Background technology
Along with the extensive utilization of computer technology every field in social life, rogue program (Malwar, malicioussoftware, refers to that any intentional establishment is used for performing without permission and the software program of normally harmful act) also come one after another as its accessory.Due to infectivity, replicability and destructiveness that these rogue programs have, it has become the significant problem that puzzlement computing machine uses.
Therefore, in today that Cyberthreat is growing, upgrade the work that virus signature becomes enterprise and netizen's indispensability every day, from weekly to once a day, until the moment upgrade, user expect by the coupling of virus signature avoid computer equipment affect by rogue program.And traditional antivirus software virus base is placed on client computer, the analytical work of file is carried out in client, can repeatedly compare in local virus library in scanning process, take a large amount of system resource, and along with the continuous upgrading of virus base, the capacity of virus base is increasing, time spent during Study document is also more and more longer, causes the system resource of client computer to take too much, and performance reduces, therefore, anti-virus industry must find new technological breakthrough.
" cloud security (CloudSecurity) " plan is the up-to-date embodiment of information security cybertimes, it has merged the emerging technology concepts such as parallel processing, grid computing, unknown virus behavior judgement, by " theory of cloud computing has been applied to security fields.
Cloud killing refers to and virus base is placed on service end, because the virus base of service end upgrades sooner, more in time, can carry out the technology of killing after networking fast.After employing cloud killing technology scans USB flash disk (movable storage device), common way is left on local computing device at the danger (being judged as malicious file) obtained after cloud killing scanning or apocrypha.
Due to the danger obtained after carrying out cloud killing to USB flash disk or apocrypha have been left on local computing device, so when USB flash disk is moved to another computing equipment from local computing device, if now will recover the danger of deleting or apocrypha on another computing equipment by mistake, be then out of the question.
Causing the problem being difficult to based on movable storage device, file be carried out to other process follow-up for storing segregate file in computing equipment side in correlation technique, not yet proposing effective solution at present.
Summary of the invention
In view of the above problems, the present invention is proposed to provide a kind of overcoming the problems referred to above or the document handling method of movable storage device solved the problem at least in part and corresponding document handling apparatus.
According to one aspect of the present invention, provide the document handling method of movable storage device, this document handling method comprises:
Whether scan the storage space of movable storage device, judging to comprise in storage space needs file to be processed;
Need file to be processed if comprised, then in storage space, create file, and file need be put into by file to be processed;
According to instruction, the file stored in file is processed.
Wherein, whether judge to comprise in storage space needs file to be processed to comprise:
Judge whether storage space comprises apocrypha and/or malicious file;
If storage space comprises apocrypha and/or malicious file, then the apocrypha in storage space and/or malicious file are defined as needing file to be processed.
Further, need after file to be processed puts into file, document handling method comprises further:
Receive from the instruction of user, determine to need to the file in file the process carried out according to instruction.
In addition, when the file be designated as in recovery file folder from user, process is carried out to the file in file and comprises:
By the file access pattern in file to former memory location.
And, when the file be designated as in Delete Folder from user, process is carried out to the file in file and comprises:
By the file erase in file.
According to a further aspect in the invention, provide a kind of document handling apparatus of movable storage device, this document handling apparatus comprises:
Judge module, whether for scanning the storage space of movable storage device, judging to comprise in storage space needs file to be processed;
Configuration module, when needing file to be processed for comprising in judgement, creating file, and need put into file by file to be processed in storage space;
Processing module, for processing the file stored in file according to instruction.
Wherein, judge module is for judging whether storage space comprises apocrypha and/or malicious file; And when judging that storage space comprises apocrypha and/or malicious file, the apocrypha in storage space and/or malicious file are defined as need file to be processed.
Further, this document handling apparatus comprises further:
Determination module, for after file to be processed puts into file, need receiving the instruction from user, and determines to need to the file in file the process carried out according to instruction.
In addition, when the file be designated as in recovery file folder from user, processing module is used for the file access pattern in file to former memory location.
And when the file be designated as in Delete Folder from user, processing module is used for the file erase in file.
Can by scanning the storage space of movable storage device according to the document handling method of movable storage device of the present invention and document handling apparatus, when judging there is need file to be processed in storage space, file is set up in the storage space of this movable storage device, and this file need be put into process by file to be processed, solve thus and store segregate file in computing equipment side and cause being difficult to carry out the follow-up problem that other process based on movable storage device to file, achieve storage in the storage space of movable storage device and need file to be processed, even if movable storage device is connected with other computing machine, efficient recovery can be had equally or consult the file of the former storage of movable storage device, avoid the beneficial effect operating the problem that cannot carry out.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of instructions, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.
Embodiment
Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.
According to embodiments of the invention, provide a kind of document handling method of movable storage device.
As shown in Figure 1, the document handling method of movable storage device comprises:
Step S101, scans the storage space of movable storage device, and whether judge to comprise in storage space needs file to be processed;
Step S103, needs file to be processed if comprised, then in storage space, creates file, and need put into file by file to be processed;
Step S105, processes the file stored in file according to instruction.
Wherein, whether judge to comprise in storage space needs file to be processed to comprise:
Judge whether storage space comprises apocrypha and/or malicious file;
If storage space comprises apocrypha and/or malicious file, then the apocrypha in storage space and/or malicious file are defined as needing file to be processed.
Further, need after file to be processed puts into file, document handling method comprises further:
Receive from the instruction of user, determine to need to the file in file the process carried out according to instruction.
In addition, when the file be designated as in recovery file folder from user, process is carried out to the file in file and comprises:
By the file access pattern in file to former memory location.
And, when the file be designated as in Delete Folder from user, process is carried out to the file in file and comprises:
By the file erase in file.
Such as, be connected to by movable storage device on a computing equipment, the file after server networking in scanning user's USB flash disk (movable storage device), finds the file hierarchies that the md5 of file is corresponding; Wherein, server scan for inquiries background grade, the md5 of different files and the file hierarchies of correspondence are preserved in backstage.File hierarchies is mainly according to the static nature in program file, as via md5-challenge (Message-DigestAlgorithm5, be called for short md5) the md5 identifying code that draws of computing, or SHA1 code, or cyclic redundancy check (CRC) (CyclicRedundancyCheck, being called for short CRC) code etc. can the condition code of unique identification original program, also can be the static nature string in program file.
First, in the server, if the file hierarchies yardage value that file is corresponding is 10-20 is white (i.e. secure file, or be called trusted file), the file hierarchies yardage value that file is corresponding is 30 is unknown (i.e. apocryphas), not white list (white list can be the list of trusted file), also not blacklist (blacklist can be the list of malicious file), the file hierarchies yardage value that file is corresponding is 50-70 is all black (i.e. malicious file).When USB flash disk connects cloud database, this yardage value can be inquired according to the md5 of file.
Then isolated area (namely at the file that the storage space of movable storage device creates) is put in the danger found (maliciously) or apocrypha.It should be noted that in certain embodiments, apocrypha also can not put into isolated area.
Retouch for u sweeping the grade that backstage adopts, if not the grade of the PE file of certain file mainly collected according to backstage the grade >=30 of PE file, is then apocrypha; If PE file hierarchies >=50, then it is dangerous (maliciously) file; If grade=70 of PE file, then it is wooden horse file.
As shown in Figure 2, be the scanning result to the file in movable storage device.When a computing equipment inserts movable storage device, when cloud killing scans and confirms that file has abnormal, comprising file is apocrypha, dangerous file or wooden horse file.
Such as, in fig. 2, the file that file is called auto.bat is apocrypha, and it is wooden horse file that file is called the file that setup-guiying.exe and file be called pucgc5951 hurricane .exe.
User can select wouldn't process, process immediately or process immediately and scan the instructions such as USB flash disk comprehensively.
After user selects " processing immediately " instruction, creating the file of " off-limit file " at u dish, processing needing file to be processed to put in the file of " off-limit file ".
If the danger be placed in isolated area or apocrypha are reported by mistake or process by mistake, and when needing to recover this danger or apocrypha, directly from this isolated area, this danger or apocrypha are returned to its original position.
According to embodiments of the invention, provide a kind of document handling apparatus of movable storage device.
As shown in Figure 3, the document handling apparatus of movable storage device comprises:
Judge module 31, whether for scanning the storage space of movable storage device, judging to comprise in storage space needs file to be processed;
Configuration module 32, when needing file to be processed for comprising in judgement, creating file, and need put into file by file to be processed in storage space;
Processing module 33, for processing the file stored in file according to instruction.
Wherein, judge module 31 is for judging whether storage space comprises apocrypha and/or malicious file; And when judging that storage space comprises apocrypha and/or malicious file, the apocrypha in storage space and/or malicious file are defined as need file to be processed.
Further, this document handling apparatus comprises further:
Determination module (not shown), for after file to be processed puts into file, need receiving the instruction from user, and determines to need to the file in file the process carried out according to instruction.
In addition, when from user be designated as recovery file folder in file, processing module 33 for by the file access pattern in file to former memory location.
And when the file be designated as in Delete Folder from user, processing module 33 is for by the file erase in file.
By means of technical scheme of the present invention, the movable storage device of such as USB flash disk and so on is connected on any computing equipment, can both recovers on this movable storage device previously by the danger (maliciously) of deleting or apocrypha by mistake at this computing equipment.
In sum, by means of technique scheme of the present invention, by scanning the storage space of movable storage device, when judging there is need file to be processed in storage space, file is set up in the storage space of this movable storage device, and this file need be put into process by file to be processed, can store in the storage space of movable storage device and need file to be processed, even if movable storage device is connected with other computing machine, efficient recovery can be had equally or consult the file of the former storage of movable storage device, avoid operating the problem that cannot carry out.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.
In instructions provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.
In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary array mode.
All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the some or all parts in the document handling method of the movable storage device of the embodiment of the present invention and document handling apparatus equipment.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.
The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.