CN1972292B - Systems and methods for processing electronic data - Google Patents

Systems and methods for processing electronic data Download PDF

Info

Publication number
CN1972292B
CN1972292B CN2006101411622A CN200610141162A CN1972292B CN 1972292 B CN1972292 B CN 1972292B CN 2006101411622 A CN2006101411622 A CN 2006101411622A CN 200610141162 A CN200610141162 A CN 200610141162A CN 1972292 B CN1972292 B CN 1972292B
Authority
CN
China
Prior art keywords
data
electronic data
condition code
type
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN2006101411622A
Other languages
Chinese (zh)
Other versions
CN1972292A (en
Inventor
魏少红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fortinet Inc
Original Assignee
Fortinet Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/252,973 external-priority patent/US20060272006A1/en
Application filed by Fortinet Inc filed Critical Fortinet Inc
Publication of CN1972292A publication Critical patent/CN1972292A/en
Application granted granted Critical
Publication of CN1972292B publication Critical patent/CN1972292B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

A method of processing electronic data includes receiving electronic data, and scanning at least a portion of the electronic data against a first signature, wherein the first signature is not data-type dependent. A method of processing electronic data includes receiving electronic data to be scanned, identifying a portion of the electronic data, wherein the portion is represented as an object, and assigning one or more procedures to scan the portion based at least in part on the object. A system for processing electronic data includes an input for receiving electronic data, a processor configured for identifying one or more portions of the electronic data, each of the one or more portions represented as a typed object, and a buffer configured to store data associated with no more than one object at a time.

