CN112199679A - Virus checking and killing method and device under Linux system - Google Patents
Virus checking and killing method and device under Linux system Download PDFInfo
- Publication number
- CN112199679A CN112199679A CN202011054716.1A CN202011054716A CN112199679A CN 112199679 A CN112199679 A CN 112199679A CN 202011054716 A CN202011054716 A CN 202011054716A CN 112199679 A CN112199679 A CN 112199679A
- Authority
- CN
- China
- Prior art keywords
- scanning
- user interface
- scan
- instruction
- engine process
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 346
- 241000700605 Viruses Species 0.000 title claims abstract description 99
- 230000008569 process Effects 0.000 claims abstract description 303
- 238000001514 detection method Methods 0.000 claims description 3
- 230000000873 masking effect Effects 0.000 claims 2
- 230000036632 reaction speed Effects 0.000 abstract description 10
- 230000002155 anti-virotic effect Effects 0.000 description 8
- 230000009471 action Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000000007 visual effect Effects 0.000 description 4
- 230000001427 coherent effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 238000010295 mobile communication Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 239000000725 suspension Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Virology (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The embodiment of the invention discloses a virus checking and killing method and device in a Linux system, relates to the technical field of computers, and can effectively improve the interface reaction speed and improve the user experience. The method comprises the following steps: establishing a scanning engine process for virus killing according to a scanning starting instruction in a user interface under a Linux system; according to a scanning stopping instruction in the user interface, sending an exit command to the scanning engine process to close the scanning engine process; and updating the user interface to be in a scanning ending state, and shielding the updating operation of the scanning engine process on the user interface. The invention can be used for virus searching and killing.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a virus searching and killing method and device under a Linux system.
Background
In a Linux system, a large number of files need to be scanned during virus searching and killing of antivirus software, and when the antivirus software is scanning a file, other operations of a user on a virus searching and killing application program cannot be responded to in time, for example, when the user clicks a button for suspending searching and killing, the antivirus software cannot be stopped immediately, but stops searching and killing after the scanning of the currently scanned file is finished, so that the feeling of slow response of the operation of the user software is provided, and the user experience is seriously reduced.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for virus killing in a Linux system, an electronic device, and a storage medium, which can effectively improve an interface reaction speed and enhance user experience.
In a first aspect, an embodiment of the present invention provides a virus checking and killing method in a Linux system, including:
establishing a scanning engine process for virus killing according to a scanning starting instruction in a user interface under the Linux system;
according to a scanning stopping instruction in the user interface, sending an exit command to the scanning engine process to close the scanning engine process;
and updating the user interface to be in a scanning ending state, and shielding the updating operation of the scanning engine process on the user interface.
Optionally, after the updating the user interface to the scan end state and shielding the update operation of the scan engine process on the user interface, the method further includes:
the scanning engine process is automatically closed according to the quitting command;
when a new start scan instruction is received via the user interface, a new scan engine process is created, the new scan engine process being different from the scan engine process that was shut down.
Optionally, the establishing a scan engine process for virus killing according to a scan start instruction in a user interface in the Linux system includes:
the interface process sends a scanning starting instruction to a service process, wherein the scanning starting instruction carries a process identifier of the interface process;
the service process establishes a scanning engine process for virus killing according to the received scanning starting instruction, wherein the scanning engine process stores a process identifier of the interface process;
after the scan engine process of virus killing is established according to the scan starting instruction in the user interface under the Linux system, the method further comprises the following steps:
detecting whether the process identification exists in a current process list or not at the process interval preset time of the scanning engine;
and if the process identification does not exist in the current process list, automatically closing the process of the scanning engine.
Optionally, after the scan engine process for virus killing is established according to the scan start instruction in the user interface in the Linux system, before the scan engine process sends the quit instruction according to the scan stop instruction in the user interface, the method further includes:
receiving a pause scan instruction through the user interface;
sending a pause command to the scan engine process according to the pause scanning instruction so as to pause the scan engine process;
and updating the user interface to a suspended scanning state, and shielding the updating operation of the scanning engine process on the user interface.
Optionally, after the updating the user interface to the suspended scanning state and shielding the update operation of the scanning engine process on the user interface, the method further includes:
receiving a continue scanning instruction through the user interface;
sending a scanning continuation command to the scanning engine process according to the scanning continuation command so as to enable the scanning engine process to be switched from a suspended running state to a continued running state;
and updating the user interface to a continuous scanning state, and opening the shielding of the user interface to the scanning engine process.
