, multiple webservers composition
Device group or the cloud being made up of a large amount of computers or the webserver based on cloud computing (Cloud Computing), wherein, cloud meter
It is one kind of Distributed Calculation, a super virtual computer being made up of the computer collection of a group loose couplings;The net
Network residing for network equipment includes but is not limited to internet, wide area network, Metropolitan Area Network (MAN), LAN, VPN (Virtual Private
Network, VPN) network etc..The user equipment include but is not limited to PC (Personal Computer) machine,
Tablet personal computer, smart mobile phone, PDA (Personal Digital Assistant, palm PC) etc..
It should be noted that the computer equipment is only for example, other calculating that are existing or being likely to occur from now on are set
It is standby to be such as applicable to the present invention, it should also be included within the scope of the present invention, and be incorporated herein by reference.
Step S1 and step S2 is included according to the method for the present embodiment.
In step sl, when the file security category of the file in the bag security attribute or the compressed package of compressed package to be scanned
Property when indicating to exist in the compressed package potential danger file, computer equipment does not decompress to the compressed package, directly obtains
The file feature information of the potential danger file.
Wherein, the file feature information includes can be used in detecting any characteristic information of the security attribute of file;It is excellent
Selection of land, the file feature information include but is not limited to the Hash characteristic value of file, such as the MD5 (Message-Digest of file
Algorithm 5, message digest algorithm 5) value).Preferably, file feature information may also include other and can be used in detecting file
Security attribute characteristic information.Preferably, the file feature information step S1 execution before by pre-determining.Wherein,
Computer equipment can obtain the file feature information using various ways;For example, computer equipment is from local data base
Directly read the file feature information of pre-determining;In another example computer equipment obtains the file characteristic letter from other equipment
Breath, the other equipment include but is not limited to the network equipment, External memory equipment etc..
Wherein, the potential danger representation of file may have dangerous file, for example, it is doubtful for virus file,
Unknown file of security etc..
Wherein, the bag security attribute is used for the security attribute for indicating compressed package;Preferably, the bag security attribute of compressed package
It is any one of following for indicating:
A) potential danger file in the compressed package be present;
B) All Files is secure file in the compressed package.
Wherein, file security attribute is used for the security attribute for indicating file in compressed package.Preferably, the file security of file
Attribute is used to indicate following any one:
A) this document is secure file;
B) this document is potential danger file.
Wherein, the mode that computer equipment determines to have potential danger file in compressed package includes but is not limited to:
1) when compressed package has bag security attribute, computer equipment can directly obtain the bag security attribute of compressed package, and
Determine potential danger file in compressed package be present according to the bag security attribute.
For example, the All Files that bag security attribute " 00 " is used to indicate in compressed package is secure file, bag security attribute
" 01 " is used to indicate potential danger file in compressed package be present;In step sl, computer equipment is safe according to the bag of compressed package
Attribute is " 01 ", determines potential danger file in compressed package be present.
2) when each file is respectively provided with file security attribute in compressed package, computer equipment can obtain each in compressed package
The file security attribute of file, when it is potential danger file that the file security attribute for occurring file first, which indicates this document, meter
Calculate machine equipment and determine potential danger file in the compressed package be present, when the file security attribute of All Files in the compressed package refers both to
When to show file be secure file, computer equipment determines that potential danger file is not present in the compressed package.
For example, file security attribute " 10 " instruction file is secure file, file security attribute " 11 " instruction file is latent
In dangerous file;There are 4 files in compressed package:F1, f2, f3 and f4.In step sl, computer equipment obtains f1 file peace
Full attribute be " 10 ", and then, the file security attribute that computer equipment continues acquisition f2 is " 10 ", then, computer equipment after
The continuous file security attribute for obtaining f3 is " 11 ", then computer equipment determines potential danger file in the compressed package be present.
It should be noted that compressed package has bag security attribute, and each file is respectively provided with file security category in compressed package
Property when, any of above two mode may be selected to determine in compressed package with the presence or absence of potential danger text in computer equipment
Part.Preferably, computer equipment would generally be directly based upon bag security attribute to determine in compressed package with the presence or absence of potential danger text
Part.
In this step S1, when the file security category of the file in the bag security attribute or the compressed package of compressed package to be scanned
When property indicates to exist in the compressed package potential danger file, computer equipment does not decompress to the compressed package, direct basis
The file security attribute for compressing package-in file determines potential danger file, and obtains the file characteristic letter of potential danger file
Breath.
For example, the All Files that bag security attribute " 00 " is used to indicate in compressed package is secure file, bag security attribute
" 01 " is used to indicate potential danger file in compressed package be present;File security attribute " 10 " instruction file is secure file, file
Security attribute " 11 " instruction this document is potential danger file.In step sl, when the bag security attribute of compressed package to be scanned
For " 01 " when, computer equipment determines that file security attribute in compressed package for two files of " 11 " is f1 and f4, and obtains f1
File feature information and f4 file feature information.
In another example compressed package does not have a bag security attribute, file security attribute " 10 " instruction file is secure file, file
Security attribute " 11 " instruction this document is potential danger file.There are 4 files in compressed package:F1, f2, f3 and f4.Computer is set
The standby f1 obtained file security attribute is " 11 ", it is determined that potential danger file in the compressed package be present, and obtains f1 text
Part characteristic information;Then, computer equipment obtains f2 file security attribute " 10 ";Then, computer equipment obtains f3 text
Part security attribute " 10 ";Then, computer equipment obtains f4 file security attribute " 11 ", and obtains f4 file characteristic letter
Breath.
It should be noted that the above-mentioned examples are merely illustrative of the technical solutions of the present invention, rather than the limit to the present invention
System, it should be appreciated by those skilled in the art that any file when in the bag security attribute or the compressed package of compressed package to be scanned
File security attribute when indicating to exist in the compressed package potential danger file, the compressed package is not decompressed, directly obtained
The implementation of the file feature information of the potential danger file is taken, should be included in the scope of the present invention.
In step s 2, computer equipment redefines potential danger according to the file feature information of potential danger file
The file security attribute of file, and perform corresponding operating.
Specifically, set for each potential danger file in all or part of potential danger in compressed package, computer
The standby file feature information according to the potential danger file, the file security attribute of potential danger file is redefined, and perform
Corresponding operating.
Wherein, step S2 can have following two optimum seeking method schemes:
1) a kind of preferred scheme as step S2, computer equipment is by by the file feature information of potential danger file
It is compared with known danger characteristic information, to redefine the file security attribute of potential danger file, and performs corresponding behaviour
Make.Wherein, the known danger characteristic information includes characteristic information that is any of, can recognize that dangerous file.
For example, in step sl, computer equipment obtains the file feature information of the potential danger file f 1 in compressed package.
In step s 2, computer equipment is compared the known danger characteristic information stored in f1 file feature information and database
Right, when f1 file feature information and all known danger characteristic informations all mismatch, computer equipment judges f1 for peace
Whole file, and f1 file security attribute is changed to safety.
2) another preferred scheme as step S2, the step S2 further comprise computer equipment to whole or portion
The following steps that each potential danger file divided in potential danger file performs:When the file according to the potential danger file is special
Reference ceases, and when judging the potential danger file for secure file, the file security attribute of the potential danger file is changed to pacify
Entirely;When the file feature information according to the potential danger file, when judging the potential danger file still for potential danger file, no
Operation is performed to the file security attribute of the potential danger file;When the file feature information according to the potential danger file, sentence
When the disconnected potential danger file is dangerous file, corresponding deletion action is performed.