Description

A kind of electronic data processing system and method thereof
Technical field
The present invention relates to a kind of computer network and computer system, relate in particular to a kind of electronic data processing system and method for communication between computer or communication device.
Background technology
The generation of Malware (Malware, Malicious Software) is the subject matter that computer system and computer network face with propagating.Computer virus is a kind of form of Malware, and it can be attached in other programs or a series of computer instruction in computer network, carry out self-replication and/or carry out uncalled in malicious instructions perhaps.The Malware of other form comprises spyware (spyware), worm and trojan-horse program.Malware can be embedded in the e-mail attachment, from the file of internet download and in the macro-instruction of the Office of Microsoft office software.The scope of the destruction that computer virus causes can comprise the slight interference to program, for example ejects to show uncalled information and picture, carries out uncommitted connection and propagates individual's information, to the thorough data of destroying in user's hard disk or the server.
In order to carry out antivirus protection, virus scanning software has all been installed in the computer of portion's network within it by most of company/mechanisms.Existing content detection software is at first to detect virus through the identification type of data of receiving.According to type of data, detecting software will be background with the condition code to such data type, and data are scanned.For example, if data to be detected are Word files, one or multinomial condition code that content detection software will detect to utilize the Word file to scan scan this Word file.Use this technological content detection software and can comparatively efficiently must carry out virus and detect, because every condition code is generally used for scanning the data (not being used to the data of scan different types to the condition code that is subordinate to of same categorical data) of particular file types.But a virus possibly contain in the different files type.For example, the virus that is included in the Word file possibly appear in the script file simultaneously.Under the situation, for example, the condition code detection to the Word file can't detect the same virus that is embedded in the script file like this.
Another problem of existing content detection system is, many such detection systems comprise the buffer area of the data that storage will be processed.Buffer area be generally used for storing the data that will scan.At present, many system resources are used to follow the tracks of, organize, handle the data of buffer area.With the Email Information is example, and current approach requires whole encapsulated information (also being whole Email Information) is stored in the buffer area, can consume sizable internal memory like this, so that cause the potential decreased performance of system.
Summary of the invention
According to some embodiments of the present invention, a kind of electronic data processing method is provided, comprising: receive electronic data, and utilize first condition code, at least a portion of scanning electron data, first condition code described here are not the condition codes that generates according to data type.
According to other execution modes of the present invention; A kind of product with computer program of medium is provided, stores the readable instruction of a cover processor in this medium, wherein when said processor is carried out said instruction, can carry out following method step; Said method step comprises: receive electronic data; And utilize first condition code, at least a portion of scanning electron data, said first condition code are not the condition codes that generates according to data type.
According to other execution modes of the present invention, a kind of electronic data processing system is provided, comprising: processor; Be used to receive electronic data; And utilize first condition code, at least a portion of scanning electron data, said first condition code are not the condition codes that generates according to data type.
According to other execution modes of the present invention, a kind of electronic data processing method is provided, comprising: receive first electronic data; First electronic data has first data type, and utilizes a kind of condition code, scans first electronic data; Receive second electronic data; Second electronic data has second data type that is different from first data type, utilizes described condition code, scans second electronic data.
According to other execution modes of the present invention, a kind of product with computer program of medium is provided, store the readable instruction of a cover processor in this medium; Wherein when said processor is carried out said instruction, can carry out following method step, said method step comprises: receive first electronic data, first electronic data has first data type; And utilize a kind of condition code; Scan first electronic data, receive second electronic data, second electronic data has second data type that is different from first data type; Utilize described condition code, scan second electronic data.
According to other execution modes of the present invention, a kind of electronic data processing system is provided, comprising: processor; Be used to receive first electronic data, and utilize a kind of condition code, scan first electronic data; Receive second electronic data, utilize described condition code, scan second electronic data; Said first electronic data has first data type, and said second electronic data has second data type that is different from first data type.
According to other execution modes of the present invention; A kind of encapsulation of data processing method also is provided; Comprise: receive encapsulated data packet; First's data of identification encapsulated data packet send to buffer area with first's data and handle, and after first's data processing finishes, the second portion data are sent to the buffer area processing.
According to other execution modes of the present invention; A kind of product with computer program of medium is provided; Store the readable instruction of a cover processor in this medium, wherein when said processor is carried out said instruction, can carry out following method step, said method step comprises: receive encapsulated data packet; First's data of identification encapsulated data packet; The second portion data of identification encapsulated data packet send to buffer area with first's data and handle, and after first's data processing finishes, the second portion data are sent to the buffer area processing.
According to other execution modes of the present invention; A kind of encapsulation of data treatment system is provided, comprises: processor is used to receive encapsulated data packet; First's data of identification encapsulated data packet; The second portion data of identification encapsulated data packet send to buffer area with first's data and handle, and after first's data processing finishes, the second portion data are sent to the buffer area processing.
According to other execution modes of the present invention, a kind of electronic data processing method is provided, comprising: receive the electronic data that will scan; The block data of identification electronic data, the block data of said electronic data is expressed as object, distributes one or the multinomial program that is used to scan the block data of said electronic data according at least a portion of object.
According to other execution modes of the present invention; A kind of product with computer program of medium is provided; Store the readable instruction of a cover processor in this medium; Wherein when said processor is carried out said instruction, can carry out following method step, said method step comprises: receive the electronic data that will scan, discern the block data of electronic data; The block data of said electronic data is expressed as object, distributes one or the multinomial program that is used to scan the block data of said electronic data according at least a portion of object.
According to other execution modes of the present invention; A kind of electronic data processing system is provided; Comprise: processor, be used to receive the electronic data that will scan, the block data of identification electronic data; The block data of said electronic data is expressed as object, distributes one or the multinomial program that is used to scan the block data of said electronic data according at least a portion of object.
According to other execution modes of the present invention, a kind of electronic data processing system is provided, comprising: input is used to receive electronic data; Processor is used to discern one or more block data of electronic data, and each said one or more block data is expressed as a type object; And buffer area, be used to be stored in the time period and the data of a no more than object associated.
Other aspects and the characteristic of execution mode will be described below middle detailed description.
Description of drawings
The design of following the application's execution mode and the key diagram of operating process, wherein the identity function parts use identical numbering to indicate.The advantage of various execution modes and purpose will combine accompanying drawing that above-mentioned a plurality of execution modes are explained in further detail for a better understanding of the present invention.Here need to prove that what these accompanying drawings were described only is the application's preferred embodiments, is not limited to scope of the present invention, execution mode makes the supplementary features of execution mode and details obtain describing in detail and explanation through combining Figure of description.
Fig. 1 is the electronic data processing system module diagram described in some execution modes according to the present invention;
Fig. 2 A is Fig. 1 module diagram method sketch map that some execution modes are carried out according to the present invention;
Fig. 2 B is Fig. 1 module diagram method sketch map that other execution mode is carried out according to the present invention;
Fig. 2 C is Fig. 1 module diagram method sketch map that other other execution modes are carried out according to the present invention;
Fig. 3 is the module diagram of the electronic data processing system described in other execution mode according to the present invention;
Fig. 4 is Fig. 3 module diagram method sketch map that other execution mode is carried out according to the present invention;
Fig. 5 is the e-mail data topology example figure described in some execution modes according to the present invention;
Fig. 6 be in the said Email with the different block data exemplary plot of different object associated;
Fig. 7 A is that one of the distribution described in some execution modes or multinomial is used for program exemplary plot that data are scanned according to the present invention;
Fig. 7 B is that one of the distribution described in other execution mode or multinomial is used for program exemplary plot that data are scanned according to the present invention;
Fig. 8 is some execution mode module diagrams according to the present invention;
Fig. 9 is according to the computer hardware system sketch map of carrying out various functions that can be used in described in the embodiment of the present invention.
Embodiment
Next, with reference to accompanying drawing various execution modes of the present invention are described.Need to prove, accompanying drawing not according to the rules the device of scale and analog structure or function all in whole figure, use identical numbering.Simultaneously, accompanying drawing only is used to help the explanation of embodiment.It also is not intended to detailed all of the embodiments of the present invention, and do not limit the scope of the invention.In addition, execution mode of the present invention can not provide all each technical characterictic or beneficial effect of the present invention.Technical characterictic or the beneficial effect of the present invention described in specific implementations is not limited in this execution mode; Even quote in other embodiments and explain that described technical characterictic or beneficial effect also may be implemented in other any execution modes.
Fig. 1 is described according to certain embodiments of the present invention electronic data processing system 100 module diagrams, and this system comprises module 102.Module 102 establishes a communications link between transmitting terminal 104 and receiving terminal 106.In other embodiments, module 102 can be the part of transmitting terminal 104 or receiving terminal 106 or be integrated in one with the two.In the operating process, transmitting terminal 104 is sent to module 102 with electronic data (packet).Module 102 receives the packet that is transmitted, and carries out one or the multinomial program of describing in the execution mode described herein.In some embodiments, the data that received of module 102 are e-mail datas.In other embodiments; The data that module 102 is received can be and webpage, file transfer and communication data exchange (the for example negotiation of the communication protocol between the equipment; Comprise VoIP (Voice over InternetProtocol; IP network transmits the technological service of speech) etc. data flow) relevant data, or any other encapsulated data packet.According to execution mode, said " transmitting terminal " is not limited to the operation of equipment people, and this transmitting terminal can be to receive and/or to transmit the server of information or the equipment of other type (software and/or hardware device).Equally, as described herein, said " receiving terminal " also is not limited to the operation of equipment people, and this receiving terminal can be to store, receive and/or to transmit the server of information or the equipment of other type (software and/or hardware device).
In the said execution mode, module 102 is that configuration (for example design, programming and/or make up) is used for according to condition code, and to detect content relevant with institute for the electronic data that identification receives.In the present embodiment, said " condition code " is meant the content detection data; Like virus signature, can be the spam identifier, URL or spyware identifier or other be used for identification to detect any information that data content (for example malicious software program) process is used.In some execution modes, condition code is to be updated website (not shown), and for example, remote server or computer transmit, and the request of responding module 102 and this condition code downloaded.Illustrate, module 102 is that configuration is used for regularly from one or more more new site (utilizing the Pull technology) down loading updating condition code.In other embodiments, more new site can not be configured in when module 102 is sent request and just available renewal condition code sent to module 102 (utilizing the Push technology).At execution mode further, the user can be input to module 102 with condition code.
In the said execution mode, module 102 comprises data type grader 108, scanner 110 and the storage medium 112 that is used for storage attribute code.108 configurations of data type grader are used for module 102 received data are classified.For example, data type grader 108 is Word file, text, compressed file, history file, html file, Acrobat file or script file with the data qualification that receives.Scanner 110 configuration is used to scan the data that receive and whether comprises the content that institute will detect to discern these data, like viral or other rogue program.In some embodiments, to received data, according to the file that data type grader 108 is classified, scanner 110 will carry out the operation of one or multinomial condition code scanning to it.Under the situation, condition code generates according to data type like this.Illustrate, if data type grader 108 judges that received file type is the Word file, scanner 110 will be carried out S1 to this document, S2, and with the scanning of S3 condition code, wherein, S1, S2, S3 are the condition codes that is exclusively used in the Word file scan.Or if data type grader 108 judges that received file type is a script file, scanner 110 will use the condition code S4 of script file and S5 that this document is scanned so.Perhaps, according to the scanning of its of type execution or multinomial condition code, in this case, these condition codes do not generate (for example, these condition codes are non-data type condition codes) according to file type to 110 pairs of files that received of scanner.According to according to the invention, " non-data type condition code " is meant the condition code that is used to scan two kinds or more different types of data.In some cases, if an association can not be referred to any file type, can be categorized as " the unknown " type.In some embodiments, use non-like this data type condition code need in module 102, carry out particular arrangement.Perhaps, to all electronic data that receives, what type is the data that no matter received are, all uses non-data type condition code and detects.Condition code can be stored in the storage medium 112, and this medium can be the medium that memory, hard disk or scanner 110 can read.
Although being described, module 102 comprises data type grader 108, scanner 110 and storage medium 112, and in other embodiments, one or more parts of module 102 can combine with other parts of module 102.Equally, in execution mode further, module 102 must not comprise all parts of parts 108-112.
In some embodiments, any parts of module 102 or module 102 can be realized through software.For example, module 102 can realize through the application software that is loaded in subscriber computer, server, memory, hard disk, CD-ROM or other any medium.Under the certain situation, module 102 also can realize through web application.Certainly, module 102 also can realize through hardware.For example, in some embodiments, module 102 comprises an application-specific integrated circuit (ASIC) (ASIC:application-specific integratedcircuit), like semi-custom asic processor or programmable asic processor.Various ASIC; Like " Application-Specific Integrated Circuits " (in June, 1997 front page; Author MichaelJ.S.Smith; The information of the relevant application-specific integrated circuit (ASIC) (ASIC) that Addison-Wesley publishing house) discloses is that the technician of circuit design field is familiar with, and no longer specifies among the present invention.In other embodiments, module 102 can be to carry out the various circuit or the equipment of said function.For example, in certain embodiments, module 102 can be a general processor, like the Pentium processor.Among other embodiment, the function of module 102 can realize through the combination of software and hardware.In certain embodiments, the module 102 performed functions parts that can be connected with fire compartment wall through parts or other any configuration of fire compartment wall or fire compartment wall are realized.Among other embodiment, the parts that the performed functions of module 102 can be through gateway (perhaps gateway product, like the anti-virus module) are realized.Among the embodiment further, except the parts as gateway, module 102 can be the individual components that is connected with gateway.In other embodiments, module 102 itself just can be a gateway product, between the communication path between transmitting terminal 104 and the receiving terminal 106, carries out its function.In embodiment further, module 102 can be applied to a switch device, like security switch.
By the description of module 102, shown in Fig. 2 A, what describe below is according to the method 200 of some embodiment with 102 pairs of electronic data processing of module.At first, module 102 receives electronic data (step 202).Include but not limited to; Said electronic data can be and webpage, Email, picture, voice mail, instant messaging chat, point-to-point communication or the related information of any other encapsulated data packet that at least one part of said these data possibly contain or not comprise the content (like virus or other any harmful content) that will detect to some extent.According to description of the invention, " encapsulated data packet " or " wrapper " is meant and one or the related packet of multinomial data.For example, an Email can be the wrapper that message body and additional data are formed.In other were given an example, a webpage can be the wrapper of script and picture.
Module 102 receives electronic data from any various data source.For example, module 102 can receiving end/sending end 104 sends to the electronic data of module 102 through the Internet.Perhaps, the operating personnel of module 102 from the input electronic data to module 102 receive data there, for example, through using hard disk, CD-ROM, internal memory or other medium electronic data are uploaded to module 102.
After module 102 receives electronic data, received type of data (step 204) will be judged/discerned to module 102.Above-mentioned steps can be carried out by the data type grader in the module 102 108.The decision data type of technology is that those skilled in that art are total to knowledge, is not described in detail at this.In certain embodiments, data type grader 108 with received data qualification be below several kinds: VB script file type, autoexec type, VB application file type, executable program file type, Windows operating program file type, compressed file type, Winzip compressed file type, Gzip compressed file type, Bzip compressed file type, Bzip2 compressed file type, tape archive (tape archive) file type, HTML (Hypertext Markup Language) file type, Word file type, hypertext application file type, text file type, window help file type, compression history file type, Acrobat file type or PHP script can be installed.In other embodiments, data type grader 108 is the file of other type with received document classification also, like the customization file type.
Next, the file type that the scanner 110 in the module 102 is classified according to grader is utilized and is stored in or multinomial condition code in the storage medium 112, and the data that receive are scanned (step 206).Described according to embodiment, the data type condition code sorts according to data type and is stored in the storage medium 112.For example, condition code S1-S4 is a condition code of utilizing the Word file type, is used to scan the Word file; Condition code S5 and S6 can be the condition codes of utilizing the script file type, are used for the scan script file.In certain embodiments, the data type condition code can be based on other any data type and obtain (those data types are by 108 classification of data type grader).According to scanning result, scanner 110 can discern received electronic data whether with the content that will detect relevant.In this case, the electronic data that scanner 110 can be received according to the module 102 of its processing, recognition data with the content that will detect relevant.For example, the electronic data that can identification module 102 be received of scanner 110 comprises virus.In this case, module 102 will be taked one or multinomial early warning action/measure (step 208).For example, module 102 can be refused this electronic data, or blocking-up sends to downstream data stream with this electronic data, and/or downstream data stream (receiving terminal 106 predetermined like this electronic data) or upstream data flow are sent warning message.
Or, the data that scanner 110 can be received according to the module 102 of its processing, recognition data has nothing to do with the institute content that will detect.In this case, scanner 110 continues to utilize one or multinomial non-data type condition code, and the electronic data that receives is scanned (step 210).Of embodiment, this non-data type condition code is used for the scanning electron data and is indifferent to the data type of electronic data.Through module 102 configuration, regularly upgrade condition code from more new site such as remote server or downloaded, the non-data type condition code in the module 102 can be updated.Perhaps; Be configured in module 102: module 102 is not sent the request of renewal to new website more, but more new site is having under the situation of upgrading condition code, just pushes to module and upgrades condition code (being the Push technology); At this moment, the non-data type condition code in the module 102 can be updated.Module 102 received data are carried out non-data type condition code scanning, can detect the hostile content that is included in the different electric subdata type, like virus.In certain embodiments, condition code can be the data type condition code be again non-data type condition code.For example; Among some embodiment; Condition code can scan as the data of data type condition code to the preference data type, also can be used as non-data type condition code simultaneously the data of two kinds or more kinds of types are scanned (said type can be " the unknown ").
According to the result who utilizes non-data type condition code that electronic data is scanned, scanner 110 can discern received electronic data whether with the content that will detect relevant.In this case, the electronic data that scanner 110 can be received according to the module 102 of its processing, recognition data with the content that will detect relevant.For example, the electronic data that can identification module 102 be received of scanner 110 comprises virus.In this case, module 102 will be taked one or multinomial early warning action (step 208).For example, module 102 can be refused this electronic data, or blocking-up sends to downstream data stream with this electronic data, and/or downstream data stream (receiving terminal 106 predetermined like this electronic data) or upstream data flow are sent warning message.
Or, the electronic data that scanner 110 is received according to the module 102 of its processing, recognition data has nothing to do with the content that institute will detect.So, will the let pass data flow of this electronic data of module 102 goes downwards to receiving terminal 106 (step 212).
Need to prove that especially the order of related operating procedure 202-212 is not to be used to limit the present invention in the preceding method 200, operating procedure related in the method 200 can be implemented with different orders at other execution mode.For example, shown in Fig. 2 B, in other embodiments, received electronic data can utilize one or multinomial data type condition code to scan (step 204) before, uses one or multinomial non-data type condition code (shown in the step 210) to scan.
Equally, among other embodiment, also not all need comprise previous described Overall Steps in the method 200.For example, shown in Fig. 2 C, in alternate embodiments, the step 206 that method 200 does not comprise the step 204 of recognition data type and utilizes data type condition code scanning electron data.In this case, scanner 110 configurations are used to utilize non-data type condition code scanning electron data.
Among the embodiment further, the one or more steps in the method 200 can combine with another step in this method.Equally, in optional embodiment, step related in the method 200 can be split as a plurality of subprocess.
As shown in Figure 3, be electronic data processing system 300 module diagrams according to other embodiments of the invention, wherein comprise module 302.Communicate between module 302 and transmitting terminal 104 and the receiving terminal 106 and be connected.Yet at other execution mode, module 302 can be the part of transmitting terminal 104 or receiving terminal 106 or be integrated in one with the two.In the operating process, transmitting terminal 104 is sent to module 302 with electronic data (packet).Module 302 receives the packet that is transmitted, and carries out one or the multi-mode operation step of describing in this execution mode.In these execution modes, the data that module 302 is received are Emails.In other embodiments, the data that module 302 is received can be web datas, or any other encapsulation of data.
In the said execution mode, module 302 is that configuration (for example design, programming and/or make up) is used for the object according to expression (related with it) electronic data, utilizes one or multinomial program that the electronic data that receives is handled.This object is used to represent this electronic data, and its function will be described in detail with the lower part.
In the said execution mode, module 302 comprises: piecemeal concentrator marker 304, object distribution module 306, program distribution module 308 and processing module 310.The electronic data that these piecemeal concentrator marker 304 configurations are used for identification module 302 receptions can be divided into one or more piecemeal (also can be part) data.For instance, if received data are e-mail datas, this piecemeal concentrator marker 304 is divided into these parts of mail packet header, message body, separator or annex with this mail; For another example, if received data are web datas, this piecemeal concentrator marker 304 is divided into image file, Flash code, JAVA script or other item these block datas relevant with this webpage with this packet.In certain embodiments, piecemeal concentrator marker 304 also can comprise the data type grader, its data type grader 108 as comprising in the said module 102 of preamble.The configuration of data type grader is used for module 302 received data are classified.For example, the data type grader is the data file of Word file, text or other type with the document classification that receives.In this case, these piecemeal concentrator marker 304 configurations are used to discern received data and are divided into one or more block data, and the block data of having discerned is classified.
Object distribution module 306 is that configuration is used for setting up related with object the block data of received data (these data are identified as block data by piecemeal concentrator marker 304)." object " of the present invention refers to one or more attribute that is used for the declarative data bag or the data summarization of characteristic.In this case, attribute allows equipment such as content detection equipment that the object of received data is discerned or detected, and/or the application scanning program scans object.Among some embodiment, the quantity of object and type are predefined.Among other embodiment, module 302 comprises a user interface, and like keyboard, the user can import self-defining object through keyboard.Equally, in embodiment further, the user can revise and create object properties through user interface.
Program distribution module 308 is that configuration is used for the block data that has identified represented according to object, one or multinomial program that distribution can be handled the block data that electronic data has identified.For example; If the block data that has identified that object is represented is O1; Program distribution module 308 can be divided and is used in scanning imaging system P1 and the P2 that block data that this electronic data has been identified scans so; If the block data that has identified that object is represented is O2, can divide the pairing scanning imaging system P3 that this block data that has identified scans so.In this case, program is that identifier attribute according to object is used.In some embodiments, the block data that 308 pairs of program distribution module have identified distributes dummy routine, and like this, this block data will be left intact and just be transferred to downstream data stream.Processing module 310 is that configuration is used to carry out the program of having been distributed by program distribution module 308.
Comprise piecemeal concentrator marker 304, object distribution module 306, program distribution module 308 and processing module 310 although described module 302; But in other optional embodiment, one or several parts of module 302 can also combine with other parts in the module.In embodiment further, module 302 must not comprise all parts of 304-310 yet.
In some embodiments, any parts of module 302 or module 302 can be realized through software.For example, module 302 can realize through the software that is loaded among subscriber computer, server or other storage mediums such as internal memory, hard disk or the CD-ROM.In some cases, module 302 also can realize through web application.Certainly, module 302 also can realize through hardware.For example, in some embodiments, module 302 comprises an application-specific integrated circuit (ASIC) (ASIC:application-specificintegrated circuit), like semi-custom asic processor or programmable asic processor.Various ASIC; Like " Application-Specific Integrated Circuits " (in June, 1997 front page; Author MichaelJ.S.Smith; The information of the relevant application-specific integrated circuit (ASIC) (ASIC) that Addison-Wesley publishing house) discloses is that the technician of circuit design field is familiar with, and no longer specifies among the present invention.In other embodiments, module 302 can be to carry out the various circuit or the equipment of said function.For example, in certain embodiments, module 302 can be a general processor, like the Pentium processor.Among other embodiment, the function of module 302 can realize through the combination of software and hardware.In certain embodiments, the module 302 performed functions parts that can be connected with fire compartment wall through parts or other any configuration of fire compartment wall or fire compartment wall are realized.Among other embodiment, the parts that the performed functions of module 302 can be through gateway (perhaps gateway product, like the anti-virus module) are realized.Among the embodiment further, except the parts as gateway, module 302 can be the individual components that is connected with gateway.In other embodiments, module 302 itself just can be a gateway product, between the communication path between transmitting terminal 104 and the receiving terminal 106, carries out its function.In embodiment further, module 302 can be applied to a switch device, like security switch.
Description by module 302.As shown in Figure 4, the method 400 with 302 pairs of electronic data processing of module according to some embodiment is described below.At first, module 302 receives electronic data (step 402).Include but not limited to; Said electronic data can be and webpage, Email, picture, voice mail, instant messaging chat, point-to-point communication or the related information of any other encapsulated data packet that at least one part of said these data possibly contain or not comprise the content (like virus or other any hostile content) that will detect to some extent.Module 302 receives data from any various data source.For example, module 302 can receiving end/sending end 104 sends to the data of module 302 through the Internet.Perhaps, the operating personnel of module 302 from the input electronic data to module 302 receive data there, for example, through using hard disk, CD-ROM, internal memory or other medium electronic data are uploaded to module 302.
Next, piecemeal concentrator marker 304 is identified as one or several block data with the electronic data that receives.Hereinafter explanation for ease, setting the data message that is received here is MIME information.But in other embodiments, electronic data can be described other any encapsulated data packet of preamble (for example webpage).As shown in Figure 5, be the structure 500 of the described e-mail data of execution modes more of the present invention.As shown in the figure; E-mail data structure 500 comprises mail packet header 502, the message body 504 of text packet header 506 and textual data 508 arranged, mail packet header 502 and message body 504 are separated the separator 528, the attachment data 512a that annex packet header 514a and annex textual data 516a are arranged that come, had the attachment data 512b of annex packet header 514b and annex textual data 516b, the separator 510a that message body 504 is separated with attachment data 512a (perhaps to separate different attachment data 512a; And end data 526 the separator 510b of 512b).Among other embodiment, data structure 500 also can be the various structure configuration.For example, among other embodiment, data structure 500 can not comprise any attachment data 512a, 512b.Among the embodiment as shown in the figure; In step 404, whether piecemeal concentrator marker 304 will be discerned the data that receive has and mail packet header 502, text packet header 506, textual data 508, separator 510a, separator 510b, annex packet header 514a, annex packet header 514b, annex textual data 516a, annex textual data 516b or end data 526 related block datas.The different block datas of relevant identification mail data can use various technology.Among some embodiment, piecemeal concentrator marker 304 can dispose through detecting the embedded pattern of mail data and discern each block data of mail data.For example; Because mail packet header 502 has some set form or configuration; Piecemeal concentrator marker 304 can dispose the information that has the Email block data of mail packet header format description through search, and then identifies the mail packet header 502 in the data that receive.Among other embodiment, piecemeal concentrator marker 304 can be divided into mail beginning and finish block data with the border character string.In this case, piecemeal concentrator marker 304 detects the content information of each block data, to judge its type.Below be Email Information example (unprocessed form):
From:“sender”<sendersample-sender.com>
To:“receiver”<receiversample-receiver.com>
Subject:TEST?EMAIL?SUBJECT
Date:Fri,14?Oct.2005?15:36:17-0700
Message-ID:<ASDOIUEWEFMPWOF.pweisample-sender.com>
MIME-Version:1.0
Content-Type:multipart/mixed;
boundary=”----=_NextPart_000_046B_01C5D0D5.04A87ED0”
X-Priority:3(Normal)
X-MSMail-Priority:Normal
X-Mailer:Microsoft?Outlook?IMO,Build?9.0.2416(9.0.2911.0)
Importance:Normal
X-MimeOLE:Produced?by?Microsoft?MimeOLE?V6.00.2800.1478
Below be manifold information in the MIME form:
----=NextPart_000_046B_01C5D0D5.04A87ED0
Content-Tpye:text/plain;
charset=”utf-8”
Content-Transfer-Encoding:quoted-printable
TEST?EMAIL?BODY
EOF
----=NextPart_000_046B_01C5D0D5.04A87ED0
Content-Tpye:text/plain;
name=“test.txt”
Content-Transfer-Encoding:7bit
Content-Disposition:attachment;
filename=“test.txt”
This?is?A?TEST?DOCUMENT.
END
----=NextPart_000_046B_01C5D0D5.04A87ED0
In these embodiment, piecemeal concentrator marker 304 is according to text that occurs in the e-mail messages and/or Text Mode e-mail messages to be identified as different block datas.In more than giving an example, piecemeal concentrator marker 304 identification border character strings are:
----=NextPart_000_046B_01C5D0D5.04A87ED0
Text packet header is:
Content-Tpye:text/plain;
charset=”utf-8”
Content-Transfer-Encoding:quoted-printable
Textual data is:
TEST?EMAIL?BODY
EOF
Annex packet header:
Content-Tpye:text/plain;
name=“test.txt”
Content-Transfer-Encoding:7?bit
Content-Disposition:attachment;
filename=“test.txt”
The annex text:
This?is?ATESTDOCUMENT.
END
Next, the block data of object distribution module 306 mail data that will in step 404, identify) set up related (step 406) with object.As shown in the figure, object distribution module 306 configuration is used for the mail block data that is identified related with packet header object, text object or data object foundation, each to as if can in object-based structure, be associated with the informative abstract of the data that are processed.As shown in Figure 6, the mail packet header 502 that is identified, text packet header 506 and annex packet header 514a, 514b is corresponding to packet header object 602; Textual data 508 is corresponding to text object 604; Annex textual data 516a, 516b is corresponding to data object 606.In other execution mode, except three objects 602,604 and 606, object distribution module 306 also can dispose the mail block data corresponding to being less than perhaps more than the above three object.Equally, among the embodiment further, except the such object of 602-606, object distribution module 306 can dispose also that to be used for the data object that different block datas is different with other respectively related.
In other execution mode, an object also can have one or more subobjects.For example; In other embodiments; Data object 606 itself can be the other object set like a plurality of packet header object, text object, data object, and said a plurality of data objects can be represented the data of some text datas, image data or other type respectively.Certainly, subobject can also be the set of other object, and the object that continues recurrence is like this contained just so-called being nested usually.Object with subobject makes the data of representing through object be included into more category, further refinement information classification.
Next, the block data that has identified that program distribution module 308 is represented according to object is for this block data that has identified distributes one or multinomial program (step 408).Shown in Fig. 7 A, be according to some execution modes, utilize the program that program distribution module 308 distributes and the Procedure Distribution List 700 that obtains.Table 700 can be stored in the storage medium in the module 302, or in module 302 server or memory that can visit.Shown in table 700; To carry out the anti-rubbish mail program with packet header object 602 corresponding data; To carrying out anti-rubbish mail and url filtering program, to carrying out anti-rubbish mail and spyware filter with data object 606 corresponding data with text object 604 corresponding data.Execution mode further, except the illustrative program of Fig. 7 A, each object can distribute plural program.
In other execution mode, each object in packet header object 602, text object 604, the data object 606 can comprise one or multinomial attribute, and to every attribute, program distribution module 308 can be distributed one or multinomial program.For example, like 702 illustrations of the attribute list among Fig. 7 B, packet header object 602 has attribute A1, A2, and text object 604 has attribute A3, and data object has attribute A4.In this case, program distribution module 308 can be according to one of the attribute assignment or the multinomial program of each object.For example, program distribution module 308 can be represented one or multinomial program that attribute distributed according to different objects with Procedure Distribution List 704.As shown in the figure; Object to having attribute A1 does not distribute any program; Object to having attribute A2 distributes the anti-rubbish mail filter; Object to having attribute A3 distributes anti-rubbish mail filter and url filtering program, and the object with attribute A4 is distributed anti-rubbish mail filter and spyware program.In the storage medium that table 702 and 704 can be stored in the module 302, or in module 302 server or memory that can visit.
Need to prove at this, be not limited to two with the attribute number of an object associated, in other embodiments, object can have more than two (such as 10) or be less than two attributes (such as zero).Two different equally, in certain embodiments objects also can have identical attribute.
Among some embodiment,,, can identify and distribute corresponding more concrete program better according to the type of subobject if an object includes subobject.Illustrate, establish an object and represent an annex text object, it is the object set that comprises a packet header object, text object, annex packet header object and annex or data object.Treat although this object is used as a whole object, it also can be divided into different as stated subobjects, can distribute corresponding program to each subobject.For example, if the data object that a sub-objects is represented is binary executable file, so just it is distributed corresponding binary system handling procedure.
Behind program distribution module 308 allocators, processing module 310 will be handled preface to the block data that has identified of e-mail data according to the program of being distributed.
Shown in above embodiment,, use based on the program that is assigned with accordingly with object executable operations more efficiently to the scanning electron data.
Among some embodiment, module 306-310 can realize through a filtering module (program or a cover program) that comprises different filter program.A special object or a plurality of object are corresponding with one or multinomial filtration item.When a special object sends to filtering module, will be touched with the corresponding filter of this particular type, move the data filter algorithm routine corresponding with this object.If with an object to a plurality of filters should be arranged, filter is touched in succession or with parallel mode so.
Wherein one type filter can be the virus scan filter.This filter can touch through the annex text object or the main text object (or the part of from main text object, decoding) of decoding.In certain embodiments, antivirus filter can detect and attempt the file type (for example Word file or Windows executable file etc.) that recognition data is represented.After the type of file is confirmed, the corresponding virus signature of search in this document.Among some embodiment,, will carry out last condition code (non-data type condition code) to file and detect if, do not find virus with after these condition code coupling scannings.Whether the non-data type condition code of this type back can scan any electronic data, and no matter be the file data that virus scan is filtered, or original file data.The non-data type condition code of this type back can be used to detect specific data type and detect the unknown or new virus mutation that can not find.
Other filter comprises the twit filter that triggers (for example through detecting mail matter topics information, send and receive header field or other field) through the packet header of mail; And the file name shield filter, whether it can should conductively-closed with identification this document through annex packet header objects trigger and the filename of searching for annex.Those of ordinary skill in the art can take any filter type that other is known.
Fig. 8 is the flow chart that how is transferred to receiving terminal 106 according to the mail data described in the some embodiments of the present invention through module 900 from transmitting terminal 104.In these embodiment, module 900 can be described module 102 of preceding text or module 302.In some other embodiment, module 900 also can be that any other has the module of data processing function.As shown in the figure, the transmission buffer 901 of module 900 receives e-mail data 903, and in for example, this e-mail data 903 comprises these several block datas of 902a-902h.Transmission buffer 901 allows agent data between user side and the server.In other embodiments, transmission buffer 901 is not the part of module 900 parts, and just is connected with it.In this case, transmission buffer 901 can be parts of the proxy module that is connected with module 900.After receiving MIME information 903, or when receiving e-mail data 903 a part of, according to the relevant embodiment among this paper, module 900 is identified as each block data 902a-902h with e-mail data 903.Among some embodiment, if the part of these data is identified as packet header 902a, module 900 permission packet header 902a through and get into the destination receiving terminal 106 that downstream data stream arrives these data then.Equally, in some other embodiment, if the part of these data is identified as separator (for example 902b or 902e block data), module 900 allow separators partly through and get into the destination receiving terminal 106 that downstream data stream arrives these data then.
For each part of the Email that is identified, will be transferred to a decoder 904, be sent to operation (processing) buffer memory 906 after the data decode of decoder with various piece.For example, each block data that is identified will be represented (corresponding with object) by an object, and according to the object of correspondence, each block data will be sent to decoder 904.
At operation buffer memory 906, will carry out one or multinomial program to the data division of being decoded.Illustrate; Among some embodiment; If comprise program distribution module 308 mentioned above in the module 900; The object corresponding according to each block data of data, program distribution module 308 be according to the decoded corresponding object of block data, distributes a perhaps program of the decoded block data of multinomial processing.In these situation, operation buffer memory 906 is carried out the operation of multiple parallel with the data object storage and to it, for example, and virus scan and information filtering.Compare execution (one connect one) operation in order, the operation of parallel (synchronous) is more efficient to the scanning of data object.Among some embodiment, decoder 904 and/or operation buffer memory 906 can be parts of processing module 310 or treatment facility.
Among the embodiment as shown in the figure, decoder 904 is to be configured to the decoded portion (for example 902a) before being stored in the transmission buffer 901 after process disposes, decoded data part (for example 902c) sent to operation buffer memory 906.In this case, 906 configurations of operation buffer memory are used for can both in time storing decoded deblocking data at any end points.This design has been saved the internal memory/memory space of operation buffer memory 906 and has been avoided in operation buffer memory 906, needing to follow the tracks of a plurality of objects.
Block data is found will be sent to receiving terminal 106 through dirty data flow in the absence of any hostile content after treatment.Among the embodiment as shown in the figure, module 900 configurations send to downstream data stream with each treated block data.As shown in the figure, when block data 902a and 902b passed through processing and be sent to downstream data stream, the block data 902c that has decoded was transferred in the operation buffer memory 906 and handles.Among other embodiment, module 900 is preserved all treated block datas earlier, after all block datas dispose, whole e-mail data 903 is sent.
If any part at mail data has been found hostile content, maybe possibly comprise hostile content, this block data will not be sent to receiving terminal 106.Among some embodiment,, still will be sent to receiving terminal 106 if remaining data division does not comprise any hostile content.Among other embodiment, if any some in the e-mail messages comprises or the hostile content that comprises under a cloud, other part of mail will can not be sent to receiving terminal 106.
Although the module of describing among the present invention 900 has only an operation buffer memory 906, in other embodiments, the operation buffer memory 906 more than can be arranged in the module 900.In this case, each operation buffer memory 906 all can keep the processing to different objects.In certain embodiments, (or in subclass of operation buffer memory 906) once can keep handling an object in each operation buffer memory 906 of module 900, said operation buffer memory 906 keep handling to as if the corresponding object of Email (or encapsulation of data).Among other embodiment, (or in subclass of operation buffer memory 906) once can keep handling an object in each operation buffer memory 906 of module 900, said operation buffer memory 906 keep handling to as and if the corresponding object of different Emails (encapsulation of data).In addition; Although being example with the Email Information, the above embodiment is described; But in other embodiments, module 900 can the configuration process data relevant with other encapsulation of data, and for example (it can be packaged with picture to webpage; Text, page packet header or the like), voice mail or point-to-point transmission data.
Computer configuation
Any module as herein described, or the performed function of any parts of module all can use a computer or a part of computer realizes.For example, can in computer, import one or multinomial instruction and carry out any function as herein described.
Fig. 9 is according to the described computer system 1000 of embodiments of the invention, and it has the module of the said function of execution or the parts of module.Computer system 1000 comprises that bus 1002 or other can transmit the communicator of information data, and through the processor 1004 that bus connects, is used for processing information data.Computer system 1000 also comprises a main storage 1006, like random asccess memory (RAM) or other dynamic storage device, is connected with bus 1002, is used for the information and instruction that storage of processor 1004 is carried out.Main memory 1006 also is used to be stored in temporary variable or other average information of using during processor 1004 execution commands.Computer system 1000 also further comprises with bus 1002 and being connected, and is used for read-only memory (ROM) 1008 or other static memories of storage of processor 1004 needed static informations or instruction.Storage device 1010, for example disk or CD are connected with bus 1002, are used for the stored information and instruction.
Computer system 1000 links to each other with display 1012 through bus 1002, and for example cathode ray tube (CRT) is used for the display message to the user.Linking to each other with bus 1002 is used for communicating by letter with processor 1004 input unit 1014 with command selection, and it comprises other buttons such as character/number.The user input apparatus of other types is a cursor control device 1016; Like mouse, trace ball (trackball), cursor key or other types device; Be used for processor 1004 communication direction information and carry out command selection, and control cursor moving at display 1012.This input unit is typically to have the diaxon degree of freedom, X axle and Y axle, thus can planar position.
Execution mode described in the present invention relates to computer system 1000 relevant transmission, receives and/or handle the application of electronic data.According to these execution modes, one or more sequences of one or more instructions of being stored in the performed main storage 1006 of answer processor that this computer system 1000 provides 1004.These computer instructions can be from other computer-readable mediums, to read in main storage 1006, and for example storage device 1010.The instructions stored sequence can make processor 1004 realize above-mentioned treatment step in the execution main storage 1006.One or more processors also can be used for carrying out 1006 instructions stored sequences of main storage in the multiprocess organization.In other embodiments, the Circuits System of hardware can replace or combine with software instruction carrying out various operation/function mentioned above.Like this, execution mode of the present invention is not limited to combining of any hardware circuit and software.
" computer-readable medium " speech described here is meant any medium that is used for providing to processor 1004 performed instruction.Such medium has many forms, and it is including, but not limited to non-volatile media, Volatile media and transmission medium.Non-volatile media comprises the storage device 1010 such as CD and disk.Volatile media comprises dynamic memory, and for example main storage 1006.Transmission medium comprises coaxial cord, copper cable and optical fiber, and it comprises the cable of forming bus 1002.Transmission medium also can be taked the form of sound wave or light wave, for example the ripple of radio and infrared data communication generation.
General computer-readable medium generally includes floppy disk, soft dish, hard disk, tape, or other magnetic mediums, CD-ROM, other optical mediums, punched card, paper tape, physical medium, RAM, PROM and EPROM, FLASH-EPROM, other memory features or chuck, foregoing carrier wave, or other computer-readable mediums arbitrarily arbitrarily of other passes arbitrarily arbitrarily arbitrarily.
Various forms of computer-readable mediums can carry one or more sequences of the performed one or more instructions of processor 1004.For example, be to be carried in an instruction in the disk in the remote computer at first.Remote computer can be with in these instruction storage Drams and use modulator-demodulator to pass through telephone wire and send instruction.The modulator-demodulator that is arranged in computer system 1000 can receive data and transfer data to infrared signal through the infrared signal transducer from telephone wire.The infrared detector that is connected with bus 1002 can receive the data of loading infrared signal and data are placed on the bus 1002.To main storage 1006, processor 1004 obtains and executes instruction from main storage 1006 bus 1002 with transfer of data.The instruction that main storage 1006 receives can also be stored in the storage device 1010 before or after processor 1004 is carried out.
Computer system 1000 also comprises the communication interface 1018 that is connected with bus 1002.Communication interface 1018 is connected with the network link that is connected to local network 1,022 1020 and the bi-directional data stream communication is provided.For example, communication interface 1018 can be integrated services digital network (ISDN, Integrated Services DigitalNetwork) card or modulator-demodulator, provides data communication to connect with the telephone wire to respective type.In other examples, communication interface 1018 can be the Local Area Network card, to provide data communication to connect to compatible mutually LAN.Wireless link can realize that also above-mentioned communication connects.In above-mentioned any execution mode, electronics, electromagnetism or the light signal that carries the various information type data flow of expression can be sent and received to communication interface 1018.
Network link 1020 provides data communication through one or more networks to other devices.For example, network link 1020 can provide from local network 1022 to main frame 1024 connection.Network link 1020 also can transmit data between equipment 1026 and communication interface 1018.Comprise electronics, electromagnetism or light signal through network link 1020 data flow transmitted.Process diverse network and network link 1020 and the signal that passes through interface 1018 carry the data that computer system 1000 is sent or received, and this is the example form of carrier information transmission.Computer system 1000 can and receive data through network, network link 1020 and communication interface 1018 transmission information, comprises program code.Though only shown a network link 1020 in the description of drawings, in alternative execution mode, communication interface 1018 can be connected with a lot of network links, and each network link all can be connected with one or more local networks.In some embodiments, computer system 1000 can obtain data from a network, and transfer of data is arrived another network.Computer system 1000 can be handled transfer of data and/or revise to data earlier before another network.
Though propose and described some special embodiment among this paper.But it should be understood that these special embodiment only propose as an example, not as limitation of the present invention.The present invention also can have other various embodiments; Under the situation that does not deviate from spirit of the present invention and essence thereof; Those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection range of the appended claim of the present invention.

Claims (15)

1. an electronic data processing method is characterized in that, comprising:
Receive electronic data;
Electronic data is divided into one or more block data;
Judge or discern the type of this block data;
This has been judged or the block data discerned is set up related with object;
This block data of having judged or having discerned of representing according to object, divide pairing this judged or the block data discern is handled a perhaps multinomial scanning imaging system; Wherein said scanning imaging system comprises
Utilize first condition code, scan the block data that this has been judged or has discerned, said first condition code is non-data type condition code.
2. method according to claim 1 is characterized in that said electronic data comprises e-mail data.
3. method according to claim 1 is characterized in that, also further comprises:
Utilize second condition code, at least a portion of scanning electron data, said second condition code is the data type condition code.
4. method according to claim 3 is characterized in that, utilizing said second condition code that at least a portion of said electronic data is scanned is before said first condition code scans, to carry out.
5. method according to claim 3 is characterized in that, the data type of said second condition code is a kind of in binary type, script type, Office file type, the UNKNOWN TYPE or more than one combination.
6. method according to claim 1 is characterized in that, said first condition code be be included in files in different types in relevant virus signature.
7. method according to claim 1 is characterized in that, further comprises receiving said first condition code.
8. method according to claim 7 is characterized in that, said first condition code is not receive the condition code that sends to our station point under the transmission request situation at website.
9. method according to claim 1 is characterized in that at least a portion of said electronic data comprises message body information.
10. an electronic data processing system is characterized in that, comprising:
In order to receive the device of electronic data;
In order to electronic data is divided into the device of one or more block data;
In order to judge or to discern the device of the type of this block data;
Block data in order to this has been judged or discerned is set up related device with object;
In order to this block data of having judged or having discerned of representing according to object, divide pairing this judged or the block data discern is handled the perhaps device of multinomial scanning imaging system; Wherein said scanning imaging system comprises
Utilize first condition code, scan the block data that this has been judged or has discerned, said first condition code is non-data type condition code.
11. an electronic data processing method is characterized in that, comprising:
Receive first electronic data, judge or discern the type of this first electronic data; Said first electronic data has first data type; Set up related with object this first electronic data; This that represent according to object judged or first electronic data discerned divide pairing this judged or first electronic data discern is handled a perhaps multinomial scanning imaging system; Wherein said scanning imaging system comprises and utilizes condition code to scan said first electronic data;
Receive second electronic data, judge or discern the type of this second electronic data; Said second electronic data has second data type that is different from said first data type; Set up related with object this second electronic data; This that represent according to object judged or second electronic data discerned divide pairing this judged or second electronic data discern is handled a perhaps multinomial scanning imaging system; Wherein said scanning imaging system comprises and utilizes said condition code to scan said second electronic data.
12. method according to claim 11 is characterized in that, said first electronic data comprises e-mail data.
13. method according to claim 11 is characterized in that, further comprises: receive one first condition code.
14. method according to claim 13 is characterized in that, said first condition code is not receive the condition code that sends to our station point under the transmission request situation at website.
15. an electronic information treatment system is characterized in that, comprising:
Be used to receive first electronic data, judge or discern the device of the type of this first electronic data; Said first electronic data has first data type; Be used for this first electronic data is set up related device with object; This that is used for representing according to object judged or first electronic data discerned divide pairing this judged or first electronic data discern is handled the perhaps device of multinomial scanning imaging system; Wherein said scanning imaging system comprises and utilizes condition code to scan said first electronic data;
Be used to receive second electronic data, judge or discern the device of the type of this second electronic data; Said second electronic data has second data type that is different from said first data type; Be used for this second electronic data is set up related device with object; This that is used for representing according to object judged or second electronic data discerned divide pairing this judged or second electronic data discern is handled the perhaps device of multinomial scanning imaging system; Wherein said scanning imaging system comprises and utilizes said condition code to scan said second electronic data;
Said first electronic data has first data type; Said second electronic data has second data type that is different from said first data type.
CN2006101411622A 2005-10-17 2006-10-13 Systems and methods for processing electronic data Active CN1972292B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/252,973 US20060272006A1 (en) 2005-05-27 2005-10-17 Systems and methods for processing electronic data
US11/252,973 2005-10-17

Publications (2)

Publication Number Publication Date
CN1972292A CN1972292A (en) 2007-05-30
CN1972292B true CN1972292B (en) 2012-09-26

Family

ID=38112877

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2006101411622A Active CN1972292B (en) 2005-10-17 2006-10-13 Systems and methods for processing electronic data

Country Status (1)

Country Link
CN (1) CN1972292B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108108471A (en) * 2018-01-02 2018-06-01 武汉斗鱼网络科技有限公司 Data filtering method, device, server and readable storage medium storing program for executing

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101960469B (en) * 2008-10-20 2014-03-26 王强 Fast signature scan
CN107609359B (en) * 2017-09-30 2019-05-03 北京深思数盾科技股份有限公司 For protecting the method and system of software

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1574964A (en) * 2003-06-04 2005-02-02 三星电子株式会社 Method and device for compressing image data

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1574964A (en) * 2003-06-04 2005-02-02 三星电子株式会社 Method and device for compressing image data

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108108471A (en) * 2018-01-02 2018-06-01 武汉斗鱼网络科技有限公司 Data filtering method, device, server and readable storage medium storing program for executing

Also Published As

Publication number Publication date
CN1972292A (en) 2007-05-30

Similar Documents

Publication Publication Date Title
US20060272006A1 (en) Systems and methods for processing electronic data
US10068090B2 (en) Systems and methods for detecting undesirable network traffic content
CN101567889B (en) System and method for providing protection for networks
CN101194264B (en) Method and system for processing electronic documents and founding substituted electronic documents
US10185479B2 (en) Declassifying of suspicious messages
US8145710B2 (en) System and method for filtering spam messages utilizing URL filtering module
US6941478B2 (en) System and method for providing exploit protection with message tracking
US20020004908A1 (en) Electronic mail message anti-virus system and method
US7954155B2 (en) Identifying unwanted electronic messages
US7979082B2 (en) Method and apparatus for message identification
US20040143635A1 (en) Regulating receipt of electronic mail
CN1972292B (en) Systems and methods for processing electronic data
JP6493606B1 (en) Information processing apparatus, client terminal, control method, and program
US20090210500A1 (en) System, computer program product and method of enabling internet service providers to synergistically identify and control spam e-mail
CN100456755C (en) Method and device for filtering message
CN113132217B (en) E-mail communication method and device
CN114520741A (en) Information pushing method and related equipment and system
CN105578387A (en) Detection method of disturbance messages in iOS system, device and system
JP2020004375A (en) Information processing apparatus, client terminal, control method, and program
EP2040437A2 (en) Distributed ISP system for the inspection and elimination of eThreats in a multi-path environment

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: FORTINET INC.

Free format text: FORMER OWNER: FORTINET INFORMATION TECHNOLOGY (BEIJING) CO., LTD.

Effective date: 20090925

C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20090925

Address after: California, USA

Applicant after: Fortinet, Inc.

Address before: Room 7, digital media building, No. 507 information road, Beijing, Haidian District, China: 100085

Applicant before: Fortinet,Inc.

C14 Grant of patent or utility model
GR01 Patent grant