Optionally, after sending the scan continuation command to the scan engine process according to the scan continuation command, the method further includes:
if the time interval between the continuous scanning instruction and the pause scanning instruction is less than a first duration, the scanning engine process ignores the pause scanning instruction and continues to perform virus scanning;
if the time interval between the continuous scanning instruction and the pause scanning instruction is greater than a second duration, switching the process of the scanning engine from a pause running state to a continuous running state; the second duration is greater than the first duration.
In a second aspect, an embodiment of the present invention further provides a virus killing apparatus in a Linux system, including:
the system comprises an establishing unit, a scanning engine processing unit and a processing unit, wherein the establishing unit is used for establishing a scanning engine process for virus killing according to a scanning starting instruction in a user interface under a Linux system;
a sending unit, configured to send an exit command to the scan engine process according to a scan stopping instruction in the user interface, so that the scan engine process is closed;
and the updating unit is used for updating the user interface to a scanning ending state and shielding the updating operation of the scanning engine process on the user interface.
Optionally, the virus searching and killing device further includes:
the closing unit is used for automatically closing the scanning engine process according to the quitting command sent by the sending unit after the user interface is updated to the scanning ending state and the updating operation of the scanning engine process on the user interface is shielded;
the establishing unit is further configured to create a new scan engine process when a new scan start instruction is received through the user interface, where the new scan engine process is different from the closed scan engine process.
Optionally, the establishing unit includes:
the sending module is used for sending a scanning starting instruction to the service process by the interface process, wherein the scanning starting instruction carries the process identifier of the interface process;
the establishing module is used for establishing a scanning engine process for virus killing according to the received scanning starting instruction by the service process, wherein the process identification of the interface process is stored in the scanning engine process;
the device further comprises:
the detection unit is used for detecting whether the process identifier exists in a current process list or not at intervals of preset duration after a scanning engine process for virus killing is established according to a scanning starting instruction in a user interface under the Linux system;
and the closing unit is used for automatically closing the process of the scanning engine if the process identifier does not exist in the current process list.
Optionally, the virus searching and killing device further includes:
the system comprises a receiving unit, a scanning engine processing unit and a scanning engine processing unit, wherein the receiving unit is used for receiving a scanning pause instruction through a user interface before sending an exit command to the scanning engine processing unit according to a scanning start instruction in the user interface under a Linux system and after establishing a scanning engine processing unit for virus killing;
the sending unit is further configured to send a pause command to the scan engine process according to the scan pause instruction, so that the scan engine process pauses operation;
the updating unit is further configured to update the user interface to a suspended scanning state, and shield an updating operation of the scanning engine process on the user interface.
Optionally, the receiving unit is further configured to receive a scan continuation instruction through the user interface after the user interface is updated to the scan suspended state and the update operation of the scan engine process on the user interface is shielded;
the sending unit is further configured to send a scan continuation command to the scan engine process according to the scan continuation instruction, so that the scan engine process is switched from a suspended running state to a continued running state;
the updating unit is further configured to update the user interface to a continuous scanning state, and open a shield of the user interface to the scanning engine process.
Optionally, the apparatus further comprises:
a coherent scanning unit, configured to, after sending a scan continuation command to the scan engine process according to the scan continuation command, if a time interval between the scan continuation command and the scan pause command is less than a first duration, ignore the scan pause command by the scan engine process, and continue to scan viruses;
a switching scanning unit, configured to, after sending a scan continuation command to the scan engine process according to the scan continuation command, switch the scan engine process from a suspended running state to a continued running state if a time interval between the scan continuation command and the scan pause command is greater than a second duration; the second duration is greater than the first duration.
In a third aspect, an embodiment of the present invention further provides an electronic device, including: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; a power supply circuit for supplying power to each circuit or device of the electronic apparatus; the memory is used for storing executable program codes; the processor runs the program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing any virus killing method in the Linux system provided by the embodiment of the invention.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, where one or more programs are stored, and the one or more programs are executable by one or more processors to implement any one of the methods for virus killing in the Linux system provided by the embodiments of the present invention.
The virus searching and killing method, the device, the electronic equipment and the storage medium under the Linux system can establish a scanning engine process for virus searching and killing according to a scanning starting instruction in a user interface under the Linux system, send an exit instruction to the scanning engine process according to a scanning stopping instruction in the user interface so as to close the scanning engine process, then update the user interface to a scanning ending state, and shield the updating operation of the scanning engine process on the user interface. Therefore, the scanning engine process can be established for each virus searching and killing task, when a scanning stopping instruction is received from the user interface, only an exit command needs to be sent to the scanning engine process, the scanning engine process can automatically exit according to the exit command without other contact with the user interface, so that the user interface can be directly updated to a scanning end state, the updating operation of the scanning engine process on the user interface is shielded, the virus scanning task is smoothly ended under the condition that the exit process of the scanning engine process is not perceived by a user, the interface reaction speed can be effectively improved, and the user experience is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart of a virus killing method in the Linux system according to an embodiment of the present invention;
FIG. 2 is a logic diagram of an implementation of a virus searching and killing method in the Linux system according to the embodiment of the present invention;
FIG. 3 is a logic diagram of another implementation of the virus searching and killing method in the Linux system according to the embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a virus killing apparatus in the Linux system according to the embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In a first aspect, embodiments of the present invention provide a virus checking and killing method in a Linux system, which can effectively improve interface reaction speed and enhance user experience.