Wherein, the secure file is used to represent without dangerous file;The dangerous file has for expression
The file of certain risk, such as virus, wooden horse.
Wherein, the deletion action performed when judging potential danger file for dangerous file includes but is not limited to:
A) when compressed package allows decompression, the dangerous file is deleted.
B) when compressed package does not allow decompression, the compressed package is deleted.
It should be noted that working as compressed package does not allow to decompress, and computer equipment redefines a potential danger text
When part is dangerous file, computer equipment will perform above-mentioned deletion action b) to delete the compressed package, and no longer need to the pressure
Other potential danger files in contracting bag perform corresponding operating, and therefore, in this case, computer equipment is only right in step s 2
Each potential danger file of part potential danger file in compressed package performs corresponding operating.
It should be noted that above-mentioned steps S2 two kinds of preferred schemes can be combined, for example, to all or part of potential
Each potential danger file in dangerous file, computer equipment is by the file feature information and known danger of potential danger file
Characteristic information is compared;When judging the potential danger file according to comparison result for secure file, computer equipment should
The file security attribute of potential danger file is changed to safety;When judging the potential danger file still to be potential according to comparison result
During dangerous file, computer equipment does not perform operation to the file security attribute of the potential danger file;When according to comparison result
When judging the potential danger file for dangerous file, computer equipment performs corresponding deletion action.
It should be noted that the above-mentioned examples are merely illustrative of the technical solutions of the present invention, rather than the limit to the present invention
System, it should be appreciated by those skilled in the art that any file feature information according to potential danger file, redefines potential danger
The file security attribute of file, and the implementation of corresponding operating is performed, it should be included in the scope of the present invention.
As a kind of preferred scheme of the present embodiment, compressed package is corresponding with bag security attribute, and the method for the present embodiment is also wrapped
Include step S4 upon step s 2.In step s 4, if be potentially dangerous file is judged as secure file, computer
The bag security attribute of compressed package described in renewal of the equipment.Wherein, the bag security attribute after the renewal indicates all in the compressed package
File is secure file.
For example, in step sl, when the bag security attribute of compressed package to be scanned indicates potential danger in the compressed package be present
During dangerous file, computer equipment does not decompress to the compressed package, directly obtains potential danger file f 1 and f4 in compressed package
File feature information;In step s 2, computer equipment determines that f1 is secure file according to f1 file feature information, and will
F1 file security attribute is changed to safety, also, determines that f4 is secure file according to f4 file feature information, and by f4's
File security attribute is changed to safety;Then in step s 4, computer equipment updates the bag security attribute of the compressed package, so that
Bag security attribute after renewal indicates that the All Files in the compressed package is secure file.
As another preferred scheme of the present embodiment, the method for the present embodiment also includes step S5 and step S6.
In step s 5, when the performance of the computer equipment conforms to a predetermined condition, computer equipment performs step S1
With step S2.
Wherein.The predetermined condition includes any predetermined, related to the performance of computer equipment or currently used load
Condition.Preferably, the performance of the predetermined condition instruction computer equipment is less than the first predetermined threshold or currently used load
Higher than the second predetermined threshold.
For example, predetermined condition accounts for for the CPU (Central Processing Unit, central processing unit) of computer equipment
It is higher than the second predetermined threshold with rate, such as 50%.In step s 5, when the CPU usage of computer equipment is 60%, computer
Equipment performs step S1 and step S2 and carrys out scan compression bag.
It should be noted that the above-mentioned examples are merely illustrative of the technical solutions of the present invention, rather than the limit to the present invention
System, it should be appreciated by those skilled in the art that it is any when the performance of the computer equipment conforms to a predetermined condition, perform step S1
With step S2 implementation, should be included in the scope of the present invention.
In step s 6, when the performance of computer equipment does not meet predetermined condition, if the bag security attribute or described
File security attribute indicates potential danger file in the compressed package be present, and computer equipment decompresses the compressed package with again
The file security attribute of potential danger file is determined, and performs corresponding operating.
For example, predetermined condition is higher than 50% for the CPU usage of computer equipment.In step s 6, computer equipment is worked as
CPU usage be 20% when, if the file security attribute of the file of the bag security attribute of compressed package or compressed package indicates the pressure
Potential danger file f 1 be present in contracting bag, computer equipment decompresses the compressed package to obtain f1, and the file for generating the f1 is special
Reference breath is to redefine f1 file security attribute, also, computer equipment is sentenced according to the f1 of generation file feature information
Disconnected f1 is dangerous file, and deletes f1.
It should be noted that in step S6, computer equipment is according to the file security attribute redefined come the phase that performs
It should operate, or phase identical with the corresponding operating that step S2 Computers equipment performs according to the file security attribute redefined
Seemingly, will not be repeated here.
It should be noted that the above-mentioned examples are merely illustrative of the technical solutions of the present invention, rather than the limit to the present invention
System, it should be appreciated by those skilled in the art that it is any when the performance of computer equipment does not meet predetermined condition, if the bag safety
Attribute or the file security attribute indicate potential danger file be present in the compressed package, decompress the compressed package with again
The file security attribute of potential danger file is determined, and performs the implementation of corresponding operating, should be included in the model of the present invention
In enclosing.
It is further comprising the steps of as another preferred scheme of the present embodiment, the method for the present embodiment:As the Bao An
When full attribute or the file security attribute indicate to exist in the compressed package potential danger file, computing technique equipment is not to the pressure
Contracting bag is decompressed, and directly the quantity of the secure file in the compressed package is included in scanning file counting, and according to quilt
The quantity of the potential danger file of file security attribute is redefined, the scanning file is updated and counts.
For example, Current Scan file is counted as 20, computer equipment starts scan compression bag, when the bag safety of the compressed package
When attribute indicates to exist in the compressed package potential danger file, computer equipment does not decompress to the compressed package, directly reads
The quantity for taking secure file in the compressed package is 5, then scanning file count update is 25 by computer equipment, and according to by again
The quantity of the potential danger file of file security attribute is determined, the scanning file is updated and counts.
Wherein, computer equipment is swept according to the quantity of the potential danger file for being re-determined file security attribute, renewal
The implementation for retouching File Technology includes but is not limited to:
1) whenever the file security attribute for redefining a potential danger file, computer equipment just increases a scanning
File counts.
For example, Current Scan file is counted as 20, the quantity of secure file of the computer equipment in compressed package, will sweep
It is 25 to retouch file count update, and afterwards, when the file security attribute for redefining a potential danger file, computer equipment will
Scanning file count update is 26, when the file security attribute for redefining a potential danger file again, computer equipment
It is 27 by scanning file count update, by that analogy, until having redefined the file for the file that is potentially dangerous in compressed package
Security attribute.
2) when the file security attribute for having redefined the file that is potentially dangerous in compressed package, computer equipment is according to pressure
The quantity of potential danger file in contracting bag, renewal scanning file count.
For example, Current Scan file is counted as 20, the quantity of secure file of the computer equipment in compressed package, will sweep
It is 25 to retouch file count update, afterwards, when the file security attribute for having redefined the file that is potentially dangerous in compressed package, meter
Quantity " 3 " of the machine equipment according to potential danger file in compressed package is calculated, is 28 by scanning file count update.
It should be noted that can preferably, in compressed package there be the quantity of the secure file in the compressed package and potential
The quantity of dangerous file;Also, computer equipment can update according to the file security attribute of the potential danger file redefined
The quantity for the secure file having in compressed package and the quantity of potential danger file.
It should be noted that the above-mentioned examples are merely illustrative of the technical solutions of the present invention, rather than the limit to the present invention
System, it should be appreciated by those skilled in the art that any when the bag security attribute or the file security attribute indicate the compressed package
In when potential danger file be present, the compressed package is not decompressed, directly by the number of the secure file in the compressed package
Gauge enters in scanning file counting, and according to the quantity for the potential danger file for being re-determined file security attribute, updates institute
The implementation of scanning file counting is stated, should be included in the scope of the present invention.
In the prior art, in scan compression bag, need first to decompress compressed package, then to decompressing obtained file
It is scanned, this causes the less efficient of scanning.Especially work as and be frequently necessary to carry out same compressed package multiple scanning, and compress
When file in bag is mostly secure file, efficiency can be more low.For example, the computer that user would generally periodically be used for
Equipment carries out scan full hard disk, and during scan full hard disk, for each compressed package to be scanned, computer equipment will be advanced
Row decompression, then scan the file that decompression obtains;Also, when carrying out scan full hard disk, most compressed package was all former
It is scanned.Which results in many multiple scannings so that the efficiency of scanning is low.
According to the method for the present embodiment, computer equipment can according to the bag security attribute for having generated the compressed package and/or should
The file security attribute of the file of compressed package, complete to sweep the compressed package in the case where not decompressing the compressed package
Retouch.
When potential danger file in compressed package be present, computer equipment can be in the feelings not decompressed to the compressed package
Under condition, directly according to the file feature information of potential danger file in compressed package, to redefine the file of potential danger file
Security attribute, and corresponding operating is performed, also, computer equipment need not be swept again to the secure file in compressed package
Retouch, so as to largely save time and the computer resource needed for scanning, improve the scanning effect of compressed package
Rate;In addition, according to the method for the present embodiment, computer equipment can be according to the file security category of the potential danger file redefined
Property, to update the file security attribute of file in the bag security attribute of compressed package and/or compressed package, for afterwards to the compression
The scanning again of bag;Also, according to the method for the present embodiment, computer equipment still can be by obtaining secure file quantity and meter
The quantity of scanned potential danger file, to carry out normal scanning file counting.
In addition, according to the method for the present embodiment, can be according to computer equipment when potential danger file in compressed package be present
Current performance determines whether to perform decompression operation before the compressed package is scanned.
Fig. 2 is the schematic flow sheet of the method for scan compression bag of another embodiment of the present invention.The present embodiment
Method mainly realized by computer equipment, wherein, with reference to any theory done in embodiment illustrated in fig. 1 to computer equipment
It is bright, it is incorporated herein by reference.
Step S1, step S2 and step S3 are included according to the method for the present embodiment, wherein, the step S1 and step S2 are
It is described in detail, is will not be repeated here in embodiment described in reference picture 1.
In step s3, when the file security attribute of the file in the bag security attribute or the compressed package of the compressed package refers to
When the All Files for showing in the compressed package is secure file, computer equipment does not decompress to the compressed package, direct root
According to the quantity of documents of the compressed package, renewal scanning file counts.
Specifically, when the file security attribute instruction of the file in the bag security attribute or the compressed package of the compressed package should
When All Files in compressed package is secure file, computer equipment does not decompress to the compressed package, directly reads this
Quantity of documents in compressed package, and scanning file is updated according to this document quantity and counted.
For example, Current Scan file is counted as 20, the institute in the compressed package is indicated when the bag security attribute of the compressed package
When to have file be secure file, the quantity of documents that computer equipment reads the compressed package is " 10 ", then computer equipment updates
Scanning file is counted as 30, and terminates the scanning to the compressed package.
It should be noted that the above-mentioned examples are merely illustrative of the technical solutions of the present invention, rather than the limit to the present invention
System, it should be appreciated by those skilled in the art that any when the bag security attribute of the compressed package or the text of the file in the compressed package
Part security attribute indicates the All Files in the compressed package when being secure file, and computer equipment does not solve to the compressed package
Compression, the implementation directly counted according to the quantity of documents of the compressed package, renewal scanning file, should be included in the present invention's
In the range of.
It should be noted that include whether being met according to the performance of the computer equipment with reference to embodiment illustrated in fig. 1
Predetermined condition determines whether to perform step S1 and S2 scheme.Then will the implementation with reference to shown in embodiment illustrated in fig. 1 and reference picture 2
When example is combined, those skilled in the art will be understood that computer equipment can be first according to bag security attribute or file security category
Property judges to whether there is in compressed package potential danger file, and when potential danger file be present, just according to computer equipment
Performance whether conform to a predetermined condition determine whether perform step S1 and step S2, when in the absence of potential danger file, directly
Connect and perform step S3 without being decompressed and being scanned to compressed package;Or computer equipment can first judge computer equipment
Whether whether performance conforms to a predetermined condition, and when conforming to a predetermined condition, indicated according to bag security attribute or file security attribute
It whether there is potential danger file in compressed package, to determine to perform step S1 and S2 or perform step S3, when not meeting predetermined bar
During part, decompress compressed package and scanning is re-started to all files in compressed package.
According to the method for the present embodiment, when in compressed package being secure file, computer equipment need not be to the compression
Bag is decompressed, and directly can update scanning and counting according to the quantity of documents in the compressed package, and terminate sweeping for the compressed package
Retouch.
Fig. 3 is the schematic flow sheet of the method for scan compression bag of another embodiment of the present invention.The present embodiment
Method mainly realized by computer equipment, wherein, computer equipment is done in reference picture 1 or embodiment illustrated in fig. 2
Any explanation, is incorporated herein by reference.Step S4, step S1 and step S2 are included according to the method for the present embodiment.
Wherein, step S1 and step S2 are described in detail with reference to the embodiment shown in FIG. 1, will not be repeated here.
In step s 4, when the file security attribute of file in the bag security attribute and/or compressed package of compressed package is not present
When, computer equipment decompresses the compressed package to be scanned, and generates the bag security attribute of the compressed package and/or described
The file security attribute of the file of compressed package.
Specifically, when the file security attribute of file in the bag security attribute and/or compressed package of compressed package is not present, meter
Calculate machine equipment and decompress the compressed package to be scanned, and the file of this document is generated according to the scanning result of each file
Security attribute, and/or, the bag security attribute of the compressed package is generated according to the scanning result of All Files.
For example, compressed package includes file f 1, f2, f3 and f4.When the bag security attribute of compressed package is not present, computer
Equipment decompresses the compressed package to be scanned, and determines that f1, f2, f3 and f4 are secure file according to scanning result, then calculates
Machine equipment generates the bag security attribute of the compressed package, and the bag security attribute of the generation is used to indicate the All Files in the compressed package
It is secure file.
For example, compressed package includes file f 1, f2, f3 and f4.When the bag security attribute and file security attribute of compressed package
When being not present, computer equipment decompresses the compressed package to be scanned, and determines f1, f2 and f3 for safety according to scanning result
File, f4 are potential danger file, then computer equipment generates the file security attribute corresponding to f1, f2, f3 and f4 respectively, and
The bag security attribute of the compressed package is generated, the bag security attribute of the generation is used to indicate potential danger text in the compressed package be present
Part.
Preferably, when detecting potential danger file in the compressed package being decompressed, potential danger text is stored
The file feature information of part.
For example, compressed package includes file f 1, f2, f3 and f4.When the bag security attribute and file security attribute of compressed package
When being not present, computer equipment decompresses the compressed package, and for each file in the compressed package, computer equipment generation should
The file feature information of file, and obtain according to this document characteristic information the scanning result of this document;According to each in compressed package
The scanning result of file, computer equipment detect that f4 is potential danger file, then computer equipment storage f4 file characteristic
Information.
When needing to scan the compressed package again, computer equipment, which performs step S1 and step S2, to be come not to the compressed package
In the case of being decompressed, the scanning to the compressed package is completed.
It should be noted that the above-mentioned examples are merely illustrative of the technical solutions of the present invention, rather than the limit to the present invention
System, it should be appreciated by those skilled in the art that any when the file security of file in the bag security attribute and/or compressed package of compressed package
When attribute is not present, the compressed package is decompressed to be scanned, and generates the bag security attribute of the compressed package and/or described
The implementation of the file security attribute of the file of compressed package, should be included in the scope of the present invention.
Fig. 4 is the structural representation of the device for scan compression bag of one embodiment of the invention.This is used to scan pressure
The device (hereinafter referred to as " scanning means ") of contracting bag includes being used for the bag security attribute when compressed package to be scanned or the compression
When the file security attribute of file in bag indicates to exist in the compressed package potential danger file, the compressed package is not decompressed
Contracting, directly obtain the device (hereinafter referred to as " acquisition device 1 ") of the file feature information of the potential danger file, Yi Jiyong
In the file feature information according to potential danger file, the file security attribute of potential danger file is redefined, and performs phase
The device (hereinafter referred to as " determining device 2 ") that should be operated.
When the file security attribute of the file in the bag security attribute or the compressed package of compressed package to be scanned indicates the pressure
When potential danger file be present in contracting bag, acquisition device 1 does not decompress to the compressed package, directly obtains the potential danger
The file feature information of file.
Wherein, the file feature information includes can be used in detecting any characteristic information of the security attribute of file;It is excellent
Selection of land, the file feature information include but is not limited to the Hash characteristic value of file, such as the MD5 (Message-Digest of file
Algorithm 5, message digest algorithm 5) value).Preferably, file feature information may also include other and can be used in detecting file
Security attribute characteristic information.Preferably, the file feature information acquisition device 1 perform operation before by it is pre- really
It is fixed.Wherein, computer equipment can obtain the file feature information using various ways;For example, computer equipment is from local
The file feature information of pre-determining is directly read in database;In another example computer equipment obtains the text from other equipment
Part characteristic information, the other equipment include but is not limited to the network equipment, External memory equipment etc..
Wherein, the potential danger representation of file may have dangerous file, for example, it is doubtful for virus file,
Unknown file of security etc..
Wherein, the bag security attribute is used for the security attribute for indicating compressed package;Preferably, the bag security attribute of compressed package
It is any one of following for indicating:
A) potential danger file in the compressed package be present;
B) All Files is secure file in the compressed package.
Wherein, file security attribute is used for the security attribute for indicating file in compressed package.Preferably, the file security of file
Attribute is used to indicate following any one:
A) this document is secure file;
B) this document is potential danger file.
Wherein, the mode that acquisition device 1 determines potential danger file to be present in compressed package includes but is not limited to:
1) when compressed package has bag security attribute, acquisition device 1 can directly obtain the bag security attribute of compressed package, and root
Determine potential danger file in compressed package be present according to the bag security attribute.
For example, the All Files that bag security attribute " 00 " is used to indicate in compressed package is secure file, bag security attribute
" 01 " is used to indicate potential danger file in compressed package be present;Acquisition device 1 is " 01 " according to the bag security attribute of compressed package, really
Determine potential danger file in compressed package be present.
2) when each file is respectively provided with file security attribute in compressed package, acquisition device 1 can obtain each in compressed package
The file security attribute of file, when it is potential danger file that the file security attribute for occurring file first, which indicates this document, obtain
Device 1 is taken to determine potential danger file be present in the compressed package, when the file security attribute of All Files in the compressed package refers both to
When to show file be secure file, acquisition device 1 determines that potential danger file is not present in the compressed package.
For example, file security attribute " 10 " instruction file is secure file, file security attribute " 11 " instruction file is latent
In dangerous file;There are 4 files in compressed package:F1, f2, f3 and f4.Acquisition device 1 obtain f1 file security attribute be
" 10 ", then, the file security attribute that acquisition device 1 continues to obtain f2 is " 10 ", and then, acquisition device 1 continues to obtain f3's
File security attribute is " 11 ", then acquisition device 1 determines potential danger file be present in the compressed package.
It should be noted that compressed package has bag security attribute, and each file is respectively provided with file security category in compressed package
During property, any of above two mode may be selected to determine to whether there is potential danger file in compressed package in acquisition device 1.
Preferably, acquisition device 1 would generally be directly based upon bag security attribute to determine to whether there is potential danger file in compressed package.
When the file security attribute of the file in the bag security attribute or the compressed package of compressed package to be scanned indicates the pressure
When potential danger file be present in contracting bag, acquisition device 1 does not decompress to the compressed package, directly according to compression package-in file
File security attribute determine potential danger file, and obtain the file feature information of potential danger file.
For example, the All Files that bag security attribute " 00 " is used to indicate in compressed package is secure file, bag security attribute
" 01 " is used to indicate potential danger file in compressed package be present;File security attribute " 10 " instruction file is secure file, file
Security attribute " 11 " instruction this document is potential danger file.When the bag security attribute of compressed package to be scanned is " 01 ", obtain
Take device 1 to determine that file security attribute is that two files of " 11 " are f1 and f4 in compressed package, and obtain f1 file characteristic letter
The file feature information of breath and f4.
In another example compressed package does not have a bag security attribute, file security attribute " 10 " instruction file is secure file, file
Security attribute " 11 " instruction this document is potential danger file.There are 4 files in compressed package:F1, f2, f3 and f4.Acquisition device 1
The f1 of acquisition file security attribute is " 11 ", it is determined that potential danger file in the compressed package be present, and obtains f1 file
Characteristic information;Then, acquisition device 1 obtains f2 file security attribute " 10 ";Then, acquisition device 1 obtains f3 file peace
Full attribute " 10 ";Then, acquisition device 1 obtains f4 file security attribute " 11 ", and obtains f4 file feature information.
It should be noted that the above-mentioned examples are merely illustrative of the technical solutions of the present invention, rather than the limit to the present invention
System, it should be appreciated by those skilled in the art that any file when in the bag security attribute or the compressed package of compressed package to be scanned
File security attribute when indicating to exist in the compressed package potential danger file, the compressed package is not decompressed, directly obtained
The implementation of the file feature information of the potential danger file is taken, should be included in the scope of the present invention.
Determining device 2 redefines the file peace of potential danger file according to the file feature information of potential danger file
Full attribute, and perform corresponding operating.
Specifically, for each potential danger file in all or part of potential danger in compressed package, determining device 2
According to the file feature information of the potential danger file, the file security attribute of potential danger file is redefined, and performs phase
It should operate.
Wherein it is determined that device 2 can have following two optimum seeking method schemes:
1) a kind of preferred scheme as determining device 2, determining device 2 include sub- determining device (not shown).Son determines
Device is potential to redefine by the way that the file feature information of potential danger file is compared with known danger characteristic information
The file security attribute of dangerous file, and perform corresponding operating.Wherein, the known danger characteristic information includes any known
, characteristic information that can recognize that dangerous file.
For example, acquisition device 1 obtains the file feature information of the potential danger file f 1 in compressed package.Sub- determining device will
F1 file feature information is compared with the known danger characteristic information stored in database, when f1 file feature information with
When all known danger characteristic informations all mismatch, sub- determining device judges f1 for secure file, and by f1 file security
Attribute changes are safety.
2) another preferred scheme as determining device 2, determining device 2 further comprise to all or part of potential danger
Each potential danger file in dangerous file performs the first judgment means (not shown) of operation, the second judgment means (not shown)
With the 3rd judgment means (not shown).When the file feature information according to the potential danger file, the potential danger file is judged
For secure file when, the file security attribute of the potential danger file is changed to safety by the first judgment means;When latent according to this
In the file feature information of dangerous file, when judging the potential danger file still for potential danger file, the second judgment means are not
Operation is performed to the file security attribute of the potential danger file;When the file feature information according to the potential danger file, sentence
When the disconnected potential danger file is dangerous file, the 3rd judgment means perform corresponding deletion action.
Wherein, the secure file is used to represent without dangerous file;The dangerous file has for expression
The file of certain risk, such as virus, wooden horse.
Wherein, the deletion action performed when judging potential danger file for dangerous file includes but is not limited to:
A) when compressed package allows decompression, the dangerous file is deleted.
B) when compressed package does not allow decompression, the compressed package is deleted.
It should be noted that working as compressed package does not allow to decompress, and computer equipment redefines a potential danger text
When part is dangerous file, the 3rd judgment means perform above-mentioned deletion action b) to delete the compressed package, and no longer need to the pressure
Other potential danger files in contracting bag perform corresponding operating, and therefore, in this case, determining device 2 is only in compressed package
Each potential danger file of part potential danger file performs corresponding operating.
It should be noted that two kinds of preferred schemes of above-mentioned determining device 2 can be combined, for example, to all or part
Each potential danger file in potential danger file, sub- determining device by the file feature information of potential danger file with it is known
Compromising feature information is compared;When judging the potential danger file according to comparison result for secure file, first judges dress
Put and the file security attribute of the potential danger file is changed to safety;When judging the potential danger file still according to comparison result
For potential danger file when, the second judgment means do not perform operation to the file security attribute of the potential danger file;Work as basis
When comparison result judges the potential danger file for dangerous file, the 3rd judgment means perform corresponding deletion action.
It should be noted that the above-mentioned examples are merely illustrative of the technical solutions of the present invention, rather than the limit to the present invention
System, it should be appreciated by those skilled in the art that any file feature information according to potential danger file, redefines potential danger
The file security attribute of file, and the implementation of corresponding operating is performed, it should be included in the scope of the present invention.
As a kind of preferred scheme of the present embodiment, compressed package is corresponding with bag security attribute, the scanning means of the present embodiment
It is additionally included in the first updating device (not shown) that determining device 2 performs operation afterwards.If be potentially dangerous file is judged to
Break and update the bag security attribute of the compressed package for secure file, the first updating device.Wherein, the bag security attribute after the renewal
It is secure file to indicate the All Files in the compressed package.
For example, when the bag security attribute of compressed package to be scanned indicates potential danger file to be present in the compressed package, obtain
Take device 1 not decompressed to the compressed package, directly obtain potential danger file f 1 and f4 file characteristic letter in compressed package
Breath;First judgment means determine that f1 is secure file according to f1 file feature information, and f1 file security attribute is changed
For safety, also, determine that f4 is secure file according to f4 file feature information, and f4 file security attribute is changed to
Safety;Then the first updating device updates the bag security attribute of the compressed package, so that the bag security attribute after renewal indicates the compression
All Files in bag is secure file.
As another preferred scheme of the present embodiment, the scanning means of the present embodiment also includes the 4th judgment means (figure
Do not show) and the 5th judgment means (not shown).
When the performance of computer equipment conforms to a predetermined condition, the 4th judgment means triggering acquisition device 1 and determining device 2
Perform operation.
Wherein.The predetermined condition includes any predetermined, related to the performance of computer equipment or currently used load
Condition.Preferably, the performance of the predetermined condition instruction computer equipment is less than the first predetermined threshold or currently used load
Higher than the second predetermined threshold.
For example, predetermined condition is higher than the second predetermined threshold for the CPU usage of computer equipment, such as 50%.Work as computer
When the CPU usage of equipment is 60%, the 4th judgment means triggering acquisition device 1 and determining device 2 perform operation to scan pressure
Contracting bag.
It should be noted that the above-mentioned examples are merely illustrative of the technical solutions of the present invention, rather than the limit to the present invention
System, it should be appreciated by those skilled in the art that any when the performance of the computer equipment conforms to a predetermined condition, triggering obtains dress
The implementation of 1 and the execution operation of determining device 2 is put, should be included in the scope of the present invention.
When the performance of computer equipment does not meet predetermined condition, if the bag security attribute or the file security attribute
Indicate potential danger file in the compressed package be present, the 5th judgment means decompress the compressed package to redefine potential danger
The file security attribute of dangerous file, and perform corresponding operating.
For example, predetermined condition is higher than 50% for the CPU usage of computer equipment.When the CPU usage of computer equipment
For 20% when, if the file security attribute of the file of the bag security attribute of compressed package or compressed package indicate to exist in the compressed package it is latent
In dangerous file f 1, the 5th judgment means decompress the compressed package to obtain f1, and generate the file feature information of the f1 with weight
The new file security attribute for determining f1, also, the 5th judgment means judge f1 for danger according to the f1 of generation file feature information
Dangerous file, and delete f1.
It should be noted that the 5th judgment means according to the file security attribute redefined come the corresponding operating that performs,
The corresponding operating performed with determining device 2 according to the file security attribute redefined is same or similar, will not be repeated here.
It should be noted that the above-mentioned examples are merely illustrative of the technical solutions of the present invention, rather than the limit to the present invention
System, it should be appreciated by those skilled in the art that it is any when the performance of computer equipment does not meet predetermined condition, if the bag safety
Attribute or the file security attribute indicate potential danger file be present in the compressed package, decompress the compressed package with again
The file security attribute of potential danger file is determined, and performs the implementation of corresponding operating, should be included in the model of the present invention
In enclosing.
As another preferred scheme of the present embodiment, the scanning means of the present embodiment also includes the second updating device (figure
Do not show).When the bag security attribute or the file security attribute indicate potential danger file to be present in the compressed package, second
Updating device is not decompressed to the compressed package, and the quantity of the secure file in the compressed package directly is included in into scanning file
In counting, and according to the quantity for the potential danger file for being re-determined file security attribute, update the scanning file and count.
For example, Current Scan file is counted as 20, computer equipment starts scan compression bag, when the bag safety of the compressed package
When attribute indicates to exist in the compressed package potential danger file, the second updating device does not decompress to the compressed package, directly
The quantity for reading secure file in the compressed package is 5, then scanning file count update is 25 by computer equipment, and according to being weighed
The quantity of the new potential danger file for determining file security attribute, update the scanning file and count.
Wherein, the second updating device is according to the quantity for the potential danger file for being re-determined file security attribute, renewal
The implementation of scanning file technology includes but is not limited to:
1) whenever the file security attribute for redefining a potential danger file, the second updating device just increases by one and swept
Retouch file counting.
For example, Current Scan file is counted as 20, the quantity of secure file of second updating device in compressed package will
Scanning file count update is 25, afterwards, when the file security attribute for redefining a potential danger file, the second more new clothes
It is 26 to put scanning file count update, and when the file security attribute for redefining a potential danger file again, second more
Scanning file count update is 27 by new equipment, by that analogy, until having redefined the file that is potentially dangerous in compressed package
File security attribute.
2) when the file security attribute for having redefined the file that is potentially dangerous in compressed package, the second updating device according to
The quantity of potential danger file in compressed package, renewal scanning file count.
For example, Current Scan file is counted as 20, the quantity of secure file of second updating device in compressed package will
Scanning file count update is 25, afterwards, when the file security attribute for having redefined the file that is potentially dangerous in compressed package,
Scanning file count update is 28 according to the quantity " 3 " of potential danger file in compressed package by the second updating device.
It should be noted that can preferably, in compressed package there be the quantity of the secure file in the compressed package and potential
The quantity of dangerous file;Also, computer equipment can update according to the file security attribute of the potential danger file redefined
The quantity for the secure file having in compressed package and the quantity of potential danger file.
It should be noted that the above-mentioned examples are merely illustrative of the technical solutions of the present invention, rather than the limit to the present invention
System, it should be appreciated by those skilled in the art that any when the bag security attribute or the file security attribute indicate the compressed package
In when potential danger file be present, the compressed package is not decompressed, directly by the number of the secure file in the compressed package
Gauge enters in scanning file counting, and according to the quantity for the potential danger file for being re-determined file security attribute, updates institute
The implementation of scanning file counting is stated, should be included in the scope of the present invention.
In the prior art, in scan compression bag, need first to decompress compressed package, then to decompressing obtained file
It is scanned, this causes the less efficient of scanning.Especially work as and be frequently necessary to carry out same compressed package multiple scanning, and compress
When file in bag is mostly secure file, efficiency can be more low.For example, the computer that user would generally periodically be used for
Equipment carries out scan full hard disk, and during scan full hard disk, for each compressed package to be scanned, computer equipment will be advanced
Row decompression, then scan the file that decompression obtains;Also, when carrying out scan full hard disk, most compressed package was all former
It is scanned.Which results in many multiple scannings so that the efficiency of scanning is low.
According to the scheme of the present embodiment, computer equipment can according to the bag security attribute for having generated the compressed package and/or should
The file security attribute of the file of compressed package, complete to sweep the compressed package in the case where not decompressing the compressed package
Retouch.
When potential danger file in compressed package be present, computer equipment can be in the feelings not decompressed to the compressed package
Under condition, directly according to the file feature information of potential danger file in compressed package, to redefine the file of potential danger file
Security attribute, and corresponding operating is performed, also, computer equipment need not be swept again to the secure file in compressed package
Retouch, so as to largely save time and the computer resource needed for scanning, improve the scanning effect of compressed package
Rate;In addition, according to the scheme of the present embodiment, computer equipment can be according to the file security category of the potential danger file redefined
Property, to update the file security attribute of file in the bag security attribute of compressed package and/or compressed package, for afterwards to the compression
The scanning again of bag;Also, according to the scheme of the present embodiment, computer equipment still can be by obtaining secure file quantity and meter
The quantity of scanned potential danger file, to carry out normal scanning file counting.
In addition, according to the scheme of the present embodiment, can be according to computer equipment when potential danger file in compressed package be present
Current performance determines whether to perform decompression operation before the compressed package is scanned.
Fig. 5 is the structural representation of the device for scan compression bag of another embodiment of the present invention.The present embodiment
Scanning means includes acquisition device 1, determining device 2 and for when in the bag security attribute or the compressed package of the compressed package
The file security attribute All Files that indicates in the compressed package of file when being secure file, the compressed package is not solved
Compression, directly according to the quantity of documents of the compressed package, device that renewal scanning file counts (hereinafter referred to as " the depth of the night new clothes
Put 3 "), wherein, the acquisition device 1 and determining device 2 are described in detail in embodiment described in reference picture 4, no longer superfluous herein
State.
When the file security attribute of the file in the bag security attribute or the compressed package of the compressed package indicates the compressed package
In All Files when being secure file, the 3rd updating device 3 does not decompress to the compressed package, directly according to the compression
The quantity of documents of bag, renewal scanning file count.
Specifically, when the file security attribute instruction of the file in the bag security attribute or the compressed package of the compressed package should
When All Files in compressed package is secure file, the 3rd updating device 3 does not decompress to the compressed package, directly reads
Quantity of documents in the compressed package, and scanning file is updated according to this document quantity and counted.
For example, Current Scan file is counted as 20, the institute in the compressed package is indicated when the bag security attribute of the compressed package
When to have file be secure file, the quantity of documents that the 3rd updating device 3 reads the compressed package is " 10 ", then the 3rd updating device
3 renewal scanning files are counted as 30, and terminate the scanning to the compressed package.
It should be noted that the above-mentioned examples are merely illustrative of the technical solutions of the present invention, rather than the limit to the present invention
System, it should be appreciated by those skilled in the art that any when the bag security attribute of the compressed package or the text of the file in the compressed package
Part security attribute indicates the All Files in the compressed package when being secure file, and computer equipment does not solve to the compressed package
Compression, the implementation directly counted according to the quantity of documents of the compressed package, renewal scanning file, should be included in the present invention's
In the range of.
It should be noted that include whether being met according to the performance of the computer equipment with reference to embodiment illustrated in fig. 4
Predetermined condition performs the scheme of operation to determine whether to trigger acquisition device 1 and determining device 2.It will then implement reference picture 4 Suo Shi
Example be combined with reference to embodiment illustrated in fig. 5 when, those skilled in the art will be understood that computer equipment can be first according to Bao An
Full attribute or file security attribute judge whether there is in compressed package potential danger file, and ought have potential danger file
When, just determine whether that triggering acquisition device 1 and determining device 2 holds according to whether the performance of computer equipment conforms to a predetermined condition
Row operation, when in the absence of potential danger file, the 3rd updating device 3 directly performs operation without being decompressed to compressed package
And scanning;Or computer equipment can first judge whether the performance of computer equipment conforms to a predetermined condition, and work as and meet predetermined bar
During part, whether indicated to whether there is potential danger file in compressed package according to bag security attribute or file security attribute, to determine
Triggering acquisition device 1 and determining device 2 perform operation or the 3rd updating device 3 directly performs operation, when not meeting predetermined condition
When, decompress compressed package and scanning is re-started to all files in compressed package.
According to the scheme of the present embodiment, when in compressed package being secure file, computer equipment need not be to the compression
Bag is decompressed, and directly can update scanning and counting according to the quantity of documents in the compressed package, and terminate sweeping for the compressed package
Retouch.
Fig. 6 is the structural representation of the device for scan compression bag of another embodiment of the present invention.The present embodiment
Scanning means includes acquisition device 1, determining device 2 and for when file in the bag security attribute and/or compressed package of compressed package
File security attribute when being not present, decompress the compressed package to be scanned, and the bag for generating the compressed package belongs to safely
The device (hereinafter referred to as everybody " generating means 4 ") of the file security attribute of the file of property and/or the compressed package.
Wherein, acquisition device 1 and determining device 2 are described in detail with reference to the embodiment shown in FIG. 4, no longer superfluous herein
State.
When the file security attribute of file in the bag security attribute and/or compressed package of compressed package is not present, generating means 4
The compressed package is decompressed to be scanned, and generates the bag security attribute of the compressed package and/or the file of the compressed package
File security attribute.
Specifically, it is raw when the file security attribute of file in the bag security attribute and/or compressed package of compressed package is not present
The compressed package is decompressed to be scanned into device 4, and the file of this document is generated according to the scanning result of each file
Security attribute, and/or, the bag security attribute of the compressed package is generated according to the scanning result of All Files.
For example, compressed package includes file f 1, f2, f3 and f4.When the bag security attribute of compressed package is not present, generation dress
The 4 decompressions compressed package is put to be scanned, determines that f1, f2, f3 and f4 are secure file according to scanning result, then generation dress
The bag security attribute of the 4 generation compressed packages is put, the bag security attribute of the generation is used to indicate that the All Files in the compressed package is equal
For secure file.
For example, compressed package includes file f 1, f2, f3 and f4.When the bag security attribute and file security attribute of compressed package
When being not present, generating means 4 decompress the compressed package to be scanned, and determine f1, f2 and f3 for safety according to scanning result
File, f4 are potential danger file, then generating means 4 generate the file security attribute corresponding to f1, f2, f3 and f4 respectively, and
The bag security attribute of the compressed package is generated, the bag security attribute of the generation is used to indicate potential danger text in the compressed package be present
Part.
Preferably, generating means 4 further comprise storage device (not shown).Examined when in the compressed package being decompressed
When measuring potential danger file, storage device stores the file feature information of the potential danger file.
For example, compressed package includes file f 1, f2, f3 and f4.When the bag security attribute and file security attribute of compressed package
When being not present, generating means 4 decompress the compressed package, and for each file in the compressed package, generating means 4 generate this article
The file feature information of part, and obtain according to this document characteristic information the scanning result of this document;According to each text in compressed package
The scanning result of part, storage device detects f4 when being potential danger file, then storage device storage f4 file feature information.
When needing to scan the compressed package again, acquisition device 1 and determining device 2 perform operation and come not to the compressed package
In the case of being decompressed, the scanning to the compressed package is completed.
It should be noted that the above-mentioned examples are merely illustrative of the technical solutions of the present invention, rather than the limit to the present invention
System, it should be appreciated by those skilled in the art that any when the file security of file in the bag security attribute and/or compressed package of compressed package
When attribute is not present, the compressed package is decompressed to be scanned, and generates the bag security attribute of the compressed package and/or described
The implementation of the file security attribute of the file of compressed package, should be included in the scope of the present invention.
It should be noted that the present invention can be carried out in the assembly of software and/or software and hardware, for example, this hair
Bright each device can use application specific integrated circuit (ASIC, Application Specific Integrated Circuit)
Or any other is realized similar to hardware device.In one embodiment, software program of the invention can be held by processor
Go to realize steps described above or function.Similarly, software program of the invention (include related data structure) can be by
Store in computer readable recording medium storing program for performing, for example, RAM (Random Access Memory) memory, magnetically or optically driver
Or floppy disc and similar devices.In addition, the present invention some steps or function can employ hardware to realize, for example, as with place
Reason device coordinates so as to perform the circuit of each step or function.
It is obvious to a person skilled in the art that the invention is not restricted to the details of above-mentioned one exemplary embodiment, Er Qie
In the case of without departing substantially from spirit or essential attributes of the invention, the present invention can be realized in other specific forms.Therefore, no matter
From the point of view of which point, embodiment all should be regarded as exemplary, and be nonrestrictive, the scope of the present invention is by appended power
Profit requires rather than described above limits, it is intended that all in the implication and scope of the equivalency of claim by falling
Change is included in the present invention.Any reference in claim should not be considered as to the involved claim of limitation.This
Outside, it is clear that the word of " comprising " one is not excluded for other units or step, and odd number is not excluded for plural number.That is stated in system claims is multiple
Unit or device can also be realized by a unit or device by software or hardware.The first, the second grade word is used for table
Show title, and be not offered as any specific order.
Claims (20)
1. a kind of method for being used for scan compression bag in computer equipment, wherein, this method comprises the following steps:
A. when the file security attribute of the file in the bag security attribute or the compressed package of compressed package to be scanned indicates the compression
When potential danger file in bag be present, the compressed package is not decompressed, directly pacified according to the file of file in the compressed package
Full attribute determines the potential danger file, and obtains the file feature information of the potential danger file;
B. according to the file feature information of the potential danger file, the file security category of the potential danger file is redefined
Property, and perform corresponding operating;
Wherein, the step b includes:
According to the file security attribute of the potential danger file redefined, to update the bag security attribute of compressed package and/or pressure
The file security attribute of file in contracting bag, for the scanning again to the compressed package afterwards.
2. according to the method for claim 1, wherein, the step b is included in all or part of potential danger file
Each potential danger file performs following steps:
- when the file feature information according to the potential danger file, when judging the potential danger file for secure file, this is dived
Safety is changed in the file security attribute of dangerous file;
- when the file feature information according to the potential danger file, when judging the potential danger file still for potential danger file,
Operation is not performed to the file security attribute of the potential danger file;
- when the file feature information according to the potential danger file, when judging the potential danger file for dangerous file, perform phase
The deletion action answered.
3. according to the method for claim 2, wherein, corresponding deletion action includes at least one of following:
- when the compressed package allows decompression, delete the dangerous file;
- when the compressed package does not allow decompression, delete the compressed package.
4. according to the method for claim 1, wherein, the step b comprises the following steps:
- by the way that the file feature information of the potential danger file is compared with known danger characteristic information, come again true
The file security attribute of the fixed potential danger file, and perform corresponding operating.
5. method according to any one of claim 1 to 4, wherein, the compressed package is corresponding with bag security attribute, the party
Method is further comprising the steps of after the step b:
If-be potentially dangerous file is judged as secure file, the bag security attribute of the compressed package is updated, after the renewal
Bag security attribute indicate that the All Files in the compressed package is secure file.
6. method according to any one of claim 1 to 4, wherein, this method is further comprising the steps of:
- when the performance of the computer equipment conforms to a predetermined condition, perform the step a and b;
- when the performance of the computer equipment does not meet predetermined condition, if the bag security attribute or the file security category
Property the instruction compressed package in potential danger file be present, decompress the compressed package to redefine the text of potential danger file
Part security attribute, and perform corresponding operating.
7. method according to any one of claim 1 to 4, wherein, this method is further comprising the steps of:
- when the bag security attribute or the file security attribute indicate potential danger file to be present in the compressed package, it is not right
The compressed package is decompressed, and directly the quantity of the secure file in the compressed package is included in scanning file counting, and root
According to the quantity for the potential danger file for being re-determined file security attribute, update the scanning file and count.
8. method according to any one of claim 1 to 4, wherein, this method is further comprising the steps of:
- indicate in the compressed package when the file security attribute of the file in the bag security attribute or the compressed package of the compressed package
When All Files is secure file, the compressed package is not decompressed, directly according to the quantity of documents of the compressed package, renewal
Scanning file counts.
9. method according to any one of claim 1 to 4, wherein, this method is further comprising the steps of:
- when the bag security attribute and/or the file security attribute are not present, the compressed package is decompressed to be swept
Retouch, and generate the file security attribute of the bag security attribute of the compressed package and/or the file of the compressed package.
10. according to the method for claim 9, wherein, this method is further comprising the steps of:
- when detecting potential danger file in the compressed package being decompressed, the file for storing the potential danger file is special
Reference ceases.
11. a kind of device for being used for scan compression bag in computer equipment, wherein, the device includes following device:
For indicating the pressure when the file security attribute of the file in the bag security attribute or the compressed package of compressed package to be scanned
When potential danger file be present in contracting bag, the compressed package is not decompressed, directly according to the file of file in the compressed package
Security attribute determines the potential danger file, and obtains the device of the file feature information of the potential danger file;
For the file feature information according to the potential danger file, the file security of the potential danger file is redefined
Attribute, and perform the device of corresponding operating;
Wherein, the file feature information being used for according to the potential danger file, redefines the potential danger file
File security attribute, and the device for performing corresponding operating is used for:
According to the file security attribute of the potential danger file redefined, to update the bag security attribute of compressed package and/or pressure
The file security attribute of file in contracting bag, for the scanning again to the compressed package afterwards.
12. device according to claim 11, wherein, for redefining the file security attribute of potential danger file
Device includes the following device that operation is performed to each potential danger file in all or part of potential danger file:
, will when judging the potential danger file for secure file for working as the file feature information according to the potential danger file
The file security attribute of the potential danger file is changed to safe device;
For when the file feature information according to the potential danger file, judging the potential danger file still for potential danger file
When, the device of operation is not performed to the file security attribute of the potential danger file;
For when the file feature information according to the potential danger file, when judging the potential danger file for dangerous file, holding
The device of the corresponding deletion action of row.
13. device according to claim 12, wherein, corresponding deletion action includes at least one of following:
- when the compressed package allows decompression, delete the dangerous file;
- when the compressed package does not allow decompression, delete the compressed package.
14. device according to claim 11, wherein, the file security category for being used to redefine potential danger file
The device of property includes following device:
For by the way that the file feature information of the potential danger file is compared with known danger characteristic information, coming again
The file security attribute of the potential danger file is determined, and performs the device of corresponding operating.
15. the device according to any one of claim 11 to 14, wherein, the compressed package is corresponding with bag security attribute,
The device is additionally included in the device for being used to redefine the file security attribute of potential danger file and performs operation afterwards
Following device:
If being judged as secure file for be potentially dangerous file, the dress of the bag security attribute of the compressed package is updated
Put, the bag security attribute after the renewal indicates that the All Files in the compressed package is secure file.
16. the device according to any one of claim 11 to 14, wherein, the device also includes following device:
For when the performance of the computer equipment conforms to a predetermined condition, triggering the text for directly obtaining potential danger file
The device of part characteristic information and the device for being used to redefine the file security attribute of potential danger file perform operation
Device;
For when the performance of the computer equipment does not meet predetermined condition, if the bag security attribute or the file security
Attribute indicates potential danger file be present in the compressed package, decompresses the compressed package to redefine potential danger file
File security attribute, and perform corresponding operating device.
17. the device according to any one of claim 11 to 14, wherein, the device also includes following device:
For when the bag security attribute or the file security attribute indicate potential danger file to be present in the compressed package, no
The compressed package is decompressed, directly the quantity of the secure file in the compressed package is included in scanning file counting, and
According to the quantity for the potential danger file for being re-determined file security attribute, the device that the scanning file counts is updated.
18. the device according to any one of claim 11 to 14, wherein, the device also includes following device:
For indicating the compressed package when the file security attribute of the file in the bag security attribute or the compressed package of the compressed package
In All Files when being secure file, the compressed package is not decompressed, directly according to the quantity of documents of the compressed package,
Update the device that scanning file counts.
19. the device according to any one of claim 11 to 14, wherein, the device also includes following device:
For when the bag security attribute and/or the file security attribute are not present, decompressing the compressed package to carry out
Scanning, and generate the device of the file security attribute of the bag security attribute of the compressed package and/or the file of the compressed package.
20. device according to claim 19, wherein, the device also includes following device:
For when detecting potential danger file in the compressed package being decompressed, storing the file of the potential danger file
The device of characteristic information.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510012586.8A CN104598819B (en) | 2015-01-09 | 2015-01-09 | A kind of methods, devices and systems for scan compression bag |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510012586.8A CN104598819B (en) | 2015-01-09 | 2015-01-09 | A kind of methods, devices and systems for scan compression bag |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104598819A CN104598819A (en) | 2015-05-06 |
CN104598819B true CN104598819B (en) | 2017-12-26 |
Family
ID=53124596
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510012586.8A Active CN104598819B (en) | 2015-01-09 | 2015-01-09 | A kind of methods, devices and systems for scan compression bag |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104598819B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111597552B (en) * | 2020-04-15 | 2023-11-10 | 深圳市捷顺科技实业股份有限公司 | Code scanning method and terminal equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101079689A (en) * | 2006-05-26 | 2007-11-28 | 上海晨兴电子科技有限公司 | Method and device for virus scanning and processing of the data received by mobile phone |
CN101930515A (en) * | 2010-08-27 | 2010-12-29 | 奇智软件(北京)有限公司 | System and method for safely decompressing compressed file |
CN102609653A (en) * | 2012-02-07 | 2012-07-25 | 奇智软件(北京)有限公司 | File quick-scanning method and file quick-scanning system |
CN102799811A (en) * | 2012-06-26 | 2012-11-28 | 腾讯科技(深圳)有限公司 | Scanning method and device |
-
2015
- 2015-01-09 CN CN201510012586.8A patent/CN104598819B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101079689A (en) * | 2006-05-26 | 2007-11-28 | 上海晨兴电子科技有限公司 | Method and device for virus scanning and processing of the data received by mobile phone |
CN101930515A (en) * | 2010-08-27 | 2010-12-29 | 奇智软件(北京)有限公司 | System and method for safely decompressing compressed file |
CN102609653A (en) * | 2012-02-07 | 2012-07-25 | 奇智软件(北京)有限公司 | File quick-scanning method and file quick-scanning system |
CN102799811A (en) * | 2012-06-26 | 2012-11-28 | 腾讯科技(深圳)有限公司 | Scanning method and device |
Also Published As
Publication number | Publication date |
---|---|
CN104598819A (en) | 2015-05-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6884128B2 (en) | Data deduplication device, data deduplication method, and data deduplication program | |
CN102236693B (en) | Method and device for determining similarity between documents | |
KR20180118597A (en) | Method and apparatus for identifying network access behavior, servers and storage media | |
CN102156727A (en) | Method for deleting repeated data by using double-fingerprint hash check | |
US20140007137A1 (en) | Information output device, method, and recording medium | |
JP2010108469A (en) | Operation monitoring system and operation monitoring program | |
KR101852219B1 (en) | Protecting files that include editable metadata | |
CN101833546A (en) | Method and device for extracting form from portable electronic document | |
CN103580991B (en) | The method for uploading and equipment of a kind of Email attachment | |
CN109471989A (en) | A kind of page request processing method and relevant apparatus | |
CN104598819B (en) | A kind of methods, devices and systems for scan compression bag | |
CN105335530A (en) | Method for improving large data block duplicated data deletion performance | |
CN110210221B (en) | File risk detection method and device | |
CN104281562B (en) | A kind of processing method and processing device of electronic document | |
CN115543918A (en) | File snapshot method, system, electronic equipment and storage medium | |
CN114880742A (en) | Revit model lightweight method for webgl engine | |
CN104079469A (en) | Information processing method and electronic equipment | |
CN103914481B (en) | Date storage method and device | |
CN112463741A (en) | Cleaning method for aggregated large files and related equipment | |
CN112860677A (en) | Entity duplication judgment method, terminal equipment and storage medium | |
CN111124306A (en) | Data deleting method, system, equipment and computer readable storage medium | |
CN104796427A (en) | Method and device for trusted cloud host static measurement based on Trust Grub | |
CN109271463A (en) | A method of restoring the innodb compressed data of MySQL database | |
CN117056133B (en) | Data backup method, device and medium based on distributed Internet of things architecture | |
CN109002485A (en) | A kind of management method of core file, device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |