JP2004259060A - Data receiving method and image forming apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To suppress the risk of virus infection by detecting computer virus included in data received through the network in an image forming apparatus. <P>SOLUTION: A controller 102 receives the data from a terminal device 101 through the network and detects whether the computer virus is included in the received data.When the computer virus is detected, the information showing the transmitting origin which has transmitted data is acquired, and the information showing the acquired transmitting origin is stored. And a manager of the controller 102 is notified of the detected computer virus. <P>COPYRIGHT: (C)2004,JPO&NCIPI

Description

[0001]
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a technique for receiving data in an image forming apparatus connected to a network.
[0002]
[Prior art]
2. Description of the Related Art Conventionally, an image forming apparatus typified by a printer receives only print job data called PDL (Page Description Language) data such as PS (PostScript) or PCL, and receives data containing a so-called “computer virus”. That was not considered.
[0003]
However, in recent years, remarkable progress in network technology has made it possible not only to process print job data but also to download programs and receive scripts for performing routine processing. That is, the configuration is susceptible to an attack (hereinafter, also referred to as “attack”) by a computer virus or the like. For this reason, Patent Document 1 and Patent Document 2 are, for example, Patent Documents 1 and 2 as prior arts that have taken measures against the threat of computer viruses.
[0004]
The technique described in Patent Document 1 relates to a facsimile apparatus, not a controller section of a printer, and deletes received data if the data is infected with a computer virus. The technology described in Patent Document 2 relates to a configuration of a printer that can download a program and performs a virus check using the downloaded program.
[0005]
[Patent Document 1]
JP-A-6-350784 [Patent Document 2]
JP-A-11-119927 [Problems to be Solved by the Invention]
However, in Patent Document 1 or Patent Document 2, the attack source that transmitted the computer virus is not determined. Further, the facsimile machine on the data receiving side cannot cure the infection at the attack source, so that the attack from the attack source continues and must be deleted each time.
[0006]
Further, Patent Document 2 removes a program to be downloaded when the program is infected, and does not take any protection measures for data other than the program, for example, a print job. In Patent Document 2, similarly to Patent Document 1, if a program infected with a virus is sent many times, it must be removed each time, and the process cannot proceed to the subsequent steps. In addition, there is a problem that the treatment of the infection source cannot be performed.
[0007]
SUMMARY OF THE INVENTION The present invention has been made to solve the above problems, and an object of the present invention is to detect a computer virus contained in data received via a network in an image forming apparatus, and to further reduce the risk of virus infection. And
[0008]
[Means for Solving the Problems]
In order to achieve the above object, the present invention provides a data receiving method in an image forming apparatus for receiving data from an information processing apparatus via a network, and a receiving step of receiving data from the information processing apparatus via the network. A detecting step of detecting whether or not the data received in the receiving step includes a computer virus; and obtaining information for identifying a transmission source of the data when the computer virus is detected in the detecting step. And a notifying step of storing information identifying the transmission source acquired in the acquiring step, and a notifying step of notifying a manager of the image forming apparatus of the detection of the computer virus.
[0009]
According to another aspect of the present invention, there is provided an image forming apparatus for receiving data from an information processing apparatus via a network, the receiving unit receiving data from the information processing apparatus via a network, Detecting means for detecting whether or not the data received by the means contains a computer virus, and obtaining means for obtaining information for specifying the source of the data when the detecting means detects a computer virus, The image forming apparatus includes a storage unit that stores information that specifies the transmission source acquired by the acquisition unit, and a notification unit that notifies an administrator of the image forming apparatus of the detection of the computer virus.
[0010]
BEST MODE FOR CARRYING OUT THE INVENTION
Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
[0011]
In the present embodiment, a computer virus check method of an image forming apparatus (copier, printer, facsimile machine, etc.) connected to a network is performed by a personal computer (PC) such as Windows (registered trademark) or Macintosh. The checking is performed in accordance with the checking method, and the description of the specific method is omitted.
[0012]
[First Embodiment]
In the first embodiment, a controller (data processing device) receives print job data from an information processing device such as a personal computer via a network, processes the print job data, and sends the data to a printer connected via an interface. The case of transmission will be described as an example.
[0013]
FIG. 1 is a diagram illustrating a configuration example of an image forming system according to the first embodiment. In FIG. 1, reference numeral 101 denotes an information processing apparatus such as a personal computer, which sends print job data called PDL (page description language) data such as PS or PCL to a controller connected via a network. Reference numeral 102 denotes a controller (data processing device) that receives print job data from the computer 101, converts the print job data into drawing data that can be understood by a printer described below, and outputs the drawing data to the printer. Reference numeral 103 denotes a printer as an image forming apparatus, which forms an image on a sheet by an image forming method such as an inkjet method or an electrophotographic method in accordance with drawing data output from the controller 102. Reference numeral 110 denotes a network such as a local area network (LAN), and is also connected to the Internet 120 via a router or gateway (not shown). Reference numeral 130 denotes an interface cable for connecting the controller 102 and the printer 103, and may be a cable of a unique standard or a standard cable represented by Ethernet (registered trademark). Although the controller 102 and the printer 103 are illustrated as being separate casings, they may exist in the same casing. In this case, it can be considered that the printer has a controller function.
[0014]
Next, the configuration and operation of the controller connected to the network shown in FIG. 1 will be described. In the case where a computer virus (hereinafter abbreviated as “virus”) exists in data received via the network. Will be described in detail.
[0015]
FIG. 2 is a diagram illustrating a configuration of the controller according to the first embodiment. In FIG. 2, reference numeral 201 denotes a data transmission / reception unit which receives print job data, code data of a control program or a script from the network 110. A virus detection unit 202 checks whether or not the received data contains a virus. A PDL interpreter 203 processes the received print job data if no virus is detected by the virus detection unit 202 and the received data is PDL data. An engine control unit 204 performs data processing that can be understood by the printer 103 and outputs the processed data.
[0016]
A control unit 205 includes a CPU, a ROM, a RAM, an HDD (hard disk drive), peripheral circuits, and the like. The CPU 205 controls the entire controller 102 according to a control program and control data stored in the ROM, flash ROM, and HDD. Control. The RAM is a memory in which a work area and various tables used when the CPU executes the processing are defined. A display unit 206 displays the operation state of the controller 102, an error that has occurred, and the like. Reference numeral 207 denotes a storage unit, which stores information for identifying a transmission source of data containing the virus when a virus described later is detected.
[0017]
An interface 208 controls communication between the controller 102 and the printer 103. Data output from the engine control unit 204 is output to the printer engine unit 211 via the interface 212 on the printer 103 side. Print out.
[0018]
Here, a process in the case where a virus is included in data received by the controller 102 via the network 110 in the first embodiment will be described.
[0019]
FIG. 3 is a flowchart illustrating a receiving process according to the first embodiment. First, in step S301, it is checked whether the data transmission / reception unit 201 has received data via the network 110, and if received, the process proceeds to step S302, where the virus detection unit 202 checks the data received by the data transmission / reception unit 201. When a virus is detected, the process proceeds from step S303 to step S304, and the detection result is notified to the control unit 205. Here, the control unit 205 acquires the information of the transmission source of the received data from the data transmission / reception unit 201. For example, information that can specify the information processing device and data, such as the host name, IP address, and MAC address of the transmission source terminal device, and print job data, such as the job name and owner name, is acquired.
[0020]
Next, in step S305, the acquired information is stored in the storage unit 207 together with the time at which the data was received, the controller name, and the like. Then, in step S306, the control unit 205 issues a command to the virus detection unit 202 to delete the data infected with the virus. Upon receiving this command, the virus detection unit 202 deletes the corresponding data without sending it to the PDL interpreter 203. Since the data infected with the virus is not erased and executed in this way, the controller 102 does not need to be infected with the virus. Further, it notifies the administrator of the controller 102 that the virus has been detected, and urges the administrator to take a subsequent action.
[0021]
The subsequent measures include warning a non-malicious virus sender that the information processing device of the sender is infected with a virus and prompting the user to take countermeasures, or In the case of a sender or a sender who cannot be contacted, it is necessary to strengthen the security by upgrading the version of anti-virus software in the company or its own network.
[0022]
Here, as a method of notifying of a virus detection, for example, a method of receiving data infected with a virus, a method of displaying transmission source information of the data on the display unit 206 of the controller 102, and a method of notifying the engine control unit 204 A method of sending image data to be printed or sending the image data to the printer engine unit 211 of the printer 103 via the interface 208 to print out the data, the control unit 205 sending a warning message in an electronic mail (e-mail) format, an SNMP (simple network management protocol) And the like, and a method of notifying via the data transmission / reception unit 201 can be considered. These methods can be set by an administrator by using an operation unit (not shown) of the controller or a management application of an information processing device connected via a network.
[0023]
In the case of a malicious sender, it is highly likely that a virus-infected person will send a file or data with a virus many times before taking action. There is a need. Specifically, as described above, since information on the transmission source of the virus infection data has been acquired, filtering is performed using this information. For example, control is performed to reject reception of data from a transmission source whose host name, IP address, and MAC address match. A database for filtering is constructed based on these pieces of information stored in the storage unit 207 and stored in a ROM (not shown) of the data transmission / reception unit 201 or the like. The data transmission / reception unit 201 obtains information necessary for filtering processing such as an IP address added to the received data and searches whether or not the corresponding information exists in the database. Judge that the received data may be infected with a virus and delete it. If there is no matching information, the above-described virus check processing is executed.
[0024]
By performing this filtering process, if another virus is sent from a malicious sender, or if a virus is sent from an information processing device that is repeatedly infected without strong anti-virus measures In addition, with respect to the information processing apparatus and the user who transmitted the virus data in the past, strong security can be ensured by taking measures before performing the virus check.
[0025]
In addition, the above-mentioned notification is sent to the administrator of the printer or its controller by any method, so that the administrator who receives the notification warns the virus sender that the computer is infected with a virus and takes measures. be able to. Then, when it is confirmed that the countermeasure has been taken, the setting of the filtering is released. In other words, the user or the information processing device which has been infected with the virus and transmitted the data with the virus to the controller and which has been subjected to the filtering process stored in the storage unit 207 is released by the administrator. This is because the print job is not received by the controller until the print job is performed.
[0026]
Therefore, the administrator of the printer or its controller executes the filter function release processing using the operation unit (not shown) of the controller or the management application of the information processing apparatus via the network. Specifically, by clearing the filter information specifying the information processing device of the user who has taken the anti-virus measures and canceling the reception restriction, the reception restriction of the data transmitted from the information processing device is stopped. Thereby, the controller can receive the print job from the information processing device again. After that, when a job with a virus is thrown from the same information processing apparatus, the administrator is notified again.
[0027]
In recent years, printers and their controllers have been created basically in the same way as PC architectures, and some even have their operating systems (OS) running Windows (registered trademark) or Unix (registered trademark). It is adopted, and it can be said that there is not much change in the configuration with the conventional computer. In addition to receiving print job data, a control program download, or a script for performing routine processing, a function of receiving data with an attached file via the Internet, such as IPP or iFax, and processing the data is also provided. became. This function is a general-purpose protocol on TCP / IP.
[0028]
That is, since the printer and its controller are not specially configured but have the same configuration as a PC, it can be said that the possibility of infection by PC viruses, which occupy a large part of the world, is increasing.
[0029]
In addition, PC virus infection is often caused by opening (executing) a virus file attached to an e-mail. For this reason, a countermeasure of "do not open the attached file of the mail" is taken. However, a function realized by a printer or its controller executing and printing an attached file of an e-mail such as IPP or iFax has a very high risk of being infected by opening the attached file without fail.
[0030]
In the first embodiment, a range in which IPP and iFax can be received can be defined. First, the administrator of the printer or its controller notifies the control unit 205 of the host name, Internet domain name, and IP address of the receivable source, and stores them in the storage unit 207. Further, information may be stored in a format mixed with the source information whose data is discarded by the above-described filtering. Then, when the data transmission / reception unit 201 receives the data, the source information of the data is detected and notified to the control unit 205 before the virus check in step S302 shown in FIG. It is compared with the stored source information to determine whether the received data is to be discarded. As a result, the received data that has not been discarded is sent to the PDL interpreter 203, and normal print processing is performed.
[0031]
By this processing, data from an unreliable transmission source can be prevented from being received. Further, all the transmitted data including the attached file is checked for viruses by the virus detection unit 202. The virus detection unit 202 checks for a virus using data for detection based on a virus pattern or the like. It is necessary to always update the detection data to the latest data. Here, the update is performed by connecting to a file server on the intranet or the Internet via the data transmitting / receiving unit 201 and downloading the latest data at a cycle determined by the administrator of the printer or its controller or as necessary. Realize.
[0032]
As described in detail above, according to the first embodiment, it is possible to provide a robust controller and printer that are not easily infected by a virus.
[0033]
[Second embodiment]
Next, a second embodiment according to the present invention will be described in detail with reference to the drawings.
[0034]
In the first embodiment, the case where the controller 102 and the terminal device 101 are connected by the network 110 and the controller 102 and the printer 103 are connected by the interface cable 130 has been described as an example. However, in the second embodiment, An example in which the controller, the printer, and the terminal device are all connected via a network, and a case in which the controller, the printer, and the terminal device are connected via the Internet will be described.
[0035]
FIG. 4 is a diagram illustrating a configuration example of an image forming system according to the second embodiment. As shown in FIG. 4, in addition to the configuration shown in FIG. 1 described in the first embodiment, in the second embodiment, printers 404 and 405 that are further connected to a network 410 are connected via the Internet 420. The configuration includes a printer 406 on the network 440 and a terminal device 407 on the network 450 connected via the Internet 420.
[0036]
The controller 402 in the second embodiment receives data from the communication terminal 401 via the network 410, or receives data from the communication terminal 407 on the network 450 via the Internet 420, and sends the data to the printer 403 via the interface 430. It is configured to output data, output data to the printers 404 and 405 connected to the network 410, or output data to the printer 406 on the network 440 connected via the Internet 420.
[0037]
FIG. 5 is a diagram illustrating a configuration of a controller according to the second embodiment. Of the packets received by the network interface 511 of the controller illustrated in FIG. 5, only the packet addressed to itself is passed to the data transmission / reception unit 501. The data transmission / reception unit 501 passes all received data to the virus detection unit 502, and the virus detection unit 502 checks whether there is a virus. Here, if there is no virus, the data is sent to the print data control unit 503, and the job is processed. This process is a process of processing data that is easy for the printer to draw, and dividing one print job data for a plurality of printers.
[0038]
If the virus detection unit 502 checks that there is a virus, the result is notified to the control unit 505. Thereby, the control unit 505 acquires the information of the transmission source of the received data from the data transmission / reception unit 501. For example, information that can specify the terminal device and data, such as the host name, IP address, and MAC address of the source terminal, and, for a print job, the job name and owner name are acquired. Then, the obtained information is stored in the storage unit 507 together with the received time and the controller name. After storing the information, the control unit 505 controls the virus detection unit 502 to delete the data infected with the virus and prevent the data from being transmitted to the print data control unit 503. Since the virus-infected data is not erased and executed in this way, the controller is not infected with the virus.
[0039]
Note that measures against viruses and processing after infection are the same as in the first embodiment, and a description thereof will be omitted.
[0040]
As described in detail above, according to the second embodiment, it is possible to provide a robust controller that is not easily infected by a virus even when data is received from a terminal device on another network connected via the Internet. Can be.
[0041]
[Modification]
Next, a modified example of the controller according to the second embodiment will be described. Note that the configuration of the image forming system is the same as that of FIG. 4, and a description thereof will be omitted.
[0042]
FIG. 6 is a diagram illustrating a configuration of a controller according to a modification. As shown in FIG. 6, the controller according to the modified example includes interfaces 608 and 621 for connecting with the printer 403 by an interface cable 430, similarly to the first embodiment, in addition to the configuration shown in FIG. It is. Note that 601 to 603, 605 to 607, and 611 shown in FIG. 6 correspond to 501 to 503, 505 to 507, and 511 shown in FIG.
[0043]
Further, detection of a virus in the controller, countermeasures against the virus, and processing after infection are the same as in the second embodiment, and a description thereof will be omitted.
[0044]
As described above, according to the modification, in addition to the effects of the second embodiment, virus infection of a printer connected via a predetermined interface cable can be prevented.
[0045]
Even if the present invention is applied to a system including a plurality of devices (for example, a host computer, an interface device, a reader, a printer, and the like), the present invention can be applied to an apparatus (for example, a copier, a facsimile device, and the like) including one device. May be applied.
[0046]
Further, an object of the present invention is to supply a recording medium in which a program code of software for realizing the functions of the above-described embodiments is recorded to a system or an apparatus, and a computer (CPU or MPU) of the system or apparatus stores the recording medium in the recording medium. Needless to say, this can also be achieved by reading and executing the program code thus read.
[0047]
In this case, the program code itself read from the recording medium realizes the functions of the above-described embodiment, and the recording medium storing the program code constitutes the present invention.
[0048]
As a recording medium for supplying the program code, for example, a floppy (registered trademark) disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD-R, magnetic tape, nonvolatile memory card, ROM, or the like is used. be able to.
[0049]
When the computer executes the readout program code, not only the functions of the above-described embodiments are realized, but also an OS (Operating System) running on the computer based on the instruction of the program code. It goes without saying that a case where some or all of the actual processing is performed and the functions of the above-described embodiments are realized by the processing is also included.
[0050]
Further, after the program code read from the recording medium is written into a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, the function expansion is performed based on the instruction of the program code. It goes without saying that a CPU or the like provided in the board or the function expansion unit performs part or all of the actual processing, and the processing realizes the functions of the above-described embodiments.
[0051]
【The invention's effect】
As described above, according to the present invention, it is possible to detect a virus included in data received via a network in an image forming apparatus, and to further reduce the risk of virus infection.
[Brief description of the drawings]
FIG. 1 is a diagram illustrating a configuration example of an image forming system according to a first embodiment.
FIG. 2 is a diagram illustrating a configuration of a controller according to the first embodiment.
FIG. 3 is a flowchart illustrating a receiving process according to the first embodiment.
FIG. 4 is a diagram illustrating a configuration example of an image forming system according to a second embodiment.
FIG. 5 is a diagram illustrating a configuration of a controller according to a second embodiment.
FIG. 6 is a diagram illustrating a configuration of a controller according to a modification.
[Explanation of symbols]
101 terminal device 102 controller 103 printer 110 network 120 internet 130 interface cable 201 data transmission / reception unit 202 virus detection unit 203 PDL interpreter 204 engine control unit 205 control unit 206 display unit 207 storage unit 208 interface 211 printer engine unit

Claims (14)

A data receiving method in an image forming apparatus that receives data from an information processing apparatus via a network,
A receiving step of receiving data from the information processing device via a network,
A detecting step of detecting whether or not the data received in the receiving step contains a computer virus;
When a computer virus is detected in the detection step, an acquisition step of acquiring information for identifying a transmission source of the data,
A storing step of storing information specifying the transmission source acquired in the acquiring step,
A notification step of notifying the administrator of the image forming apparatus of the detection of the computer virus. 2. The data receiving method according to claim 1, further comprising a restricting step of restricting data reception based on the information specifying the transmission source stored in the storing step. 3. The data receiving method according to claim 2, further comprising an erasing step of erasing the data containing the computer virus. 4. The data receiving method according to claim 3, wherein, in the notifying step, information identifying a transmission source of the data including the computer virus is displayed on a display unit to notify the administrator. 4. The data receiving method according to claim 3, wherein the notifying step prints out information identifying a transmission source that has transmitted the data including the computer virus and notifies the administrator of the information. 3. The data receiving method according to claim 2, further comprising a transmitting step of transmitting the data including the computer virus to an information processing device indicated by the information specifying the transmission source. 7. The data receiving method according to claim 6, further comprising a releasing step of releasing a restriction on data reception by the restricting step when a computer virus countermeasure is taken in the information processing apparatus in the transmitting step. The method according to claim 7, wherein the release step removes the data reception restriction by the restriction step by deleting information that identifies the transmission source stored in the storage step from the information processing device. Data receiving method. The data receiving method according to claim 1, wherein the receiving step determines whether or not the data is addressed to itself and receives the data. An image forming apparatus that receives data from an information processing apparatus via a network,
Receiving means for receiving data from the information processing device via a network,
Detecting means for detecting whether or not the data received by the receiving means contains a computer virus;
Acquiring means for acquiring information for identifying a source of the data when a computer virus is detected by the detecting means;
Storage means for storing information specifying the transmission source obtained by the obtaining means,
Notifying means for notifying the administrator of the image forming apparatus of the detection of the computer virus. 2. The image processing apparatus according to claim 1, further comprising: an image forming unit configured to form an image based on the data received by the receiving unit; and an output unit configured to output the formed image data to a printing device connected by a predetermined interface. An image forming apparatus according to claim 10. 2. The image processing apparatus according to claim 1, further comprising: an image forming unit configured to form an image based on the data received by the receiving unit; and an output unit configured to output the formed image data to a printing device connected to the network. An image forming apparatus according to claim 10. A program for causing a computer to execute each procedure of the data receiving method according to claim 1. A computer-readable recording medium on which the program according to claim 13 is recorded.

Images