As shown in fig. 1, a virus killing method in the Linux system according to an embodiment of the present invention may include:
s11, establishing a scanning engine process for virus killing according to a scanning starting instruction in a user interface under the Linux system;
the antivirus software is mostly provided with a user interface interacting with a user and a service program executing virus searching and killing work. The user interface and the service program may be maintained by different program processes, respectively. The process for maintaining the user interface can be opened or closed according to whether the user interface exists, and the service program for performing virus checking and killing core work can reside in the memory so as to maintain the information security of the system.
The user interface can be an operation interface for virus searching and killing of a user. Optionally, one or more buttons related to virus killing may be provided on the user interface, such as a start scan button, pause scan button, stop scan button, continue scan button, and the like. The user can send out corresponding instructions by clicking the buttons so as to enable the killing service program to execute corresponding virus killing operation.
The scan engine process is a virus killing service process corresponding to a virus killing task initiated on the user interface. When a user starts a virus scanning instruction, a virus killing task is started, and a scanning engine process is started correspondingly.
S12, according to the instruction of stopping scanning in the user interface, sending an exit command to the scanning engine process to close the scanning engine process;
when a stop scan instruction is detected in the user interface, an exit command may be sent to the scan engine process, such that the scan engine process automatically shuts down in accordance with the exit command without having to wait for further feedback from the scan engine process.
In the embodiment of the invention, the virus checking and killing task and the scanning engine process are established according to the scanning starting instruction and are ended according to the scanning stopping instruction. The virus killing tasks correspond to the scanning engine processes one by one. At the same time, only one virus killing task is operated in the system.
S13, updating the user interface to a scanning end state, and shielding the updating operation of the scanning engine process on the user interface.
After the quit command is sent to the scan engine process, although the scan engine process may not actually complete the quit operation, in this step, the user interface may be updated to the scan end state first, so that the user generates a visual effect that the instruction is quickly executed after being issued. After the user interface is updated, the updating operation of the scanning engine process on the user interface can be shielded, so that the updated user interface is not influenced by the actual state of the scanning engine process.
The virus searching and killing method under the Linux system provided by the embodiment of the invention can establish the scanning engine process of virus searching and killing according to the scanning starting instruction in the user interface under the Linux system, send the quitting instruction to the scanning engine process according to the scanning stopping instruction in the user interface so as to close the scanning engine process, then update the user interface to the scanning ending state, and shield the updating operation of the scanning engine process on the user interface. Therefore, the scanning engine process can be established for each virus searching and killing task, when a scanning stopping instruction is received from the user interface, only an exit command needs to be sent to the scanning engine process, the scanning engine process can automatically exit according to the exit command without other contact with the user interface, so that the user interface can be directly updated to a scanning end state, the updating operation of the scanning engine process on the user interface is shielded, the virus scanning task is smoothly ended under the condition that the exit process of the scanning engine process is not perceived by a user, the interface reaction speed can be effectively improved, and the user experience is improved.
Generally, the antivirus software generally takes a long time to scan the file on the whole disk, and other operations of many users, such as accessing web pages, instant messaging, etc., may be interspersed in the scanning process. Because the file scanning can slow down the reaction speed of other operations of the user, the scanning can be suspended sometimes instead of waiting for the completion of the execution of the searching and killing operations, and the scanning is continued after waiting for the completion of other operations.
Specifically, in an embodiment of the present invention, after a scan engine process for virus killing is established according to a scan start instruction in a user interface in a Linux system, before an exit command is sent to the scan engine process according to a scan stop instruction in the user interface, the virus killing method provided in the embodiment of the present invention may further include:
receiving a pause scan instruction through the user interface;
sending a pause command to the scan engine process according to the pause scanning instruction so as to pause the scan engine process;
and updating the user interface to a suspended scanning state, and shielding the updating operation of the scanning engine process on the user interface.
That is, when a pause scanning operation is detected in the user interface, it is only necessary to send a pause command to the scan engine process. Although the scan engine process may not actually complete the pause operation when sending the pause command, for example, operations such as retaining the scan context may be performed, in order to give a better experience to the user, in the embodiment of the present invention, the user interface may be updated to the pause scan state first, so that the user generates a visual effect that the instruction is quickly executed after being issued.
Furthermore, after the interface is updated to the suspended scanning state, the updating operation of the scanning engine process on the user interface can be shielded, so that the updated user interface is not influenced by the actual state of the scanning engine process, the virus scanning task is suspended smoothly by a user under the condition that the user does not perceive the suspended process of the scanning engine process, the interface reaction speed can be effectively improved, and the user experience is improved.
After the user interface is updated to the suspended scanning state, the user may further operate the current user interface, for example, may initiate an operation of continuing the scanning, so as to enable the suspended scanning operation to continue.
Specifically, in an embodiment of the present invention, after updating the user interface to the suspended scanning state and shielding the update operation of the scanning engine process on the user interface, the virus killing method provided in the embodiment of the present invention may further include:
receiving a continue scanning instruction through the user interface;
sending a scanning continuation command to the scanning engine process according to the scanning continuation command so as to enable the scanning engine process to be switched from a suspended running state to a continued running state;
and updating the user interface to a continuous scanning state, and opening the shielding of the user interface to the scanning engine process.
That is, when a continue scan operation is detected in the user interface, it is only necessary to send a continue scan command to the scan engine process. Although the scan engine process may not actually complete the state switch from pause to scan continuation when sending the scan continuation command, in order to give the user a better experience, in the embodiment of the present invention, the user interface may be updated to the scan continuation state first, so that the user generates a visual effect that the instruction is quickly executed after being issued.
Specifically, the scan continuation operation after the scan pause may adopt different processing methods according to the difference in the interval duration between the scan pause instruction and the scan continuation instruction.
Optionally, in an embodiment of the present invention, after sending the scan continuation command to the scan engine process according to the scan continuation command, the virus killing method in the Linux system according to the embodiment of the present invention may further include:
if the time interval between the continue scanning instruction and the pause scanning instruction is less than a first time length (such as 0.5 second), the scan engine process ignores the pause scanning instruction and continues virus scanning;
if the time interval between the continue scanning instruction and the pause scanning instruction is greater than a second time (for example, 2 seconds), the scanning engine process is switched from a pause running state to a continue running state; the second duration is greater than the first duration.
Therefore, under the condition that the time interval between the continuous scanning instruction and the pause scanning instruction is less than the first time length, the previous pause scanning instruction is not ready to be executed, and a continuous scanning instruction appears, so that the previous pause scanning instruction can be directly ignored, and the virus scanning is continued, namely, nothing happens, and the user feels very sensitive.
In the case that the time interval between the continue scan instruction and the pause scan instruction is greater than the second time length, the scan engine process is already in the pause state at this time because the second time length is longer. When a continuous scanning instruction appears again, the scanning engine process can quickly start continuous scanning action according to the context saved during the scanning suspension, and the user perception is sensitive.
If the time interval between the continue scanning instruction and the pause scanning instruction is between the first time length and the second time length, that is, the scan engine process is processing the previous pause instruction, and at this moment, a continue scanning instruction occurs, the scan can be continued after the pause operation is completed.
Suspend scanning and resume scanning are the same for scan engine processes, although they may be manipulated. In an embodiment of the present invention, each start scanning instruction corresponds to the start of a scan engine process, and each stop scanning instruction corresponds to the end of a scan engine process.
Further, in an embodiment of the present invention, after the user interface is updated to the scanning end state and the update operation of the scanning engine process on the user interface is shielded, the scanning engine process may be automatically closed according to the quit command; when a new start scan instruction is received via the user interface, a new scan engine process is created, the new scan engine process being different from the scan engine process that was shut down.
That is to say, in the embodiment of the present invention, each virus killing task may correspond to one scan engine process, when the virus killing task needs to be ended, the scan engine process only needs to be ended by itself according to the exit command, and after the completion, the corresponding memory resource may be released, without performing communication maintenance with the user interface process. Thereafter, when there is a new virus killing task, a new scan engine process can be established. The control logic is simple and clear, and a large amount of subsequent maintenance operations on the process of the scanning engine are omitted. After the user interface sends the quit command, even if the updating operation of the scanning engine process on the interface is directly shielded, any control logic problem can not be generated, so that the user generates a visual effect that the command is quickly executed after being sent, and the user experience is effectively improved.
Illustratively, as shown in fig. 2, in the specific implementation, the interface between the user interface process kavclient and the killing service program kavcerv can be made very simple, so that the complexity of the scanning engine process Scanner is reduced. The KScanEngine in kavclient is responsible for communicating with the killing service. The operation instructions from the user interface may control the scan engine process scanner via KScanEngine and the scan engine process scanner may call back the state via isacanenginecallback.
For example, the KScanEngine scanning interface may be specified as follows:
virtual pool StartScan (), 0; // Start Scan
virtual pool StopScan (), 0; // stop scanning
virtual pool PauseScan (), 0; // pause scanning
virtual bone ContinueScan (), 0; // continue scanning
The scan interface back out for the iscan enginecallback may be specified as follows:
virtual void OnScanBegin (), 0; // Scan Start
virtual void OnScanProgress (scanProcess) is 0; // scanning progress
virtual void OnScanPaused (), 0; // scan pause
virtual void OnScanContinue (), 0; // scan continuation
virtual void OnScanEnd (), which is 0; // end of scan
virtual void OnFindVirus (virusPath) is 0; // discovery of viruses
In this embodiment, KScanEngineSafe may be packaged based on KScanEngine and iscanangecallback. The inside of the KScanEngineSafe can be realized by a plurality of kscanengines, and the kscanengines which stop (stop) can directly abandon and destroy the kscanengines, and then create new kscanengines when scanning is restarted. The KScanEngine in Pause (Pause) is directly isolated, and the problem that the program is abnormal due to call back to an interface layer is avoided.
The above embodiment describes in detail the case where the scan engine process exits according to a normal user instruction. Embodiments of the invention are not limited thereto. In some cases, there may be no correspondence between the user interface and the scan engine. For example, when a page crashes due to various situations and the user interface cannot respond normally, the virus killing method provided by the embodiment of the invention can detect that the user interface has crashed and timely end the scanning engine process corresponding to the user interface.
Specifically, in an embodiment of the present invention, the step S11 of establishing the scan engine process for virus killing according to the scan start instruction in the user interface under the Linux system may specifically include: the interface process sends a scanning starting instruction to a service process, wherein the scanning starting instruction carries a process identifier of the interface process; and the service process establishes a scanning engine process for virus killing according to the received scanning starting instruction, wherein the scanning engine process stores the process identification of the interface process. Based on this, after the scan engine process of virus killing is established according to the start scan instruction in the user interface in the Linux system, the virus killing method provided by the embodiment of the present invention may further include: detecting whether the process identification exists in a current process list or not at the process interval preset time of the scanning engine; and if the process identification does not exist in the current process list, automatically closing the process of the scanning engine.
For example, the correspondence between the user interface process (kavclient) and the scan engine process (scanner) can be as shown in fig. 3. In fig. 3, the kill service program (kavsrv) has a high system privilege and may reside in a memory program. The user interface process has low system authority and is not a resident program. After the user interface receives the instruction of starting to scan the virus, the user interface can inform the searching and killing service program and start the scanning program. After the user interface receives the instruction of stopping scanning, the searching and killing service program can be informed, and the scanner can automatically quit after normally finishing the work at hand. If the user interface process crashes or exits abnormally, the Scanner can detect that the user interface process is not in the current process list, and the Scanner automatically exits to avoid residue. One scanner for each scanning task. That is, one Scanner is created for one scan Start, and Stop destroys the corresponding Scanner. The scanner corresponding to the dashed box represents the scanner that has been destroyed and the scanner corresponding to the solid box represents the currently existing scanner.
As shown in fig. 3, the user interface process with the process program ID of 2 is currently destroyed and exited, and when the user interface process with the ID of 2 normally runs, two antivirus tasks are executed, where the two antivirus tasks respectively correspond to the scanning program 1 and the scanning program 2. The user interface process with the process program ID of 1 currently exists in the memory, and executes an antivirus task corresponding to the scanning program 3.
In a second aspect, an embodiment of the present invention further provides a virus searching and killing apparatus in the Linux system, which can effectively improve interface reaction speed and enhance user experience.
As shown in fig. 4, the virus killing apparatus in the Linux system according to an embodiment of the present invention may include:
the establishing unit 31 is configured to establish a scan engine process for virus killing according to a scan start instruction in a user interface in the Linux system;
a sending unit 32, configured to send an exit command to the scan engine process according to a scan stopping instruction in the user interface, so that the scan engine process is closed;
and the updating unit 33 is configured to update the user interface to a scanning end state, and shield the updating operation of the scanning engine process on the user interface.
The virus searching and killing device under the Linux system provided by the embodiment of the invention can establish a scanning engine process for virus searching and killing according to a scanning starting instruction in a user interface under the Linux system, send an exit command to the scanning engine process according to a scanning stopping instruction in the user interface so as to close the scanning engine process, then update the user interface to a scanning ending state, and shield the updating operation of the scanning engine process on the user interface. Therefore, the scanning engine process can be established for each virus searching and killing task, when a scanning stopping instruction is received from the user interface, only an exit command needs to be sent to the scanning engine process, the scanning engine process can automatically exit according to the exit command without other contact with the user interface, so that the user interface can be directly updated to a scanning end state, the updating operation of the scanning engine process on the user interface is shielded, the virus scanning task is smoothly ended under the condition that the exit process of the scanning engine process is not perceived by a user, the interface reaction speed can be effectively improved, and the user experience is improved.
Optionally, the virus searching and killing apparatus provided in the embodiment of the present invention may further include: the system comprises a receiving unit, a scanning engine processing unit and a scanning engine processing unit, wherein the receiving unit is used for receiving a scanning pause instruction through a user interface before sending an exit command to the scanning engine processing unit according to a scanning start instruction in the user interface under a Linux system and after establishing a scanning engine processing unit for virus killing;
a sending unit 32, further configured to send a suspend command to the scan engine process according to the suspend scanning instruction, so that the scan engine process suspends operation;
the updating unit 33 is further configured to update the user interface to a suspended scanning state, and shield the scanning engine process from performing an update operation on the user interface.
Optionally, the receiving unit may be further configured to receive a scan continuation instruction through the user interface after updating the user interface to a scan suspended state and shielding an update operation of the scan engine process on the user interface;
the sending unit 32 may be further configured to send a scan continuation command to the scan engine process according to the scan continuation instruction, so that the scan engine process is switched from a suspended running state to a continued running state;
the updating unit 33 may be further configured to update the user interface to a continuous scanning state, and open a shield of the user interface from the scan engine process.
Optionally, the virus searching and killing apparatus in the Linux system provided in the embodiment of the present invention may further include:
a coherent scanning unit, configured to, after sending a scan continuation command to the scan engine process according to the scan continuation command, if a time interval between the scan continuation command and the scan pause command is less than a first duration, ignore the scan pause command by the scan engine process, and continue to scan viruses;
a switching scanning unit, configured to, after sending a scan continuation command to the scan engine process according to the scan continuation command, switch the scan engine process from a suspended running state to a continued running state if a time interval between the scan continuation command and the scan pause command is greater than a second duration; the second duration is greater than the first duration.
Optionally, the virus searching and killing apparatus provided in the embodiment of the present invention may further include:
the closing unit is used for automatically closing the scanning engine process according to the quitting command sent by the sending unit after the user interface is updated to the scanning ending state and the updating operation of the scanning engine process on the user interface is shielded;
the establishing unit 31 may be further configured to create a new scan engine process when a new start scan instruction is received through the user interface, where the new scan engine process is different from the scan engine process that is shut down.
Optionally, the establishing unit 31 may include:
the sending module is used for sending a scanning starting instruction to the service process by the interface process, wherein the scanning starting instruction carries the process identifier of the interface process;
the establishing module is used for establishing a scanning engine process for virus killing according to the received scanning starting instruction by the service process, wherein the process identification of the interface process is stored in the scanning engine process;
optionally, the virus searching and killing apparatus provided in the embodiment of the present invention may further include:
the detection unit is used for detecting whether the process identifier exists in a current process list or not at intervals of preset duration after a scanning engine process for virus killing is established according to a scanning starting instruction in a user interface under the Linux system;
and the closing unit is used for automatically closing the process of the scanning engine if the process identifier does not exist in the current process list.
In a third aspect, embodiments of the present invention provide an electronic device, which can effectively improve an interface reaction speed and enhance user experience.
As shown in fig. 5, an electronic device provided in an embodiment of the present invention may include: the device comprises a shell 51, a processor 52, a memory 53, a circuit board 54 and a power circuit 55, wherein the circuit board 54 is arranged inside a space enclosed by the shell 51, and the processor 52 and the memory 53 are arranged on the circuit board 54; a power supply circuit 55 for supplying power to each circuit or device of the electronic apparatus; the memory 53 is used to store executable program code; the processor 52 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 53, so as to execute the virus killing method in the Linux system provided in any one of the foregoing embodiments.
For specific execution processes of the above steps by the processor 52 and further steps executed by the processor 52 by running the executable program code, reference may be made to the description of the foregoing embodiments, and details are not described herein again.
The above electronic devices exist in a variety of forms, including but not limited to:
(1) a mobile communication device: such devices are characterized by mobile communications capabilities and are primarily targeted at providing voice, data communications. Such terminals include: smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) Ultra mobile personal computer device: the equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads.
(3) A portable entertainment device: such devices can display and play multimedia content. This type of device comprises: audio, video players (e.g., ipods), handheld game consoles, electronic books, and smart toys and portable car navigation devices.
(4) A server: the device for providing the computing service comprises a processor, a hard disk, a memory, a system bus and the like, and the server is similar to a general computer architecture, but has higher requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like because of the need of providing high-reliability service.
(5) And other electronic equipment with data interaction function.
Accordingly, in a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, where one or more programs are stored, and the one or more programs can be executed by one or more processors to implement any one of the virus searching and killing methods in the Linux system provided in the foregoing embodiments, so that corresponding technical effects can also be achieved, which has been described in detail above and will not be described herein again.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The term "comprising", without further limitation, means that the element so defined is not excluded from the group consisting of additional identical elements in the process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments.
In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (10)
1. A virus searching and killing method under a Linux system is characterized by comprising the following steps:
establishing a scanning engine process for virus killing according to a scanning starting instruction in a user interface under a Linux system;
according to a scanning stopping instruction in the user interface, sending an exit command to the scanning engine process to close the scanning engine process;
and updating the user interface to be in a scanning ending state, and shielding the updating operation of the scanning engine process on the user interface.
2. The method of claim 1, wherein after updating the user interface to the scan-end state and masking the user interface from being updated by the scan engine process, the method further comprises:
the scanning engine process is automatically closed according to the quitting command;
when a new start scan instruction is received via the user interface, a new scan engine process is created, the new scan engine process being different from the scan engine process that was shut down.
3. The method according to claim 1, wherein the establishing a scan engine process for virus killing according to a start scan command in a user interface under the Linux system comprises:
the interface process sends a scanning starting instruction to a service process, wherein the scanning starting instruction carries a process identifier of the interface process;
the service process establishes a scanning engine process for virus killing according to the received scanning starting instruction, wherein the scanning engine process stores a process identifier of the interface process;
after the scan engine process of virus killing is established according to the scan starting instruction in the user interface under the Linux system, the method further comprises the following steps:
detecting whether the process identification exists in a current process list or not at the process interval preset time of the scanning engine;
and if the process identification does not exist in the current process list, automatically closing the process of the scanning engine.
4. The method according to any one of claims 1 to 3, wherein after the scan engine process for virus killing is established according to a start scan instruction in a user interface under the Linux system, before the scan engine process sends an exit command according to a stop scan instruction in the user interface, the method further comprises:
receiving a pause scan instruction through the user interface;
sending a pause command to the scan engine process according to the pause scanning instruction so as to pause the scan engine process;
and updating the user interface to a suspended scanning state, and shielding the updating operation of the scanning engine process on the user interface.
5. The method of claim 4, wherein after updating the user interface to the suspended scanning state and masking the user interface from being updated by the scan engine process, the method further comprises:
receiving a continue scanning instruction through the user interface;
sending a scanning continuation command to the scanning engine process according to the scanning continuation command so as to enable the scanning engine process to be switched from a suspended running state to a continued running state;
and updating the user interface to a continuous scanning state, and opening the shielding of the user interface to the scanning engine process.
6. The method of claim 5, wherein after sending a continue scan command to the scan engine process according to the continue scan instruction, the method further comprises:
if the time interval between the continuous scanning instruction and the pause scanning instruction is less than a first duration, the scanning engine process ignores the pause scanning instruction and continues to perform virus scanning;
if the time interval between the continuous scanning instruction and the pause scanning instruction is greater than a second duration, switching the process of the scanning engine from a pause running state to a continuous running state; the second duration is greater than the first duration.
7. A virus searching and killing device under a Linux system is characterized by comprising:
the system comprises an establishing unit, a scanning engine processing unit and a processing unit, wherein the establishing unit is used for establishing a scanning engine process for virus killing according to a scanning starting instruction in a user interface under a Linux system;
a sending unit, configured to send an exit command to the scan engine process according to a scan stopping instruction in the user interface, so that the scan engine process is closed;
and the updating unit is used for updating the user interface to a scanning ending state and shielding the updating operation of the scanning engine process on the user interface.
8. The apparatus of claim 7, further comprising:
the closing unit is used for automatically closing the scanning engine process according to the quitting command sent by the sending unit after the user interface is updated to the scanning ending state and the updating operation of the scanning engine process on the user interface is shielded;
the establishing unit is further configured to create a new scan engine process when a new scan start instruction is received through the user interface, where the new scan engine process is different from the closed scan engine process.
9. The apparatus of claim 7, wherein the establishing unit comprises:
the sending module is used for sending a scanning starting instruction to the service process by the interface process, wherein the scanning starting instruction carries the process identifier of the interface process;
the establishing module is used for establishing a scanning engine process for virus killing according to the received scanning starting instruction by the service process, wherein the process identification of the interface process is stored in the scanning engine process;
the device further comprises:
the detection unit is used for detecting whether the process identifier exists in a current process list or not at intervals of preset duration after a scanning engine process for virus killing is established according to a scanning starting instruction in a user interface under the Linux system;
and the closing unit is used for automatically closing the process of the scanning engine if the process identifier does not exist in the current process list.
10. The apparatus of any one of claims 7 to 9, further comprising:
the system comprises a receiving unit, a scanning engine processing unit and a scanning engine processing unit, wherein the receiving unit is used for receiving a scanning pause instruction through a user interface before sending an exit command to the scanning engine processing unit according to a scanning start instruction in the user interface under a Linux system and after establishing a scanning engine processing unit for virus killing;
the sending unit is further configured to send a pause command to the scan engine process according to the scan pause instruction, so that the scan engine process pauses operation;
the updating unit is further configured to update the user interface to a suspended scanning state, and shield an updating operation of the scanning engine process on the user interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011054716.1A CN112199679A (en) | 2020-09-29 | 2020-09-29 | Virus checking and killing method and device under Linux system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011054716.1A CN112199679A (en) | 2020-09-29 | 2020-09-29 | Virus checking and killing method and device under Linux system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112199679A true CN112199679A (en) | 2021-01-08 |
Family
ID=74008488
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011054716.1A Pending CN112199679A (en) | 2020-09-29 | 2020-09-29 | Virus checking and killing method and device under Linux system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112199679A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103390130A (en) * | 2013-07-18 | 2013-11-13 | 北京奇虎科技有限公司 | Rogue program searching and killing method and device based on cloud security as well as server |
| CN105045661A (en) * | 2015-08-05 | 2015-11-11 | 北京瑞星信息技术有限公司 | Scan task scheduling method and system |
| CN110784830A (en) * | 2019-09-18 | 2020-02-11 | 华为技术有限公司 | Data processing method, Bluetooth module, electronic device and readable storage medium |
| CN111131222A (en) * | 2019-12-20 | 2020-05-08 | 西安交大捷普网络科技有限公司 | Security protection scanning method and firewall system |
-
2020
- 2020-09-29 CN CN202011054716.1A patent/CN112199679A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103390130A (en) * | 2013-07-18 | 2013-11-13 | 北京奇虎科技有限公司 | Rogue program searching and killing method and device based on cloud security as well as server |
| CN105045661A (en) * | 2015-08-05 | 2015-11-11 | 北京瑞星信息技术有限公司 | Scan task scheduling method and system |
| CN110784830A (en) * | 2019-09-18 | 2020-02-11 | 华为技术有限公司 | Data processing method, Bluetooth module, electronic device and readable storage medium |
| CN111131222A (en) * | 2019-12-20 | 2020-05-08 | 西安交大捷普网络科技有限公司 | Security protection scanning method and firewall system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20170160923A1 (en) | Method, device and mobile terminal for controling virtual keys on a touch screen | |
| US11270087B2 (en) | Object scanning method based on mobile terminal and mobile terminal | |
| CN106203092B (en) | Method and device for intercepting shutdown of malicious program and electronic equipment | |
| CN107835984B (en) | Thermal mitigation user experience | |
| CN111062027A (en) | Method and device for preventing bad HID equipment from invading, electronic equipment and storage medium | |
| CN111290926A (en) | Terminal prompting method and device, storage medium and terminal | |
| CN108090345B (en) | Linux system external command execution method and device | |
| CN111782295A (en) | Application program running method and device, electronic equipment and storage medium | |
| CN111124761A (en) | Equipment restarting method, device, equipment and medium | |
| CN111142900A (en) | Program updating method and device and terminal equipment | |
| CN114042310A (en) | Game operation data collection method and device, computer equipment and storage medium | |
| CN112199679A (en) | Virus checking and killing method and device under Linux system | |
| CN111782294A (en) | Application program running method and device, electronic equipment and storage medium | |
| CN114968456B (en) | Method and device for controlling terminal | |
| CN108804147B (en) | Linkage shutdown method and device and client | |
| CN110825293A (en) | Control method, terminal and storage medium | |
| CN114356867A (en) | Method and device for opening compressed package file, electronic equipment and storage medium | |
| US10291685B2 (en) | Method and apparatus for controlling running of service | |
| CN114281422A (en) | Cloud computer control method, device and medium | |
| CN110188539B (en) | Method, device and system for running application | |
| CN108875371B (en) | Sandbox analysis method and device, electronic equipment and storage medium | |
| CN108959955B (en) | File processing method and device | |
| CN111651764A (en) | Process monitoring method and device, electronic equipment and storage medium | |
| CN112650490A (en) | Page switching method, electronic equipment and storage medium | |
| WO2015161752A1 (en) | Method and apparatus for controlling running of service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |