CN103049697B - For the file test method and system of enterprise - Google Patents

For the file test method and system of enterprise Download PDF

Info

Publication number
CN103049697B
CN103049697B CN201210487942.8A CN201210487942A CN103049697B CN 103049697 B CN103049697 B CN 103049697B CN 201210487942 A CN201210487942 A CN 201210487942A CN 103049697 B CN103049697 B CN 103049697B
Authority
CN
China
Prior art keywords
file
control server
measured
enterprise
local terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210487942.8A
Other languages
Chinese (zh)
Other versions
CN103049697A (en
Inventor
温铭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qianxin Technology Group Co Ltd
Original Assignee
Beijing Qianxin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qianxin Technology Co Ltd filed Critical Beijing Qianxin Technology Co Ltd
Priority to CN201210487942.8A priority Critical patent/CN103049697B/en
Publication of CN103049697A publication Critical patent/CN103049697A/en
Application granted granted Critical
Publication of CN103049697B publication Critical patent/CN103049697B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a kind of file test method and system for enterprise, to solve the problems, such as that the safety detection method of existing enterprise influences the safe of computer.Described system, which includes local terminal, enterprise intranet control server and outer net control server, the enterprise intranet control server, includes the first receiving module, the fileinfo sent suitable for receiving local terminal by corporate intranet;Sending module, suitable for when the characteristic value of the file to be measured can not be detected in the virus base of enterprise intranet control server, sending the fileinfo to outer net by enterprise's outer net and controlling server;Second receiving module, suitable for receiving the killing result of network service end;Wherein, the sending module is particularly adapted to enterprise intranet control server and sends non-exclusive inquiry request to outer net control server by enterprise's outer net, wherein, fileinfo, the non-exclusive file to be measured for representing each local terminal of enterprise intranet control server synchronous query are included in the inquiry request.

Description

For the file test method and system of enterprise
Technical field
The present invention relates to computer security technique, and in particular to a kind of file test method and system for enterprise.
Background technology
Some enterprises are for the consideration of the factors such as safety, secrecy, and the network environment of enterprise is closing, i.e. enterprise has one The corporate intranet that individual all computers can access, but for enterprise's outer net, most of computer in enterprise is cannot Access.
In the network environment of this closing, usual enterprise is to be equipped with virus base in each computer, is passed through The virus base carries out safety monitoring, checking and killing virus to the file in computer.Due to new virus, therefore disease usually occurs Malicious storehouse needs to upgrade in time just to can ensure that the safety of computer.Most of computer in enterprise can not access enterprise's outer net In the case of, in order that the virus base in computer can be updated, can be in the computer that enterprise can connect enterprise's outer net Off-line tools are installed.Whether the virus base that the off-line tools timing detects network-side by enterprise's outer net has renewal, if having more Newly, just the virus base of network-side is updated into local virus library, then by corporate intranet to the virus in other computers Storehouse is updated.
By above-mentioned method, can preserves virus characteristic popular recently in local virus library.But this The resource of ground virus base is limited, and the virus characteristic of preservation is also limited, therefore does not ensure that killing to virus.And And the time of above-mentioned method renewal virus base is long, if there is a new virus local, local virus library is not due to having more It is new or update, possibly can not killing to the virus, just influence whether the safety of computer.
The content of the invention
In view of the above problems, it is proposed that the present invention so as to provide one kind overcome above mentioned problem or at least in part solve on State the file detecting system for enterprise of problem and the corresponding file test method for being directed to enterprise.
According to one aspect of the present invention, there is provided a kind of file test method for enterprise, including:
Enterprise intranet control server receives the fileinfo that local terminal is sent by corporate intranet, wherein, the text The characteristic value of file to be measured in the local terminal is included in part information, characteristic value is not present in the virus base of local terminal File as file to be measured;
When the characteristic value of the file to be measured can not be detected in the virus base of enterprise intranet control server, pass through enterprise Net out of trade sends the fileinfo to outer net and controls server;
Enterprise intranet control server receives the killing result that outer net control server is directed to file to be measured;
Wherein, sending the fileinfo to outer net by enterprise's outer net controls server to include:
Enterprise intranet control server sends non-exclusive inquiry request to outer net by enterprise's outer net and controls server, its In, fileinfo, each local of the non-exclusive expression enterprise intranet control server synchronous query are included in the inquiry request The file to be measured of terminal.
In the embodiment of the present invention, enterprise intranet control server receives the file that local terminal is sent by corporate intranet and believed After breath, in addition to:Detect the characteristic value that whether there is the file to be measured in the virus base of enterprise intranet control server;If The characteristic value of the file to be measured in the virus base of enterprise intranet control server be present, then generate killing result, and feed back institute Killing result is stated to local terminal.
In the embodiment of the present invention, the enterprise intranet control server receives the text that local terminal is sent by corporate intranet Part information, including:Enterprise intranet control server receives each local terminal and non-exclusive looked into by what corporate intranet was sent simultaneously Request is ask, wherein, fileinfo is included in the inquiry request, the non-exclusive expression local terminal, which is controlled corporate intranet, to be taken Business device carries out shared inquiry.
In the embodiment of the present invention, in addition to:The killing result is fed back to local terminal.
In the embodiment of the present invention, the killing result is fed back to local terminal, including:Enterprise intranet control server is in institute In the inquiry response for stating non-exclusive inquiry request, the killing result is fed back into local terminal.
In the embodiment of the present invention, white and black list is included in virus base, the white list, which is suitable to preserve, is not present peace The characteristic value of full problem, the blacklist are suitable to the characteristic value that safety problem be present.
In the embodiment of the present invention, the characteristic value is obtained by the cryptographic Hash of calculation document, and a characteristic value is unique A corresponding file, the file include file to be measured.
In the embodiment of the present invention, the killing result includes any one of following:Safety problem, text to be measured be present in file to be measured Part is not present safety problem and can not determine that file to be measured whether there is safety problem.
In the embodiment of the present invention, by the white list or blacklist of the killing result renewal for file to be measured to virus base In, the virus base belongs to any one of following:Local terminal and enterprise intranet control server.
According to another aspect of the present invention, there is provided a kind of file detecting system for enterprise, including:Local terminal, Enterprise intranet control server and outer net control server, the enterprise intranet control server, including:
First receiving module, the fileinfo sent suitable for receiving local terminal by corporate intranet, wherein, the file The characteristic value of file to be measured is included in information, characteristic value is not present in file in the virus base of local terminal as text to be measured Part;
Sending module, suitable for as the spy that the file to be measured can not be detected in the virus base of enterprise intranet control server During value indicative, the fileinfo to outer net is sent by enterprise's outer net and controls server;
Second receiving module, suitable for receiving the killing result of network service end;
Wherein, the sending module is particularly adapted to enterprise intranet control server and sends non-exclusive look into by enterprise outer net Ask request to outer net and control server, wherein, fileinfo, the non-exclusive expression corporate intranet are included in the inquiry request Server sync is controlled to inquire about the file to be measured of each local terminal.
In the embodiment of the present invention, in addition to:Detection module, it is in the virus base for detecting enterprise intranet control server The no characteristic value that the file to be measured be present;If the spy of the file to be measured in the virus base of enterprise intranet control server be present Value indicative, then killing result is generated, and feed back the killing result to local terminal.
In the embodiment of the present invention, first receiving module is particularly adapted to receive each local terminal simultaneously and passed through in enterprise The non-exclusive inquiry request sent is netted, wherein, fileinfo is included in the inquiry request, the non-exclusive expression is local eventually End carries out shared inquiry to enterprise intranet control server.
In the embodiment of the present invention, in addition to:Feedback module, suitable for feeding back the killing result to local terminal.
In the embodiment of the present invention, the feedback module, it is particularly adapted to enterprise intranet control server described non-exclusive In the inquiry response of inquiry request, the killing result is fed back into local terminal.
In the embodiment of the present invention, white and black list is included in virus base, the white list, which is suitable to preserve, is not present peace The characteristic value of full problem, the blacklist are suitable to the characteristic value that safety problem be present.
In the embodiment of the present invention, the characteristic value is obtained by the cryptographic Hash of calculation document, and a characteristic value is unique A corresponding file, the file include file to be measured.
In the embodiment of the present invention, the killing result includes any one of following:Safety problem, text to be measured be present in file to be measured Part is not present safety problem and can not determine that file to be measured whether there is safety problem.
In the embodiment of the present invention, the local terminal includes update module;The update module, suitable for text to be measured will be directed to The killing result of part is updated into the white list or blacklist of virus base;The enterprise intranet control server includes renewal mould Block;The update module, suitable for will be updated for the killing result of file to be measured into the white list or blacklist of virus base.
The file of the characteristic value comprising the file to be measured can be believed according to the enterprise intranet control server of the present invention Breath sends to outer net and controls server, thus solves the detection to file to be measured and is confined in the virus base of local library terminal, Need to wait virus base upgrading to complete the perform detection the problem of, achieve quickly determine file security to be measured whether it is beneficial Effect.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of specification, and in order to allow above and other objects of the present invention, feature and advantage can Become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, it is various other the advantages of and benefit it is common for this area Technical staff will be clear understanding.Accompanying drawing is only suitable to the purpose for showing preferred embodiment, and is not considered as to the present invention Limitation.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 shows the file test method flow chart for enterprise provided according to one embodiment of the invention;
Fig. 2 shows the enterprise intranet control server overhaul flow chart provided according to a further embodiment of the invention;With And
Fig. 3 shows the file detecting system structure chart for enterprise of offer according to an embodiment of the invention.
Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in accompanying drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here Limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure Completely it is communicated to those skilled in the art.
Some enterprises are for the consideration of the factors such as safety, secrecy, and the network environment of enterprise is closing, i.e. enterprise has one The corporate intranet that individual all computers can access, but for enterprise's outer net, most of computer in enterprise is cannot Access.
In the network environment of this closing, usual enterprise is to be equipped with local virus library in each computer, Safety monitoring, checking and killing virus are carried out to the file in computer by local virus library.But in the local virus library of computer Can preserves virus characteristic popular recently, and the resource of local virus library is limited, and the virus of preservation is special Sign is also limited, therefore does not ensure that killing to virus.
Moreover, the time of above-mentioned method renewal virus base is long, if local have a new virus, local virus library Updating due to no renewal or, possibly can not killing to the virus, just influence whether the safety of computer.
The embodiment of the present invention provides a kind of file test method for enterprise, and enterprise intranet control server can pass through The fileinfo of file to be measured is sent to outer net and controls server by enterprise's outer net, obtains the killing knot of outer net control server Fruit, so as to whether quickly determine file security to be measured, it is not limited to local virus library and carries out killing, it is sick without waiting The updating result in malicious storehouse.
Fig. 1 shows the file test method flow chart for enterprise provided according to one embodiment of the invention.
Step 101, enterprise intranet control server receives the fileinfo that local terminal is sent by corporate intranet;
Wherein, for the safety of data message in protection enterprise, corporate intranet is configured in the computer system that can be enterprise Server is controlled, the safety of terminal is safeguarded by corporate intranet, controlled.It will then be used in the computer system of enterprise interior The terminal of portion's network is as local terminal, such as computed table, notebook computer, tablet personal computer.
Local terminal can be scanned according to virus base to file, wherein, it can calculate it only for each file One characteristic value, it is scanned in scanning according to its characteristic value.If do not scan this document whether safety, i.e. this document Characteristic value is not present in the virus base of local terminal, then can be using this document as file to be measured, and by the file to be measured Characteristic value be added in fileinfo, then local terminal sends the fileinfo by corporate intranet and gives corporate intranet control Control server.
Certainly, the characteristic value of file to be measured in the local terminal is not only included in the fileinfo, can also be wrapped The information such as title, storage address containing the file to be measured.
Then enterprise intranet control server can receive the fileinfo that local terminal is sent by corporate intranet.
Step 102, when the characteristic value that the file to be measured can not be detected in the virus base of enterprise intranet control server When, the fileinfo to outer net is sent by enterprise's outer net and controls server;
After enterprise intranet control server receives the fileinfo of local terminal transmission, corporate intranet can be used to control The virus base of server detects to the characteristic value of file to be measured.
Due to preserving substantial amounts of virus characteristic in the virus base of outer net control server, resource is very abundant, Ke Yiwei Viral diagnosis provides highly stable, accurate and safe foundation, therefore when can not in the virus base of enterprise intranet control server When detecting the characteristic value of the file to be measured, enterprise intranet control server can send the fileinfo by enterprise's outer net Server is controlled to outer net, allows outer net control server to detect the characteristic value of file to be measured, to determine the text to be measured Whether part is safe.
After outer net control server receives the fileinfo, its own virus base can be used to file to be measured Characteristic value detected, determine the file security to be measured whether and generate killing result, then outer net control server meeting The killing result is fed back into enterprise intranet control server.
Step 103, enterprise intranet control server receives the killing result that network service end is directed to file to be measured.
Enterprise intranet control server can receive the killing result that network service end is directed to file to be measured.Subsequently, enterprise Intranet control server can perform corresponding operation according to the killing result, such as feed back to local terminal, or according to institute Killing result is stated to be updated virus base.
In summary, once in the embodiment of the present invention local terminal and enterprise intranet control server can not determine it is to be measured When whether is file security, it is possible to send the fileinfo of the characteristic value comprising the file to be measured to outer net and control service Device.Therefore, the detection to file to be measured is not only limited in the virus base of local library terminal, also need not just wait virus base to upgrade Complete in perform detection, after the characteristic value of file to be measured is transferred into often service end, due to the virus of outer net control server Substantial amounts of virus characteristic is preserved in storehouse, highly stable, accurate and safe foundation can be provided for the detection of file to be measured, made Whether obtain all can quickly determine file security to be measured.
In the embodiment of the present invention, all kinds of features that safety problem be present are preserved in the virus base of outer net control server Value, therefore, outer net control server can detect according to its virus base to file to be measured, and obtain testing result generation and look into Kill result.
Wherein, for outer net control server as safety-related service end, the characteristic value preserved in its virus base is most complete Face, it can have been preserved all characteristic values that safety problem be present since history again.And local terminal and corporate intranet Resource-constrained in server is controlled, therefore in actual treatment, is often obtained in preset time(Such as 1 month)Peace be present all kinds of The characteristic value of top N, such as virus characteristic popular in the recent period are come in the characteristic value of full problem, these are come into top N The characteristic value that safety problem be present is saved in the virus base of local terminal and enterprise intranet control server, for user to file Detected.
But also just because of the feature that safety problem in the virus base of local terminal and enterprise intranet control server be present It is worth fewer, so if only being detected according to this, is often possible to whether file security can not be determined, therefore the embodiment of the present invention Support that the characteristic value of file to be measured is transferred into outer net control server is comprehensively detected.
Also, due to some special executable files in enterprise, often due to it will perform some special functions, Such as monitor, the condition code in itself writing can be caused consistent with the condition code in some viruses, now according to condition code Situations such as wrong report may be had by carrying out file detection, and therefore, the embodiment of the present invention is when detecting file using file Characteristic value.
Characteristic value described in the embodiment of the present invention is obtained by the cryptographic Hash of calculation document, and a characteristic value is uniquely right A file is answered, the file includes file to be measured.For example, the MD5 values using MD5 algorithm calculation documents.
In order to further reduce the generation of wrong report, the virus base in the embodiment of the present invention can use black, white list shape White and black list is included in formula, i.e. virus base, the white list is suitable to preserve the characteristic value in the absence of safety problem, described Blacklist is suitable to the characteristic value that safety problem be present.Therefore, user can be by the characteristic value of its special executable file It is added in white list, to prevent the situation of wrong report.
In summary, characteristic value of the embodiment of the present invention is obtained by the cryptographic Hash of calculation document, and a characteristic value is only An one corresponding file, so as to occur the problem of can reducing wrong report when being detected according to characteristic value.
The virus base of the embodiment of the present invention can use black, white list form, so that user can be special by its The characteristic value of executable file be added in white list, to prevent the situation of wrong report.
Fig. 2 shows the enterprise intranet control server overhaul flow chart provided according to a further embodiment of the invention.
Optionally, after enterprise intranet control server receives the fileinfo that local terminal is sent by corporate intranet, Also include:
Step 201, the characteristic value that whether there is the file to be measured in the virus base of enterprise intranet control server is detected;
Enterprise intranet control server, can be with after the fileinfo that local terminal is sent by corporate intranet is received The characteristic value of the file to be measured is detected using the virus base of enterprise intranet control server, detects the file to be measured Characteristic value whether there is in the virus base of enterprise intranet control server.
If so, the characteristic value of the file to be measured in the virus base of enterprise intranet control server be present, then subsequently hold Row step 202;If it is not, i.e. in the virus base of enterprise intranet control server be not present the file to be measured characteristic value, then after It is continuous to perform step 203.
Step 202, killing result is generated;
If the characteristic value of the file to be measured in the virus base of enterprise intranet control server be present, detection can be based on As a result killing result is generated.
For example, virus base uses black, white list form, if the characteristic value of the file to be measured is present in white list, The characteristic value for then illustrating the file to be measured is the characteristic value in the absence of safety problem, then corresponding killing result can be peace Entirely, or safety problem etc. is not present in file to be measured.If the characteristic value of the file to be measured is present in blacklist, illustrate described in The characteristic value of file to be measured is the characteristic value for existing safety problem, then corresponding killing result can be dangerous, or text to be measured Safety problem etc. be present in part.
Step 203, the fileinfo to outer net is sent by enterprise's outer net and controls server;
If the characteristic value of the file to be measured, i.e. corporate intranet control are not present in the virus base of enterprise intranet control server When the characteristic value of the file to be measured can not be detected in the virus base of control server, local terminal can be sent out by enterprise's outer net The fileinfo to outer net is sent to control server.
After outer net control server receives fileinfo, the characteristic value of file to be measured can also be detected.If outer net The virus base of control server uses black, white list form, then detection method and enterprise intranet control server are basically identical, If the characteristic value of the file to be measured is present in white list, corresponding killing result can be safety, or file to be measured is not Safety problem etc. be present.If the characteristic value of the file to be measured is present in blacklist, corresponding killing result can be not Safety problem etc. be present in safety, or file to be measured.Certainly, if the characteristic value of the file to be measured is not present and blacklist, In the absence of with white list, then corresponding killing result can be can not determine, or can not determine file to be measured with the presence or absence of peace Full problem etc..
After outer net control server generation killing result, the killing result of file to be measured can be sent to corporate intranet control Control server.
Step 204, the killing result that outer net control server is directed to file to be measured is received;
Enterprise intranet control server can receive the killing result that outer net control server is sent.
Wherein, can also be according to killing result synchronized update enterprise after enterprise intranet control server receives killing result In the industry in the virus base of network control control server, the characteristic value of the file to be measured is updated into white list or blacklist, certainly, If whether outer net control server also can not determine file security to be measured, it is possible to without renewal.
Step 205, the killing result is fed back to local terminal;
Enterprise intranet control server by corporate intranet described in it is determined that after the killing result of file to be measured, can be fed back Killing result is to local terminal.
Now, local terminal can also according to the virus base of killing result synchronized update local terminal, method with enterprise The method of network control control server is based on unanimously, and here is omitted.
, can be not just in addition, after enterprise intranet control server determines the killing result of a certain file to be measured The local terminal for uploading the file to be measured is updated, and can give other local terminals with synchronous driving so that in the enterprise All local terminals can determine the whether safe of the file to be measured, avoid the occurrence of repetition and upload corporate intranet control service Device and the problem of waste of resource.
In summary, the embodiment of the present invention determine file security to be measured whether after, can synchronously by killing result renewal arrive In each local terminal of corporate intranet, and update into enterprise intranet control server, avoid the occurrence of repetition and upload enterprise Intranet control server and the problem of waste of resource.
Optionally, the enterprise intranet control server receives the fileinfo that local terminal is sent, including:
Enterprise intranet control server receives the non-exclusive inquiry that each local terminal is sent by corporate intranet simultaneously please Ask, wherein, fileinfo is included in the inquiry request, the non-exclusive expression local terminal is to enterprise intranet control server Carry out shared inquiry.
In the embodiment of the present invention, local terminal can be by the non-exclusive inquiry request that corporate intranet is sent to corporate intranet Server is controlled, non-monopolize refers to local terminal when sending inquiry request to enterprise intranet control server, Ke Yiduo Individual terminal sends the inquiry request simultaneously, i.e. local terminal carries out shared inquiry to enterprise intranet control server.It is described to look into Asking request includes fileinfo.
When enterprise intranet control server sends the fileinfo to outer net control server by enterprise's outer net, also may be used To use non-exclusive inquiry request, fileinfo is included in inquiry request.
I.e. enterprise intranet control server receives the inquiry request of each local terminal simultaneously after, if wherein some locals Whether safe the file to be measured of terminal transmission can not all determine, in order to whether determine file security to be measured as early as possible, while reduce money The waste in source, enterprise intranet control server can synchronously send inquiry request and be inquired about to outer net control server.
Optionally, the killing result is fed back to terminal, including:
Enterprise intranet control server is anti-by the killing result in the inquiry response of the non-exclusive inquiry request Feed terminal.
The embodiment of the present invention does not determine to be measured to strengthen the security of local terminal in enterprise intranet control server When whether file security to be, will not feedback data to local terminal, file to be measured will be kept in local terminal detection when shape State.
Enterprise intranet control server can be fed back it is determined that after killing result to the non-exclusive inquiry request of local terminal Inquiry response, the killing result is included in inquiry response.
Therefore, the killing result that local terminal eventually receives includes any one of following:File to be measured exist safety problem, File to be measured is not present safety problem and can not determine that file to be measured whether there is safety problem.
The treatment measures to every killing result can be pre-configured with local terminal, can be according to treatment measures to text to be measured Part is handled.For example, when file to be measured has safety problem, file to be measured can be deleted;File to be measured is not present safety and asked Topic, any operation can not be carried out to file to be measured;It can not determine that file to be measured whether there is safety problem, can be to text to be measured Part carries out limitation operation, such as isolates, do not run.Other treatment measures can certainly be taken, the present invention is not limited this It is fixed.
Fig. 3 shows the file detecting system structure chart for enterprise provided according to one embodiment of the invention.
Accordingly, present invention also offers a kind of file detecting system for enterprise, including:In local terminal 1, enterprise Network control control server 2 and outer net control server 3.
The enterprise intranet control server 2, including:
First receiving module 21, the fileinfo sent suitable for receiving local terminal by corporate intranet, wherein, the text The characteristic value of file to be measured is included in part information, characteristic value is not present in file in the virus base of local terminal as to be measured File;
Sending module 22, suitable for when the file to be measured can not be detected in the virus base of enterprise intranet control server During characteristic value, the fileinfo to outer net is sent by enterprise's outer net and controls server;
Second receiving module 23, suitable for receiving the killing result of network service end;
Feedback module 24, suitable for feeding back the killing result to terminal.
Optionally, in addition to:
Detection module, it is adapted to detect for whether there is in the virus base of enterprise intranet control server the spy of the file to be measured Value indicative;If the characteristic value of the file to be measured in the virus base of enterprise intranet control server be present, killing result is generated, and The killing result is fed back to local terminal.
Optionally, the first receiving module 21, be particularly adapted to receive simultaneously each local terminal sent by corporate intranet it is non- Exclusive inquiry request, wherein, fileinfo is included in the inquiry request, the non-exclusive expression local terminal is in enterprise Network control control server carries out shared inquiry.
Optionally, feedback module 24, it is particularly adapted in the inquiry response of the non-exclusive inquiry request, is looked into described Kill result and feed back to local terminal.
Optionally, sending module 22, it is non-exclusive by enterprise's outer net transmission to be particularly adapted to enterprise intranet control server Inquiry request to outer net controls server, wherein, include fileinfo in the inquiry request, it is described non-exclusive to represent in enterprise The file to be measured of each local terminal of network control control server synchronous query.
Optionally, white and black list is included in virus base, the white list is suitable to preserve in the absence of safety problem Characteristic value, the blacklist are suitable to the characteristic value that safety problem be present.
Optionally, the characteristic value is obtained by the cryptographic Hash of calculation document, and a characteristic value is uniquely corresponding one File, the file include file to be measured.
Optionally, the killing result includes any one of following:There is safety problem in file to be measured, file to be measured is not present Safety problem and it can not determine that file to be measured whether there is safety problem.
Optionally, local terminal 1 includes:Update module, for the killing result renewal for file to be measured to be arrived into virus In the white list or blacklist in storehouse.
Enterprise intranet control server 2, in addition to:Update module, for will be updated for the killing result of file to be measured Into the white list or blacklist of virus base.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein. Various general-purpose systems can also be used together with teaching based on this.As described above, required by constructing this kind of system Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that it can utilize various Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair Bright preferred forms.
In the specification that this place provides, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect, Above in the description to the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:I.e. required guarantor The application claims of shield features more more than the feature being expressly recited in each claim.It is more precisely, such as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following embodiment are expressly incorporated in the embodiment, wherein each claim is in itself Separate embodiments all as the present invention.
Those skilled in the art, which are appreciated that, to be carried out adaptively to the module in the equipment in embodiment Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any Combination is to this specification(Including adjoint claim, summary and accompanying drawing)Disclosed in all features and so disclosed appoint Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification(Including adjoint power Profit requirement, summary and accompanying drawing)Disclosed in each feature can be by providing the alternative features of identical, equivalent or similar purpose come generation Replace.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments In included some features rather than further feature, but the combination of the feature of different embodiments means in of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed One of meaning mode can use in any combination.
The all parts embodiment of the present invention can be realized with hardware, or to be run on one or more processor Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that it can use in practice Microprocessor or digital signal processor(DSP)To realize the file detecting system for enterprise according to embodiments of the present invention In some or all parts some or all functions.The present invention is also implemented as being adapted for carrying out as described herein Some or all equipment or program of device of method(For example, computer program and computer program product).So Realization the present invention program can store on a computer-readable medium, or can have one or more signal shape Formula.Such signal can be downloaded from internet website and obtained, and either be provided or with any other shape on carrier signal Formula provides.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of some different elements and being come by means of properly programmed computer real It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame Claim.

Claims (18)

1. a kind of file test method for enterprise, including:
Enterprise intranet control server receives the fileinfo that each local terminal is sent by corporate intranet simultaneously, wherein, it is described The characteristic value of file to be measured in the local terminal is included in fileinfo, characteristic value is not present in the virus base of local terminal In file as file to be measured;
When the characteristic value of the file to be measured can not be detected in the virus base of enterprise intranet control server, by enterprise outside Net sends the fileinfo to outer net and controls server;
Enterprise intranet control server receives the killing result that outer net control server is directed to file to be measured;
Enterprise intranet control server feeds back the killing result to local terminal;
Wherein, sending the fileinfo to outer net by enterprise's outer net controls server to include:
Enterprise intranet control server sends non-exclusive inquiry request to outer net by enterprise's outer net and controls server, wherein, Fileinfo, each local terminal of the non-exclusive expression enterprise intranet control server synchronous query are included in the inquiry request File to be measured.
2. the method as described in claim 1, enterprise intranet control server receives what local terminal was sent by corporate intranet After fileinfo, in addition to:
Detect the characteristic value that whether there is the file to be measured in the virus base of enterprise intranet control server;
If the characteristic value of the file to be measured in the virus base of enterprise intranet control server be present, killing result is generated, and The killing result is fed back to local terminal.
3. the method as described in claim 1, the enterprise intranet control server receives each local terminal simultaneously and passes through enterprise The fileinfo that Intranet is sent, including:
Enterprise intranet control server receives the non-exclusive inquiry request that each local terminal is sent by corporate intranet simultaneously, its In, fileinfo is included in the inquiry request, the non-exclusive expression local terminal is carried out to enterprise intranet control server Shared inquiry.
4. the method as described in claim 1, the killing result is fed back to local terminal, including:
Enterprise intranet control server feeds back to the killing result in the inquiry response of the non-exclusive inquiry request Local terminal.
5. the method as described in claim 1 or 2 is any, white and black list is included in virus base, the white list is suitable to The characteristic value in the absence of safety problem is preserved, the blacklist is suitable to the characteristic value that safety problem be present.
6. the method as described in claim 1 or 2 is any, the characteristic value is obtained by the cryptographic Hash of calculation document, one Uniquely a corresponding file, the file include file to be measured to individual characteristic value.
7. method as claimed in claim 5, the characteristic value is obtained by the cryptographic Hash of calculation document, a characteristic value Uniquely a corresponding file, the file include file to be measured.
8. the method as described in claim 1,2 or 4 are any, the killing result includes any one of following:File to be measured is present Safety problem, file to be measured are not present safety problem and can not determine that file to be measured whether there is safety problem.
9. according to the method for claim 5, by for file to be measured killing result renewal to virus base white list or In blacklist, the virus base belongs to any one of following:Local terminal and enterprise intranet control server.
10. a kind of file detecting system for enterprise, including:Local terminal, enterprise intranet control server and outer net control Server, the enterprise intranet control server, including:
First receiving module, the fileinfo sent suitable for receiving each local terminal simultaneously by corporate intranet, wherein, the text The characteristic value of file to be measured is included in part information, characteristic value is not present in file in the virus base of local terminal as to be measured File;
Sending module, suitable for when the characteristic value that the file to be measured can not be detected in the virus base of enterprise intranet control server When, the fileinfo to outer net is sent by enterprise's outer net and controls server;
Second receiving module, suitable for receiving the killing result of network service end;
Feedback module, suitable for feeding back the killing result to local terminal;
Wherein, the sending module be particularly adapted to enterprise intranet control server non-exclusive inquiry is sent by enterprise outer net please Ask to outer net and control server, wherein, fileinfo, the non-exclusive expression corporate intranet control are included in the inquiry request Server sync inquires about the file to be measured of each local terminal.
11. system as claimed in claim 10, in addition to:
Detection module, it whether there is the feature of the file to be measured in the virus base for detecting enterprise intranet control server Value;If the characteristic value of the file to be measured in the virus base of enterprise intranet control server be present, killing result is generated, and instead The killing result is presented to local terminal.
12. system as claimed in claim 10, first receiving module, it is particularly adapted to receive each local terminal simultaneously and passes through The non-exclusive inquiry request that corporate intranet is sent, wherein, fileinfo, the non-exclusive expression are included in the inquiry request Local terminal carries out shared inquiry to enterprise intranet control server.
13. system as claimed in claim 10, the feedback module, it is particularly adapted to enterprise intranet control server described non- In the inquiry response of exclusive inquiry request, the killing result is fed back into local terminal.
14. the system as described in claim 10 or 11 is any, white and black list is included in virus base, the white list is fitted In preserving the characteristic value in the absence of safety problem, the blacklist is suitable to the characteristic value that safety problem be present.
15. the system as described in claim 10 or 11 is any, the characteristic value is obtained by the cryptographic Hash of calculation document, Uniquely a corresponding file, the file include file to be measured to one characteristic value.
16. system as claimed in claim 14, the characteristic value is obtained by the cryptographic Hash of calculation document, a feature Uniquely a corresponding file, the file include file to be measured to value.
17. the system as described in claim 10,11 or 13 are any, the killing result includes any one of following:File to be measured Safety problem be present, safety problem is not present in file to be measured and can not determine that file to be measured whether there is safety problem.
18. system according to claim 14, the local terminal includes update module;
The update module, suitable for will be updated for the killing result of file to be measured into the white list or blacklist of virus base;
The enterprise intranet control server includes update module;
The update module, suitable for will be updated for the killing result of file to be measured into the white list or blacklist of virus base.
CN201210487942.8A 2012-11-26 2012-11-26 For the file test method and system of enterprise Active CN103049697B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210487942.8A CN103049697B (en) 2012-11-26 2012-11-26 For the file test method and system of enterprise

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210487942.8A CN103049697B (en) 2012-11-26 2012-11-26 For the file test method and system of enterprise

Publications (2)

Publication Number Publication Date
CN103049697A CN103049697A (en) 2013-04-17
CN103049697B true CN103049697B (en) 2017-12-05

Family

ID=48062330

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210487942.8A Active CN103049697B (en) 2012-11-26 2012-11-26 For the file test method and system of enterprise

Country Status (1)

Country Link
CN (1) CN103049697B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103294955B (en) * 2013-06-28 2016-06-08 北京奇虎科技有限公司 Macrovirus checking and killing method and system
CN104331660A (en) * 2014-10-31 2015-02-04 北京奇虎科技有限公司 Method, device and system for repairing system file
CN105354499A (en) * 2015-12-15 2016-02-24 北京金山安全管理系统技术有限公司 Virus searching and killing method and device
CN105426757A (en) * 2015-12-15 2016-03-23 北京金山安全管理系统技术有限公司 Method for conducting security defense on files to be operated
CN106856478A (en) * 2016-12-29 2017-06-16 北京奇虎科技有限公司 A kind of safety detection method and device based on LAN
CN109922041A (en) * 2019-01-18 2019-06-21 阿里巴巴集团控股有限公司 A kind of file data access system, method and electronic equipment
CN110084041A (en) * 2019-04-29 2019-08-02 深信服科技股份有限公司 Querying method, device, client, management end and the storage medium of virus document

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6963978B1 (en) * 2001-07-26 2005-11-08 Mcafee, Inc. Distributed system and method for conducting a comprehensive search for malicious code in software
CN1185585C (en) * 2002-09-27 2005-01-19 周志艳 Method of constructing office work application network and its device
CN101621511A (en) * 2009-06-09 2010-01-06 北京安天电子设备有限公司 Multilayer detecting method without local virus library and multilayer detecting system
CN101588360A (en) * 2009-07-03 2009-11-25 深圳市安络大成科技有限公司 Associated equipment and method for internal network security management
CN102081714A (en) * 2011-01-25 2011-06-01 潘燕辉 Cloud antivirus method based on server feedback
CN102811213A (en) * 2011-11-23 2012-12-05 北京安天电子设备有限公司 Fuzzy hashing algorithm-based malicious code detection system and method
CN102413142A (en) * 2011-11-30 2012-04-11 华中科技大学 Active defense method based on cloud platform

Also Published As

Publication number Publication date
CN103049697A (en) 2013-04-17

Similar Documents

Publication Publication Date Title
CN103020520B (en) Enterprise-based document security detection method and system
CN103049697B (en) For the file test method and system of enterprise
CN103281325B (en) Document handling method and device based on cloud security
US20210240604A1 (en) Api driven continuous testing systems for testing disparate software
USRE47558E1 (en) System, method, and computer program product for automatically identifying potentially unwanted data as unwanted
CN104539584B (en) The anti-method for implanting of browser, browser client and device
CN105868635B (en) Method and apparatus for coping with Malware
US9686303B2 (en) Web page vulnerability detection method and apparatus
US8230497B2 (en) Method of identifying software vulnerabilities on a computer system
Coronado et al. Healthcare cybersecurity risk management: Keys to an effective plan
CN102945348B (en) Fileinfo collection method and device
US20040088564A1 (en) Method of hindering the propagation of a computer virus
US20120266245A1 (en) Multi-Nodal Malware Analysis
CN106302383B (en) The processing method and processing unit of data access request
CN107533608A (en) Credible renewal
US8443447B1 (en) Apparatus and method for detecting malware-infected electronic mail
CN102546576A (en) Webpagehanging trojan detecting and protecting method and system as well as method for extracting corresponding code
JP2011518278A (en) Wind turbine configuration management system and its central computer system
CN105208108B (en) File upload/method for down loading and system, server, client under Web environment
CN107656742A (en) A kind of software product dissemination method and device
CN106790291A (en) A kind of intrusion detection reminding method and device
CN106506545A (en) A kind of network security threats assessment system and method
US20080072325A1 (en) Threat detecting proxy server
CN102957690B (en) Website security verification method and system
CN108388631A (en) A kind of method, agent apparatus and system threatening intelligence sharing

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20161206

Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26,

Applicant after: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD.

Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park)

Applicant before: Beijing Qihu Technology Co., Ltd.

Applicant before: Qizhi Software (Beijing) Co., Ltd.

GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing.

Patentee after: Qianxin Technology Group Co., Ltd.

Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing.

Patentee before: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD.