Summary of the invention
The application's technical problem to be solved provides a kind of file fast scanning method and system, has solved the new user side long problem sweep time first time.
In order to address the above problem, the application discloses a kind of file fast scanning method, comprising:
Obtain packet; Said packet comprises and is used for confirming whether system's file is the secure file characteristic information of secure file;
The file feature information of scanning system file one by one is that the secure file characteristic information of secure file matees with markup document in the file feature information of current scanning and the said packet;
If during coupling, then skip virus killing scanning to current file, continue the next file of scanning;
If when not mating, to the current file scanning of killing virus, when sweep time greater than or more than or equal to time threshold and when safe, the secure file characteristic information of this document is updated to packet.
Preferably, said characteristic information sends to the secure file characteristic information acquisition in the processing center server through adding up each user side.
Preferably, the secure file characteristic information that sends in the processing center server through each user side of following steps statistics obtains said characteristic information:
Receive the secure file characteristic information that each user side sends; When said characteristic information comprises user side complete scan file, the sweep time of file greater than or more than or equal to the characteristic information of the file of the safety of time threshold;
For identical characteristic information, add up its number of repetition;
Extract number of repetition greater than or more than or equal to the characteristic information of amount threshold.
Preferably, when sweep time of said file greater than or during more than or equal to time threshold:
Obtain the characteristic information of file, said characteristic information comprises filename, file size, file modification time and file content descriptor;
Filename is carried out CRC calculate, obtain the filename crc value;
The file content descriptor is carried out Message Digest 5 calculate, obtain content match information;
To comprise file size, file modification time, filename crc value and content match information as the secure file characteristic information.
Preferably, for identical characteristic information, add up its number of repetition:
The characteristic information that receives is sorted by gross weight is several again;
For each same characteristic features information, will belong to the heavily computing that disappears of same characteristic features message that same user side sends;
To each the same characteristic features information that disappears after weighing, add up the number of repetition of each characteristic message.
Preferably, extract number of repetition greater than or characteristic information more than or equal to amount threshold after comprise:
Deposit the said characteristic information that extracts in data file, and generate packet according to said data file.
Preferably,, said packet also comprises before generating:
Receive the characteristic information of the unsafe file of user side transmission, do not deposit this characteristic information in data file and perhaps characteristic information identical with this characteristic information in the packet is deleted.
Preferably, on generating, behind packet, behind the characteristic information that counts on new secure file, be updated to a packet.
Preferably, through following method the characteristic information of said file and the characteristic information in the said packet are mated:
In buffer memory, begin to mate from the highest characteristic information of matching efficiency.
Preferably; When characteristic information coupling in file size and file modification time and the database; Then filename is carried out said CRC and calculate, obtain the filename crc value, and the filename crc value of said filename crc value and this characteristic information is mated;
When the filename crc value of said filename crc value and this characteristic information matees; Then the file content descriptor being carried out said Message Digest 5 calculates; Obtain content match information, and the content match information of said content match information and this characteristic information is mated.
Preferably, when first user side carries out scanning the first time, point out first user side whether to select quick scanning,, and call said packet and mate if select then the characteristic information of scanning document.
Preferably, when first user side scanned, the characteristic information that will work as secure file in time scanning result deposited the secure file information list of said packet in; , first user side scans when scanning next time according to the record after the last time scanning.
Accordingly, disclosed herein as well is the quick scanning system of a kind of file, comprising:
First user side, said first user side comprises:
Acquisition module is used to obtain packet; Said packet comprises and is used for confirming whether system's file is the secure file characteristic information of secure file;
The scan process module is used for the file feature information of scanning system file one by one, is that the secure file characteristic information of secure file matees with markup document in the file feature information of current scanning and the said packet; If during coupling, then skip virus killing scanning to current file, continue the next file of scanning; If when not mating, to the current file scanning of killing virus, when sweep time greater than or more than or equal to time threshold and when safe, the secure file characteristic information of this document is updated to packet.
Preferably, also comprise:
The second user side crowd and processing center server;
Said processing center server is used for adding up the secure file characteristic information that each user side sends to the processing center server and obtains the characteristic information in the said packet;
The characteristic information of the secure file that the said second user side crowd is used to send.
Preferably, described processing center server comprises:
The characteristic information module is used to receive the characteristic information of the secure file that each user side sends; When said characteristic information comprises user side complete scan file, the sweep time of file greater than or more than or equal to the characteristic information of the file of the safety of time threshold;
Statistical module is used for adding up its number of repetition for identical characteristic information;
Extraction module, be used to extract number of repetition greater than or more than or equal to the characteristic information of amount threshold.
Preferably, each user side of the said second user side crowd comprises:
Characteristic acquisition unit, be used for when sweep time of said file greater than or during more than or equal to time threshold, obtain the characteristic information of file, said characteristic information comprises filename, file size, file modification time and file content descriptor;
The filename computing unit is used for that filename is carried out CRC and calculates, and obtains the filename crc value;
The content description information computing unit is used for that the file content descriptor is carried out Message Digest 5 and calculates, and obtains content match information;
The characteristic information transmitting element is used for the characteristic information that comprises file size, file modification time, filename crc value and content match information is sent.
Preferably, said statistical module comprises: sequencing unit is used for the characteristic information that receives is sorted by gross weight is several again;
The heavy unit that disappears is used for for each same characteristic features information, will belong to the heavily computing that disappears of same characteristic features message that same user side sends;
Statistic unit is used for adding up the number of repetition of each characteristic message to each the same characteristic features information that disappears after weighing.
Preferably, after extraction module, also comprise:
Generation unit is used for depositing the said characteristic information that extracts in data file, and generates packet according to said data file.
Preferably,, said packet also comprises before generating:
Remove the unit, be used to receive the characteristic information of the unsafe file that user side sends, do not deposit this characteristic information in data file or characteristic information identical with this characteristic information in the packet is deleted.
Preferably, also comprise:
Update module, be used on generating a packet after, behind the characteristic information that counts on new secure file, be updated to a packet.
Preferably, through following method the characteristic information of said file and the characteristic information in the said packet are mated:
In buffer memory, begin to mate from the highest characteristic information of matching efficiency.
Preferably; When characteristic information coupling in file size and file modification time and the database; Then filename is carried out said CRC and calculate, obtain the filename crc value, and the filename crc value of said filename crc value and this characteristic information is mated;
When the filename crc value of said filename crc value and this characteristic information matees; Then the file content descriptor being carried out said Message Digest 5 calculates; Obtain content match information, and the content match information of said content match information and this characteristic information is mated.
Preferably, also comprise:
Prompting module is used for when scanning for the first time, points out first user side whether to select quick scanning, if select then the characteristic information of scanning document, and calls said packet and matees.
Preferably, also comprise:
Upgrade logging modle, be used for when first user side scans, the characteristic information that will work as secure file in time scanning result deposits the secure file information list of said packet in; , first user side scans when scanning next time according to the safety records result after the last time scanning.
Compared with prior art, the application comprises following advantage:
The application comprises through utilization and is used for confirming whether system's file is the packet of the secure file characteristic information of secure file; New user is when scanning for the first time; If scan with said packet in just can skip the file of long and safety of time of its representative during the identical file of characteristic information; Can reduce the time of scanning first, and the said packet that can upgrade in time offers local user's end or other user sides use.
Embodiment
For above-mentioned purpose, the feature and advantage that make the application can be more obviously understandable, the application is done further detailed explanation below in conjunction with accompanying drawing and embodiment.
In reality, for being in some levels (such as 10
5) above user side; If when this user side more than order of magnitude all scans the file with same characteristic (such as comprising filename, file size, file modification time, file content descriptor, content information etc.); If this kind file is safe, other users also are safe at the file that use has same characteristic basically so.The application is promptly consuming time long to complete scan according to this specific character statistics flood tide user; And the special information of the file of safety generates packet (upgrade patch etc.) to be matched based on said characteristic information then, and the user is after using said packet; But the characteristic information in the characteristic information of scanning document and the said packet matees; If on the coupling, can skip long file of these normal scan times so, thereby can reach the purpose of saving sweep time.
With reference to Fig. 1, the schematic flow sheet that it shows a kind of file fast scanning method of the application comprises:
Step 110 is obtained packet; Said packet comprises and is used for confirming whether system's file is the secure file characteristic information of secure file.
New user side at first obtains the packet that comprises security feature information, and new then user side then can scan according to this packet, to save the time of scanning for the first time.Wherein new user side adopts first user side to describe in this application; Said first user side mainly comprises user side that antivirus software is not installed and the user side of antivirus software being installed but not being carried out overall file scan; Can also comprise the user side of antivirus software being installed and being carried out overall file scan, but occur the user side of new not scanned file in the user side after carrying out overall file scan in the last time.
First user side can deposit the installation kit of said packet through installation in, perhaps mounted upgrading antivirus software is obtained described packet.In reality; First user side possibly not carry out overscanning fully, possibly in use may get access to a lot of new files, and these file user sides also possibly not carry out complete scan yet; When this user side is thought to scan fast, then can carry out through the application's packet.
Wherein, in the said packet really the fixed system file be that the characteristic information of secure file can obtain through the complete scan result of each user side of statistics.Such as; Carry out the result of complete scan for a plurality of users; For the file that in each user side, has same characteristic features information (such as characteristic informations such as file size, file modification time, filename crc value and content match information); If each user side can deposit this characteristic information in said packet so to the equal safety of the scanning result of this document, be used for confirming that the file that system has this characteristic information is a secure file.
Preferably, said characteristic information sends to the secure file characteristic information acquisition in the processing center server through adding up each user side.Promptly carry out the characteristic information of the file of the affirmation safety that complete scan obtains for each user side, the processing center server carries out statistics and analysis to it automatically, can the characteristic information greater than some threshold values be generated corresponding packet.In this application, at first need generate packet,, show the schematic flow sheet of the preferred a kind of packet generation method of the application, comprise with reference to Fig. 2:
Step 210 receives the characteristic information of the secure file that each user side sends; When said characteristic information comprises user side complete scan file, the sweep time of file greater than or more than or equal to the characteristic information of the file of the safety of time threshold.
In reality, there is the second user side crowd, comprising a large number of users end, these user sides all can be sent to the qualified characteristic information that the file in the own system is carried out after the complete scan in the processing center server.Promptly when each user side of the second user side crowd is selected the file in its computer of complete scan, can with scanning consuming time greater than or send to the processing center server more than or equal to the characteristic information of the secure file of certain hour threshold value.In the reality; The application adds up through the normal scanning of the user side scanning characteristic information of long file consuming time to flood tide; Then based on greater than or generate packet to be matched more than or equal to the characteristic information of the respective file of threshold value; New then user when scanning for the first time, if scan with said packet in just can skip the file of long and safety of time of its representative during the identical file of characteristic information, can reduce the time of scanning first.
Preferably, when user side complete scan file, when said sweep time greater than or more than or equal to time threshold and when safe:
Described complete scan is the scanning of killing virus of the full content of each file in the user terminal system.
Step S11 obtains the characteristic information of file, and said characteristic information comprises filename, file size, file modification time and file content descriptor.
When user side is selected the complete scan file; Scanning engine scans each file in the user end computer one by one, for a lot of files, such as for compressed package; Scanning engine need be according to requirement first decompress(ion) in engine of compressed package; Again each file that comprises in the compressed package is scanned, generally speaking, suitable many of the time that this scan mode needs; Such as the installation kit for software, scanning engine also need come out the information decompress(ion) in the installation kit to scan again, need expend the considerable time equally again.So when time that user side scans the cost of whole file greater than or during more than or equal to threshold value; The said characteristic information of characteristic information that then can obtain current file comprises filename, file size, file modification time and file content descriptor, and said characteristic information comprises filename, file size, file modification time and file content descriptor.
Wherein, when calculating user side for sweep time of a file, the time point in the time of can be according to the beginning scanning document when finishing scanning document, calling system api function GetTickCount calculated from the sweep time of beginning scanning document when finishing scanning document.Such as beginning scanning document time point do; 21 o'clock 50 minutes 30 seconds and 00 millisecond Tuesday of on January 17th, 2012; Time point is 21 o'clock 51 minutes 30 seconds and 00 millisecond Tuesday of on January 17th, 2012 when finishing scanning document, and user side is for being 1 minute the sweep time of current file so.If time threshold is set is 30 seconds, and so for this document, user side promptly obtains the characteristic information of this document, comprises filename, file size, file modification time and file content descriptor.
Wherein the file content descriptor only accounts for the very little part of whole file, and when user side scanning document content description information part, the spent time is far smaller than the time of the whole file of scanning.Such as for compressed file; Its file content descriptor is in compressed package head data; The byte number that can take according to the current file content description information that header data is informed during scanning, user side only need scan byte address space, current file header data place and get final product, with reference to Fig. 3; It is a kind of header data example of compressed package; In the header data of compressed package, described the fileinfo in the compressed package (filename, size, data check value etc.),, just explained that the compressed package content does not change as long as these critical datas do not change.Such as the installation kit for software, content description information is in the tail data of installation kit again, and the byte number that can take according to the tail data that file is informed during scanning scans the respective byte address space and gets final product.
Step S12 carries out CRC with filename and calculates, and obtains the filename crc value.
Because filename relates to user's privacy, the application calculates CRC of file masterpiece (CRC, Cyclical Redundancy Check), and obtaining one does not have readable filename crc value.
Step S13 carries out Message Digest 5 with the file content descriptor and calculates, and obtains content match information.
For the file content descriptor, whole relatively file is though the file content descriptor is very little; If but itself go to mate with the file content descriptor; Then possibly cause the time more relatively owing to the file content descriptor is huge, the application then carries out Message Digest 5 (Message-Digest Algorithm) with the file content descriptor and calculates, and obtains content match information; General the application carries out MD5 (Message-Digest Algorithm 5; Message Digest Algorithm 5) calculate, the content match information that obtains is the MD5 value, can significantly reduce match time when mating through the MD5 value; Guarantee contrast coupling fast also to have guaranteed simultaneously safety of files.
Step S14 will comprise that the characteristic information of file size, file modification time, filename crc value and content match information sends.
After obtaining the above-mentioned characteristic information that comprises file size, file modification time, filename crc value and content match information, can said characteristic information be sent to the processing center server, wait for the processing center server process.
The application's applied environment has comprised provides the antivirus software installation kit of being correlated with; The processing center server of data such as AKU; A large amount of user sides that passes through the connection of network language processing center server, the complete scan work of therefore for the online user file being carried out all can be carried out above-mentioned steps.
Step 220 for identical characteristic information, is added up its number of repetition.
In this step, the processing center server can go heavily computing to the data of receiving, a plurality of data with same characteristic features information that are about to the same client transmission are gone heavily, and making its number of times is 1.
Preferably, for identical characteristic information, add up its number of repetition:
S21 sorts the characteristic information that receives by gross weight is several again.
At first the characteristic information that receives is counted by gross weight again and sorted, such as the file of characteristic information (m, 100kb hold to(for) corresponding certain user; 2012/1/11/21:50:30:10, n) wherein m is the filename crc value, n is that the content match information of file content descriptor is the MD5 value; The corresponding user side that sends this information of corresponding every characteristic information; Such as with to user side A, its information that sends to the processing center server can A-(m, 100kb; 2012/1/11/21:50:30:10, form n) shows.All bars that the processing center server is received have, and identical (2012/1/11/21:50:30:10 B) adds up it and repeats total degree, sorts according to the statistics total degree then for A, 100kb.In the process of this time statistics ordering, can easily find out the data that the same subscriber end sends with same characteristic features information.
S22 for each same characteristic features information, will belong to the heavily computing that disappears of same characteristic features message that same user side sends.
For a plurality of data with same characteristic features information that same client is sent, sending characteristic information such as customer end A is (m, 100kb; 2012/1/11/21:50:30:10 n) has 10, so it is gone heavily; (the m that makes processing center that this user side is repeated to send; 100kb, 2012/1/11/21:50:30:10, n) characteristic information is designated as 1 time.So can guarantee the accuracy of number of users when adding up, guarantee the application's validity for certain characteristic information.
S23 to each the same characteristic features information that disappears after weighing, adds up the number of repetition of each characteristic message.
After going to weigh, can add up the number of repetition of each characteristic message, this number of times is consistent with the user side quantity that scanning obtains this characteristic information again.
The application also can add up the number of repetition of each file feature information through the additive method heavily computing that disappears, and this application is not limited it.
Step 230, extract number of repetition greater than or more than or equal to the characteristic information of amount threshold.
After obtaining the number of repetition of characteristic information, number of repetition and amount threshold are compared, if said number of repetition then deposits it in data file greater than threshold value.Such as for aforementioned (m, 100kb, 2012/1/11/21:50:30:10, n) number of repetition of characteristic information is 150,000, and threshold value is set to 100,000, so can be with this characteristic information data extract.
Step 240 deposits the said characteristic information that extracts in data file, and generates packet according to said data file.
In this application data file can in the form that can tabulate of data exist; Every characteristic information comprises a plurality of dimensions, such as for (m, 100kb; 2012/1/11/21:50:30:10; N), then this characteristic information comprises four dimensions in the tabulation, is respectively file size, file modification time, filename crc value and content match information., follow up scan matees when handling then with this four dimensions.
For the data file that generates, can be bundled to the installation kit of antivirus software, also can generate the form of upgrade patch.
In addition,, said packet also comprises before generating:
Step S210, the characteristic information of the unsafe file that the reception user side sends does not deposit this characteristic information in data file and perhaps characteristic information identical with this characteristic information in the packet is deleted.
User side for the complete scan time greater than the appearance of threshold value viral file; Also can the characteristic information of this unsafe file be labeled as dangerous; Redispatch to the processing center server; The processing center server can all not handled for all the bar data with this characteristic information, does not deposit data file in yet.Such as there being 50,000 user sides to send aforementioned (m, 100kb, 2012/1/11/21:50:30:10, n) data of characteristic information; But the Data Identification of this characteristic information that one of them user side sends is dangerous, promptly finds virus, and then the processing center server then can be to not having (m, 100kb; 2012/1/11/21:50:30:10, n) data of characteristic information are handled, and will not comprise (m; 100kb, 2012/1/11/21:50:30:10, characteristic information n) deposits in the packet.
In addition, in reality, when the processing center server is added up at the characteristic information that each user side is sent, be to add up in the cycle generally with certain hour length, and at the packet that the statistics in this cycle is generated the characteristic information of secure file.Such as the processing center server is that chronomere adds up the characteristic information data that each user side sends with the sky, generates packet then, and first user side that can offer following one-period uses.
Step 120, the file feature information of scanning system file one by one is that the secure file characteristic information of secure file matees with markup document in the file feature information of current scanning and the said packet; If during coupling, then skip virus killing scanning to current file, continue the next file of scanning; If when not mating, to the current file scanning of killing virus, when sweep time greater than or more than or equal to time threshold and when safe, the secure file characteristic information of this document is updated to packet.。
Such as to scannings of killing virus such as the malicious code that comprises in the file content or viruses.
After getting access to said data, then can scan fast:
Step S121, the system of first user side is the characteristic information of scanning system file one by one;
Step S122 is that the secure file characteristic information of secure file matees with markup document in the file feature information of current scanning and the said packet; If during coupling, then change step S123 over to, skip current file, continue the next file of scanning; If when not matching, then change step S124 over to, current file is carried out complete virus killing scanning, when sweep time greater than or more than or equal to time threshold and when safe, change step S125 over to, the secure file characteristic information of this document is updated to packet.
In reality, the characteristic information among the step S125 can obtain through following steps:
Step M1 obtains the characteristic information of file, and said characteristic information comprises filename, file size, file modification time and file content descriptor;
Step M2 carries out CRC with filename and calculates, and obtains the filename crc value;
Step M3 carries out Message Digest 5 with the file content descriptor and calculates, and obtains content match information;
Step M4, will comprise file size, file modification time, filename crc value and content match information as the secure file characteristic information.Step M1 is similar with abovementioned steps S11 to S14 to step M4 concrete grammar.
Wherein, In the process of wrapping that Updates Information; Can be directly the characteristic information of said secure file be updated in the packet in the local system; Also can the characteristic information of said secure file be sent in the processing center server, in the packet of processing center server according to extremely corresponding each application end of its Policy Updates.
In reality, also comprise before scanning at first user side: confirm whether to select quick scanning, if, the characteristic information of scanning document then, and call said packet and mate.
Promptly first user side can be selected to scan fast or to the complete scan of file, if select scanning fast, but the characteristic information of scanning document then, and call said packet and mate the coupling of carrying out characteristic information.When the characteristic information of said file and the coupling of the characteristic information in the said packet, then skip current file, continue the next file of scanning.
In this application, when scanning for the first time, can point out first user side whether to select quick scanning,, and call said packet and mate if select then the characteristic information of scanning document.
If first user side is selected to scan fast, first user side characteristic information that when scanning, then at first obtains the first user side file matees so, and without the full content of scanning document.
Wherein, in this application, during coupling,, there is a dimension not mate, representes that promptly this document does not mate if in the characteristic information, can be with this document scanning of killing virus.Four dimensions such as aforesaid characteristic information: file size; The file modification time, filename crc value and content match information, the matching order of this four dimensions is: 1, file size; 2, the file modification time, 3, filename crc value 4, content match information; If one when when promptly file size is mated, can be carried out the coupling of 2,3 and 4 dimensions with the file size of file A and first dimension of the characteristic information in the packet so, the scanning of can file A need killing virus; If on the file size of the file A coupling; Again with the file modification time of file A and the 2nd dimension of this characteristic information in the packet; Be when mating the file modification time, can carry out the coupling of 3 and 4 dimensions so, can be with the file A scanning of killing virus.Other situation can the rest may be inferred.
When first user side matees the characteristic information of said file and the characteristic information in the said packet:
In buffer memory, begin to mate from the highest characteristic information of matching efficiency.
Because characteristic information is a multidimensional in the packet; When whether judgement matees, can begin comparison from most effective data, the outer dimension of calculating such as not carrying out; For example file size and file modification time; Because file size and modification time are the system datas that when the traversal file, can obtain, do not need extra computing, so so operation can improve the efficient of the comparison match that presets buffer memory.
Preferably, when coupling:
Step S31; When characteristic information coupling in file size and file modification time and the database; Then filename is carried out said CRC and calculate, obtain the filename crc value, and the filename crc value of said filename crc value and this characteristic information is mated.Wherein, the CRC computing of filename is an internal memory operation, and data volume is very little.
In when coupling, at first mate, in characteristic information dimension in the packet from the higher dimension of matching efficiency; File size and file modification time need not carried out extra computation; Can directly mate, so when user side scans, for the file size and the file modification time of the characteristic information that gets access to; Such as at first comparison document is big or small, at the comparison document modification time.When if the file size of the file of current scanning is identical with the file modification time, then compare the less relatively dimension of amount of calculation, such as passing through CRC computing calculation document name crc value; Filename crc value with said filename crc value and this characteristic information matees then; If on the coupling, then do not get into complete scan, if on the coupling; Then get into the more relatively dimension of amount of calculation and mate, such as changing step S32 over to.
Step S32; When the filename crc value of said filename crc value and this characteristic information matees; Then the file content descriptor is carried out said Message Digest 5 and calculate, obtain content match information, and the content match information of said content match information and this characteristic information is mated.
Work as file size, when file modification time and filename crc value all mate, then the file content descriptor is carried out Message Digest 5 and calculate; Generally be to carry out MD5 to calculate; Obtain the file content match information, then the content match information of said content match information and this characteristic information is mated, on coupling; Then skip current file, change the next file of scanning over to.
In addition, preferred when each scanning, when first user side scanned, the characteristic information that will work as secure file in time scanning result deposited the secure file information list of said packet in; , first user side scans when scanning next time according to the record after the last time scanning.
When first user side combines current packet to scan; Be not included in the file in the packet for characteristic information; If when time detection safety; Then can the characteristic information of its this secure file be deposited in the secure file information list of packet, when first user side scans, can scan more fast next time according to the scanning result of last time.In addition, when user side carried out complete scan to each file, if it is dangerous to detect certain file, but the characteristic information of this document was again in packet, then can be with deleting in its secure file information list from packet.
Accordingly,, disclosed herein as well is the structural representation of the quick scanning system of a kind of file, comprising with reference to Fig. 4:
First user side 410, said first user side comprises:
Acquisition module S411 is used to obtain packet; Said packet comprises and is used for confirming whether system's file is the secure file characteristic information of secure file;
Scan process module S412 is used for the file feature information of scanning system file one by one, is that the secure file characteristic information of secure file matees with markup document in the file feature information of current scanning and the said packet; If during coupling, then skip virus killing scanning to current file, continue the next file of scanning; If when not mating, to the current file scanning of killing virus, when sweep time greater than or more than or equal to time threshold and when safe, the secure file characteristic information of this document is updated to packet.
With reference to Fig. 5, the structural representation that it shows the quick scanning system of the preferred a kind of file of the application comprises:
First user side, 510, the second user side crowds 520 and processing center server 530;
Said first user side comprises 510:
Acquisition module S511 is used to obtain packet; Said packet comprises and is used for confirming whether system's file is the secure file characteristic information of secure file;
Scan process module S512; Be used for the file feature information of scanning system file one by one; When if markup document is the secure file characteristic information coupling of secure file in the file feature information of current scanning and the said packet; Then skip virus killing scanning, continue the next file of scanning current file;
Said processing center server 530 is used for adding up the secure file characteristic information that each user side sends to the processing center server and obtains the characteristic information in the said packet;
The characteristic information of the secure file that the said second user side crowd 520 is used to send.
Preferably, described processing center server comprises:
The characteristic information module is used to receive the characteristic information of the secure file that each user side sends; When said characteristic information comprises user side complete scan file, the sweep time of file greater than or more than or equal to the characteristic information of the file of the safety of time threshold;
Statistical module is used for adding up its number of repetition for identical characteristic information;
Extraction module, be used to extract number of repetition greater than or more than or equal to the characteristic information of amount threshold.
Preferably, each user side of the said second user side crowd comprises:
Characteristic acquisition unit, be used for when said sweep time greater than or more than or equal to time threshold and when safe, obtain the characteristic information of file, said characteristic information comprises filename, file size, file modification time and file content descriptor;
The filename computing unit is used for that filename is carried out CRC and calculates, and obtains the filename crc value;
The content description information computing unit is used for that the file content descriptor is carried out Message Digest 5 and calculates, and obtains content match information;
The characteristic information transmitting element is used for the characteristic information that comprises file size, file modification time, filename crc value and content match information is sent.
Preferably, said statistical module comprises: sequencing unit is used for the characteristic information that receives is sorted by gross weight is several again;
The heavy unit that disappears is used for for each same characteristic features information, will belong to the heavily computing that disappears of same characteristic features message that same user side sends;
Statistic unit is used for adding up the number of repetition of each characteristic message to each the same characteristic features information that disappears after weighing.
Preferably, when user side complete scan file:
According to beginning time point when finishing scanning document during scanning document, calling system api function GetTickCount calculated from the sweep time of beginning scanning document when finishing scanning document.
Preferably, after extraction module, also comprise:
Generation unit is used for depositing the said characteristic information that extracts in data file, and generates packet according to said data file.
Preferably,, said packet also comprises before generating:
Remove the unit, be used to receive the characteristic information of the unsafe file that user side sends, do not deposit this characteristic information in data file or characteristic information identical with this characteristic information in the packet is deleted.
Preferably, through following method the characteristic information of said file and the characteristic information in the said packet are mated:
In buffer memory, begin to mate from the highest characteristic information of matching efficiency.
Preferably; When characteristic information coupling in file size and file modification time and the database; Then filename is carried out said CRC and calculate, obtain the filename crc value, and the filename crc value of said filename crc value and this characteristic information is mated;
When the filename crc value of said filename crc value and this characteristic information matees; Then the file content descriptor being carried out said Message Digest 5 calculates; Obtain content match information, and the content match information of said content match information and this characteristic information is mated.
Preferably, also comprise:
Prompting module is used for when scanning for the first time, points out first user side whether to select quick scanning, if select then the characteristic information of scanning document, and calls said packet and matees.
Preferably, also comprise: upgrade logging modle, be used for when first user side scans, the characteristic information that will work as secure file in time scanning result deposits the secure file information list of said packet in; , first user side scans when scanning next time according to the safety records result after the last time scanning.
For system embodiment, because it is similar basically with method embodiment, so description is fairly simple, relevant part gets final product referring to the part explanation of method embodiment.
Each embodiment in this specification all adopts the mode of going forward one by one to describe, and what each embodiment stressed all is and the difference of other embodiment that identical similar part is mutually referring to getting final product between each embodiment.
More than to a kind of file fast scanning method and system that the application provided; Carried out detailed introduction; Used concrete example among this paper the application's principle and execution mode are set forth, the explanation of above embodiment just is used to help to understand the application's method and core concept thereof; Simultaneously, for one of ordinary skill in the art, according to the application's thought, the part that on embodiment and range of application, all can change, in sum, this description should not be construed as the restriction to the application.