CN103093145A - Method and device and system for scanning mobile storage device - Google Patents
Method and device and system for scanning mobile storage device Download PDFInfo
- Publication number
- CN103093145A CN103093145A CN2013100206387A CN201310020638A CN103093145A CN 103093145 A CN103093145 A CN 103093145A CN 2013100206387 A CN2013100206387 A CN 2013100206387A CN 201310020638 A CN201310020638 A CN 201310020638A CN 103093145 A CN103093145 A CN 103093145A
- Authority
- CN
- China
- Prior art keywords
- list
- root directory
- file
- storage device
- directory file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, a device and a system for scanning a mobile storage device and relates to the technical field of information security. The method comprises the steps of enumerating root directory files of the mobile storage device, adding root directory files matched with a blacklist, a special rule list or a cloud query type list to a scan list, scanning non-root directory files of the mobile storage device, adding items, matched with non-root directory paths, in the blacklist to the scan list, sending a cloud query type in the scan list to a server end, preserving security information fed back by the server end in the scan list, matching all items of the scan list with a white list, modifying security information of the matched items to trusty information, and displaying information in the scan list. According the technical scheme, when the mobile storage device is connected to a terminal, the mobile storage device can be scanned, risky files can be effectively tracked, and therefore the problem that the risky files in the mobile storage device damage safety of the terminal is solved.
Description
Technical field
The present invention relates to field of information security technology, be specifically related to a kind of methods, devices and systems that scan movable storage device.
Background technology
Movable storage device refers to the memory device that can move comprise USB flash disk, portable hard drive and flash card etc. between different terminals.People often use movable storage device carry out file backup, carry and shift.Some movable storage devices are with USB(Universal Serial BUS, USB (universal serial bus)) interface, in the time need to carrying out the read-write of data to this movable storage device, it need to be connected on computing machine by USB (universal serial bus), and after finishing using, need program according to the rules that it could be extracted from USB (universal serial bus) after the computing machine unloading.For example, usually need the user to click the button that is shown as " safe deleting hardware " in the taskbar lower right corner, after ejecting " safety deleting USB Mass Storage Device-driver " prompting, click this prompting, by the time after " safe deleting hardware " button disappears, movable storage device can be extracted from USB (universal serial bus).
Along with the development of network technology, numerous viruses for movable storage device, wooden horse etc. have also appearred, serious harm computer security.And due to the mobility of movable storage device, can propagate on a lot of computing machines in infection virus.
Therefore, need to when movable storage device is connected on computing machine, scan to discover and seize risky file to it.
Summary of the invention
In view of the above problems, the present invention has been proposed in order to a kind of a kind of methods, devices and systems that scan movable storage device that overcome the problems referred to above or address the above problem at least in part are provided.
According to one aspect of the present invention, a kind of method that scans movable storage device is provided, wherein, the method comprises:
Enumerate the root directory file of described movable storage device, for at least one root directory file of enumerating, judging whether this root directory file mates any one in the blacklist of pre-save, special rules list or the list of cloud query type, is this root directory file to be added in scan list;
Scan the non-root directory file of described movable storage device, if having with blacklist in the non-root directory file of non-root directory route matching, the non-root directory file with this coupling adds in described scan list;
Cloud query type in scan list is sent to server end carry out Safety query, the security information correspondence that server end is fed back is saved in scan list;
White list with every in scan list with pre-save mates, and the security information of occurrence is revised as trusted;
Information in the display scan list.
Alternatively, the root directory file of enumerating described movable storage device comprises: if the quantity of the root directory file of described movable storage device is less than or equals predetermined number, enumerate whole root directory files of described movable storage device; If the quantity of the root directory file of described movable storage device more than predetermined number, is enumerated the root directory file of the described predetermined number of described movable storage device.
Alternatively, the information in described display scan list comprises: if comprise hidden file in scan list, point out the user whether to show hidden file, when the user selects to confirm, show hidden file.
Alternatively, after the information in described display scan list, the method further comprises: according to user instruction, the item that the safety information table in scan list is shown with risk is carried out respective handling; After finishing dealing with, result is showed on the user interface of computing machine.
Alternatively, before the described root directory file of enumerating described movable storage device, the method further comprises: check the autorun.inf file in described movable storage device, judge whether the executable file that this autorun.inf file points to exists risk, this executable file to be added in scan list, and the file that stops the self-starting autorun.inf of system file to point to.
Alternatively, before the information in described display scan list, the method further comprises: the every of scan list and trusted list are mated, the security information of occurrence is revised as trusted.
Alternatively, described at least one root directory file for enumerating, judge whether this root directory file mates any one in the blacklist of pre-save, special rules list or the list of cloud query type, is to add this root directory file to scan list to comprise:
Steps A judges whether this root directory file mates any one in blacklist, is this root directory file to be added in scan list, otherwise execution in step B;
Step B judges whether this root directory file mates any one in the special rules list, is this root directory file to be added in scan list, otherwise execution in step C;
Step C judges whether this root directory file mates any one in the list of cloud query type, is this root directory file to be added in scan list.
Alternatively, the blacklist of described pre-save, special rules list, the list of cloud query type and white list are local the preservation, or for the server end preservation.
Alternatively, the method further comprised before enumerating the root directory file of described movable storage device:
Load scanning logic and realize file;
Realize that by described scanning logic file load preserves the scanning rule file of blacklist, special rules list, the list of cloud query type and white list.
According to another aspect of the present invention, a kind of device that scans movable storage device is provided, wherein, this device comprises: storage unit, scanning element, Safety query unit, security information amending unit and display unit;
Described storage unit is suitable for storing blacklist, special rules list, the list of cloud query type and white list;
described scanning element, be suitable for enumerating the root directory file of described movable storage device, for at least one root directory file of enumerating, judge whether this root directory file mates blacklist in described storage unit or server end, any one in special rules list or the list of cloud query type, this root directory file to be added in scan list, then scan the non-root directory file of described movable storage device, if have with blacklist in the non-root directory file of non-root directory route matching, the non-root directory file with this coupling adds in described scan list,
Described Safety query unit is suitable for that the cloud query type in scan list is sent to server end and carries out Safety query, and the security information correspondence that server end is fed back is saved in scan list;
Described security information amending unit is suitable in the every and described storage unit of scan list or white list server end are mated, and the security information of occurrence is revised as trusted;
Display unit is suitable for the information in the display scan list.
Alternatively, described scanning element, be suitable for that quantity at the root directory file of described movable storage device is less than or when equaling predetermined number, enumerate whole root directory files of described movable storage device, and when being suitable for quantity at the root directory file of described movable storage device more than predetermined number, enumerate the root directory file of the described predetermined number of described movable storage device.
Alternatively, described display unit is further adapted for when comprising hidden file in described scan list, and whether the prompting user shows hidden file, when the user selects to confirm, shows hidden file.
Alternatively, this device further comprises:
The processes and displays unit is suitable for according to user instruction, the item that the safety information table in scan list is shown with risk being carried out respective handling, and after finishing dealing with, result is showed on the user interface of computing machine.
Alternatively, described scanning element, before enumerating the root directory file of described movable storage device, be further adapted for the autorun.inf file that checks in described movable storage device, judge whether the executable file that this autorun.inf file points to exists risk, this executable file to be added in scan list, and the file that stops the self-starting autorun.inf of system file to point to.
Alternatively, described security information amending unit is further adapted for the every of scan list and trusted list is mated, and the security information of occurrence is revised as trusted.
Alternatively, described scanning element is suitable for at least one root directory file of enumerating, judges whether to mate any one in blacklist, special rules list or the list of cloud query type according to following order:
Steps A judges whether this root directory file mates any one in blacklist, is this root directory file to be added in scan list, otherwise execution in step B;
Step B judges whether this root directory file mates any one in the special rules list, is this root directory file to be added in scan list, otherwise execution in step C;
Step C judges whether this root directory file mates any one in the list of cloud query type, is this root directory file to be added in scan list.
According to another fermentation of the present invention, a kind of system that scans movable storage device is provided, wherein, this system comprises: server and one or more device as described in above any one;
Described server is suitable for preserving blacklist, special rules list, the list of cloud query type and white list, for described device inquiry, and is suitable for the Safety query that described device provides the cloud query type.
according to this root directory file of first enumerating movable storage device of the present invention, local or blacklist server end with coupling, the root directory file of any one in special rules list or the list of cloud query type adds in scan list, then scan the non-root directory file of movable storage device, with with blacklist in the non-root directory file of non-root directory route matching add in scan list, cloud query type in scan list is sent to server end carry out Safety query, the security information correspondence of server end feedback is saved in scan list, the white list of the every and pre-save of scan list is mated, the security information of occurrence is revised as trusted, the technical scheme of the information in the display scan list, can be when movable storage device be connected on terminal, movable storage device is scanned, effectively discover and seize risky file, solved thus the problem of the risk file harm terminal security on the movable storage device.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, for can clearer understanding technological means of the present invention, and can be implemented according to the content of instructions, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of drawings
By reading hereinafter detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing only is used for the purpose of preferred implementation is shown, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts with identical reference symbol.In the accompanying drawings:
Fig. 1 shows a kind of according to an embodiment of the invention process flow diagram that scans the method for movable storage device;
Fig. 2 shows the process flow diagram of the method that scans according to an embodiment of the invention movable storage device;
Fig. 3 shows a kind of according to an embodiment of the invention structural drawing that scans the device of movable storage device;
Fig. 4 shows a kind of according to an embodiment of the invention structural drawing that scans the device of movable storage device;
Fig. 5 shows a kind of according to an embodiment of the invention composition schematic diagram that scans the system of movable storage device.
Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings in more detail.Although shown exemplary embodiment of the present disclosure in accompanying drawing, yet should be appreciated that and to realize the disclosure and the embodiment that should do not set forth limits here with various forms.On the contrary, it is in order to understand the disclosure more thoroughly that these embodiment are provided, and can with the scope of the present disclosure complete convey to those skilled in the art.
Fig. 1 shows a kind of according to an embodiment of the invention process flow diagram that scans the method for movable storage device.As shown in Figure 1, the method comprises:
S110, enumerate the root directory file of described movable storage device, for at least one root directory file of enumerating, judging whether this root directory file mates any one in the blacklist of pre-save, special rules list or the list of cloud query type, is this root directory file to be added in scan list.
In one embodiment of the invention, if the quantity of the root directory file of movable storage device is less than or equals predetermined number, enumerate whole root directory files of this movable storage device; If the quantity of the root directory file of this movable storage device more than predetermined number, is enumerated the root directory file of the predetermined number of this movable storage device.This scheme is mainly for the USB flash disk gated sweep time, if the root directory number of files of USB flash disk is very huge, if all scan can expend long time, the user experiences bad, therefore predetermined number can be set, scan at most the root directory file of this predetermined number.For example, present count measures 100, when being less than or when equaling 100, scanning whole root directory files according to catalogue file of USB flash disk, more than 100 the time, only scans 100 root directory files when the root directory file of this USB flash disk.
S120, the non-root directory file of the described movable storage device of scanning, if having with blacklist in the non-root directory file of non-root directory route matching, the non-root directory file with this coupling adds in described scan list.
In one embodiment of the invention, be not subjected to the constraint of quantity of documents when the non-root directory file of scanning, namely no matter how much quantity of non-root directory file is, all scan.
S130 sends to server end with the cloud query type in scan list and carries out Safety query, and the security information correspondence that server end is fed back is saved in scan list.
S140, the white list with every in scan list with pre-save mates, and the security information of occurrence is revised as trusted.
S150, the information in the display scan list.
Wherein, the blacklist of described pre-save, special rules list, the list of cloud query type and white list are local the preservation, or for the server end preservation.
In one embodiment of the invention, blacklist, special rules list, the list of cloud query type and the white list preserved according to this locality carry out scanning shown in Figure 1, and this moment, all in this locality, so sweep velocity was fast due to match information.In another embodiment of the present invention, carry out scanning shown in Figure 1 according to blacklist, special rules list, the list of cloud query type and the white list of server end, namely need to the relevant information of server lookup, this mode can be safeguarded up-to-date blacklist, special rules list, the list of cloud query type and white list at server end, so the accuracy rate of scanning result is very high.
Technical scheme shown in Figure 1 can scan movable storage device when movable storage device is connected on terminal, effectively discovers and seizes risky file, has solved thus the problem of the risk file harm terminal security on the movable storage device.
In an embodiment of the present invention, blacklist refers to confirm as the set of risky file (as virus document, trojan horse program etc.).These risky files can represent with filename.Specified file under assigned catalogue in some cases is risky file, so also can provide filename and path in blacklist.For example, the blacklist in one embodiment of the present of invention can comprise following content:
oso.exe
rising.exe
Here the content that just blacklist is comprised illustrates, and can not as the restriction to blacklist, can rule of thumb all add in blacklist confirming as risky file in actual conditions.
In an embodiment of the present invention, the special rules list is the set that some meet the risky file of special rules.For example, the special rules list in one embodiment of the present of invention can comprise following rule:
(1). whether having usp10.dll/ws2help.dll/msimg32.dll/lpk.dll, if exist, is the PE file, not signature, newspaper poison.
(2). whether have desktop.ini, whether existence and file size between 1024 bytes, exist following character string (case-insensitive) iconfile=recycle.exe in 20 bytes in scanning document, if having report poison.
Here just special rules is illustrated, can not as the restriction to the special rules list, can rule of thumb the special rules that mates the risk file be added in the special rules list in actual conditions.
In an embodiment of the present invention, the list of cloud query type is the set that need to carry out the file of cloud inquiry.The file that need to carry out cloud inquiry is that its security information is indefinite, the file that need to inquire about at server end.
In an embodiment of the present invention, white list refers to confirm as the set of the secure file of devoid of risk.
, specifically scanning logic can be write scanning logic and realize in file when realizing method shown in Figure 1 actual, blacklist, special rules list, the list of cloud query type and white list are write in the scanning rule file.When scanning movable storage device (as USB flash disk), first load scanning logic and realize file, realize that by scanning logic file load preserves the scanning rule file of blacklist, special rules list, the list of cloud query type and white list, then realize that by scanning logic file completes scanning to movable storage device according to the content in the scanning rule file according to method shown in Figure 1.
Fig. 2 shows the process flow diagram of the method that scans according to an embodiment of the invention movable storage device.As shown in Figure 2, the method comprises:
Step S202 checks the autorun.inf file in movable storage device.
Autorun.inf is one of file more common during computer uses, and its effect is certain file that allows automatically to move appointment when double-clicking disk.But the situation with autorun.inf file propagation wooden horse or virus occurred in recent years, it allows target program carry out by user's maloperation, reaches the purpose of invading computer, has brought very large negative effect.
Therefore in this step, check the autorun.inf file in movable storage device, judge whether the executable file that this autorun.inf file points to exists risk, is this executable file to be added in scan list, and the file that stops the self-starting autorun.inf of system file to point to.
Step S204 enumerates the root directory file in movable storage device.
The root directory file that enumerates in movable storage device in this step, for the process of the root directory file execution in step S206 that is enumerated to step S214.
Step S206 judges whether the current root directory file of enumerating mates the blacklist middle term, is execution in step S212, otherwise execution in step S208.
Step S208 judges whether the current root directory file of enumerating mates the item in the special rules list, is execution in step S212, otherwise execution in step S210.
Step S210 judges whether the current root directory file of enumerating mates the item in the list of cloud query type, is execution in step S212, otherwise execution in step S214.
Step S212 adds the root directory file that mates in scan list to.
Step S214 judges whether enumerating of root directory file completes, and is execution in step S216, otherwise returns to step S204.
Step S216 scans the non-root directory file of this movable storage device, if having with blacklist in the non-root directory file of non-root directory route matching, the non-root directory file with this coupling adds in scan list.
For example, movable storage device comprise file recycier system.exe, owing to also comprising this in blacklist, therefore the match is successful, and it is added in scan list.
Step S218 sends to server end with the cloud query type in scan list and carries out Safety query, and the security information correspondence that server end is fed back is saved in scan list.
That coupling cloud query type list every sent to the inquiry that server end carries out security information in this step.
Step S220 mates every and white list and the trusted list of scan list, and the security information of occurrence is revised as trusted.
In this step, content in scan list and white list and trusted list are mated.Wherein, white list can be local the preservation, can be also server end, if the needing to the server lookup white list of server end.The trusted list can be that the user creates, and the user confirms that with some file trusty adds in this list, and follow-up can the renewal this trusted list.
In an embodiment of the present invention, do not limit the every and white list of scan list and the order that the trusted list is mated.Namely every elder generation and the white list in scan list can be mated, then mate with the trusted list, also the every elder generation in scan list and trusted list can be mated, then mate with white list.
Step S222, the information in the display scan list.
In this step with the information display in scan list to the user.Information in scan list comprises filename and corresponding security information.In one embodiment of the invention, can represent security information with safe class, the higher expression risk of safe class is more little safer, otherwise the lower expression risk of safe class is more high more dangerous.The safe class of each is set in blacklist, special rules list or the list of cloud query type, will be with the item of blacklist, special rules list or cloud query type list match insert scan list the time, the safe class of correspondence be also inserted in scan list in the lump.For example, set the higher expression risk of safe class more little safer, and safe class 10 is for being the grade of trusted file, step S220 will, will be modified to 10 with the safe class of the item of white list and user-defined trusted list match.
In this step is followed, can also process hidden file, be specially: if comprise hidden file in scan list, point out the user whether to show hidden file, when the user selects to confirm, show hidden file.
So far, method flow shown in Figure 2 finishes, and has realized the security sweep to movable storage device, effectively discovers and seizes risky file, has solved thus the problem of the risk file harm terminal security on the movable storage device.
In one embodiment of the invention, method shown in Figure 2 can further include after step S222: according to user instruction, the item that the safety information table in scan list is shown with risk is carried out respective handling; After finishing dealing with, result is showed on the user interface of computing machine.Specifically, during information on user interface in the display scan list, the prompting user deletes risky file or the processing such as isolation, if the user sends the instruction that deletion or isolation etc. are processed, according to user instruction, the corresponding content in scan list is deleted or isolation processing, and after finishing dealing with, result is showed the user, as isolate successfully and wait.
Fig. 3 shows a kind of according to an embodiment of the invention structural drawing that scans the device of movable storage device.As shown in Figure 3, this device 300 comprises: storage unit 310, scanning element 320, Safety query unit 330, security information amending unit 340 and display unit 350.
Security information amending unit 340 is suitable in the every and storage unit 310 of scan list or white list server end are mated, and the security information of occurrence is revised as trusted.
Device shown in Figure 3 can scan movable storage device when movable storage device is connected on terminal, effectively discovers and seizes risky file, has solved thus the problem of the risk file harm terminal security on the movable storage device.
Fig. 4 shows a kind of according to an embodiment of the invention structural drawing that scans the device of movable storage device.As shown in Figure 4, this device 400 comprises: storage unit 410, scanning element 420, Safety query unit 430, security information amending unit 440, display unit 450 and processes and displays unit 460.
In one embodiment of the invention, scanning element 420 is suitable for for each root directory file of enumerating, judge whether to mate any one in blacklist, special rules list or the list of cloud query type according to following order: steps A, judge whether this root directory file mates any one in blacklist, this root directory file to be added in scan list, otherwise execution in step B; Step B judges whether this root directory file mates any one in the special rules list, is this root directory file to be added in scan list, otherwise execution in step C; Step C judges whether this root directory file mates any one in the list of cloud query type, is this root directory file to be added in scan list.
In one embodiment of the invention, scanning element 420 is suitable for that quantity at the root directory file of movable storage device is less than or when equaling predetermined number, enumerate whole root directory files of described movable storage device, and when being suitable for quantity at the root directory file of movable storage device more than predetermined number, enumerate the root directory file of the described predetermined number of movable storage device.For example, described predetermined number desirable 100.
In one embodiment of the invention, scanning element 420 can also be before enumerating the root directory file of movable storage device, be further adapted for the autorun.inf file that checks in this movable storage device, judge whether the executable file that this autorun.inf file points to exists risk, this executable file to be added in scan list, and the file that stops the self-starting autorun.inf of system file to point to.
Security information amending unit 440 is suitable in the every and storage unit 410 of scan list or white list server end are mated, and the security information of occurrence is revised as trusted.
In one embodiment of the invention, security information amending unit 440 can also be further adapted for the every of scan list and trusted list are mated, and the security information of occurrence is revised as trusted.
Processes and displays unit 460 is suitable for according to user instruction, the item that the safety information table in scan list is shown with risk being carried out respective handling, and after finishing dealing with, result is showed on the user interface of computing machine.
Fig. 5 shows a kind of according to an embodiment of the invention composition schematic diagram that scans the system of movable storage device.As shown in Figure 5, this system comprises: the device 502 of server 501 and one or more scanning movable storage devices.
Wherein, the device 502 of scanning movable storage device is the device 300 for as shown in Figure 3 scanning movable storage device, can be also perhaps the device 400 of scanning movable storage device as shown in Figure 4.Server 501 is suitable for preserving blacklist, special rules list, the list of cloud query type and white list, for device 502 inquiries of scanning movable storage device, and is suitable for the Safety query that the device 502 that scans movable storage device provides the cloud query type.
in sum, according to this root directory file of first enumerating movable storage device of the present invention, local or blacklist server end with coupling, the root directory file of any one in special rules list or the list of cloud query type adds in scan list, then scan the non-root directory file of movable storage device, with with blacklist in the non-root directory file of non-root directory route matching add in scan list, cloud query type in scan list is sent to server end carry out Safety query, the security information correspondence of server end feedback is saved in scan list, the white list of the every and pre-save of scan list is mated, the security information of occurrence is revised as trusted, the technical scheme of the information in the display scan list, can be when movable storage device be connected on terminal, movable storage device is scanned, effectively discover and seize risky file, solved thus the problem of the risk file harm terminal security on the movable storage device.
Need to prove:
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with demonstration at this algorithm that provides.Various general-purpose systems also can with based on using together with this teaching.According to top description, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also for any certain programmed language.Should be understood that and to utilize various programming languages to realize content of the present invention described here, and the top description that language-specific is done is in order to disclose preferred forms of the present invention.
In the instructions that provides herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can be in the situation that do not have these details to put into practice.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the description to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes in the above.Yet the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires the more feature of feature clearly put down in writing than institute in each claim.Or rather, as following claims reflected, inventive aspect was to be less than all features of the disclosed single embodiment in front.Therefore, follow claims of embodiment and incorporate clearly thus this embodiment into, wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can adaptively change and they are arranged in one or more equipment different from this embodiment the module in the equipment in embodiment.Can be combined into a module or unit or assembly to the module in embodiment or unit or assembly, and can put them into a plurality of submodules or subelement or sub-component in addition.At least some in such feature and/or process or unit are mutually repelling, and can adopt any combination to disclosed all features in this instructions (comprising claim, summary and the accompanying drawing followed) and so all processes or the unit of disclosed any method or equipment make up.Unless clearly statement in addition, in this instructions (comprising claim, summary and the accompanying drawing followed), disclosed each feature can be by providing identical, being equal to or the alternative features of similar purpose replaces.
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature rather than further feature included in other embodiment, the combination of the feature of different embodiment mean be in scope of the present invention within and form different embodiment.For example, in the following claims, the one of any of embodiment required for protection can be used with array mode arbitrarily.
All parts embodiment of the present invention can realize with hardware, perhaps realizes with the software module of moving on one or more processor, and perhaps the combination with them realizes.It will be understood by those of skill in the art that and to use in practice microprocessor or digital signal processor (DSP) to realize according to the device of the scanning movable storage device of the embodiment of the present invention and some or all some or repertoire of parts in system.The present invention can also be embodied as be used to part or all equipment or the device program (for example, computer program and computer program) of carrying out method as described herein.The program of the present invention that realizes like this can be stored on computer-readable medium, perhaps can have the form of one or more signal.Such signal can be downloaded from internet website and obtain, and perhaps provides on carrier signal, perhaps provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation that do not break away from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed in element or step in claim.Being positioned at word " " before element or " one " does not get rid of and has a plurality of such elements.The present invention can realize by means of the hardware that includes some different elements and by means of the computing machine of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to come imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title with these word explanations.
Claims (17)
1. method that scans movable storage device, wherein, the method comprises:
Enumerate the root directory file of described movable storage device, for at least one root directory file of enumerating, judging whether this root directory file mates any one in the blacklist of pre-save, special rules list or the list of cloud query type, is this root directory file to be added in scan list;
Scan the non-root directory file of described movable storage device, if having with blacklist in the non-root directory file of non-root directory route matching, the non-root directory file with this coupling adds in described scan list;
Cloud query type in scan list is sent to server end carry out Safety query, the security information correspondence that server end is fed back is saved in scan list;
White list with every in scan list with pre-save mates, and the security information of occurrence is revised as trusted;
Information in the display scan list.
2. the root directory file of the method for claim 1, wherein enumerating described movable storage device comprises:
If the quantity of the root directory file of described movable storage device is less than or equals predetermined number, enumerate whole root directory files of described movable storage device;
If the quantity of the root directory file of described movable storage device more than predetermined number, is enumerated the root directory file of the described predetermined number of described movable storage device.
3. the method for claim 1, wherein the information in described display scan list comprises:
If comprise hidden file in scan list, point out the user whether to show hidden file, when the user selects to confirm, show hidden file.
4. the method for claim 1, wherein after the information in described display scan list, the method further comprises:
According to user instruction, the item that the safety information table in scan list is shown with risk is carried out respective handling;
After finishing dealing with, result is showed on the user interface of computing machine.
5. the method for claim 1, wherein before the described root directory file of enumerating described movable storage device, the method further comprises:
Check the autorun.inf file in described movable storage device, judge whether the executable file that this autorun.inf file points to exists risk, this executable file to be added in scan list, and the file that stops the self-starting autorun.inf of system file to point to.
6. the method for claim 1, wherein before the information in described display scan list, the method further comprises:
The every of scan list and trusted list are mated, the security information of occurrence is revised as trusted.
7. the method for claim 1, wherein, described at least one root directory file for enumerating, judge whether this root directory file mates any one in the blacklist of pre-save, special rules list or the list of cloud query type, is to add this root directory file to scan list to comprise:
Steps A judges whether this root directory file mates any one in blacklist, is this root directory file to be added in scan list, otherwise execution in step B;
Step B judges whether this root directory file mates any one in the special rules list, is this root directory file to be added in scan list, otherwise execution in step C;
Step C judges whether this root directory file mates any one in the list of cloud query type, is this root directory file to be added in scan list.
8. method as described in any one in claim 1 to 7, wherein, the blacklist of described pre-save, special rules list, the list of cloud query type and white list are local the preservation, or for the server end preservation.
9. method as described in any one in claim 1 to 7, wherein, the method further comprised before enumerating the root directory file of described movable storage device:
Load scanning logic and realize file;
Realize that by described scanning logic file load preserves the scanning rule file of blacklist, special rules list, the list of cloud query type and white list.
10. device that scans movable storage device, wherein, this device comprises: storage unit, scanning element, Safety query unit, security information amending unit and display unit;
Described storage unit is suitable for storing blacklist, special rules list, the list of cloud query type and white list;
described scanning element, be suitable for enumerating the root directory file of described movable storage device, for at least one root directory file of enumerating, judge whether this root directory file mates blacklist in described storage unit or server end, any one in special rules list or the list of cloud query type, this root directory file to be added in scan list, then scan the non-root directory file of described movable storage device, if have with blacklist in the non-root directory file of non-root directory route matching, the non-root directory file with this coupling adds in described scan list,
Described Safety query unit is suitable for that the cloud query type in scan list is sent to server end and carries out Safety query, and the security information correspondence that server end is fed back is saved in scan list;
Described security information amending unit is suitable in the every and described storage unit of scan list or white list server end are mated, and the security information of occurrence is revised as trusted;
Display unit is suitable for the information in the display scan list.
11. device as claimed in claim 10, wherein,
Described scanning element, be suitable for that quantity at the root directory file of described movable storage device is less than or when equaling predetermined number, enumerate whole root directory files of described movable storage device, and when being suitable for quantity at the root directory file of described movable storage device more than predetermined number, enumerate the root directory file of the described predetermined number of described movable storage device.
12. device as claimed in claim 10, wherein,
Described display unit is further adapted for when comprising hidden file in described scan list, and whether the prompting user shows hidden file, when the user selects to confirm, shows hidden file.
13. device as claimed in claim 10, wherein, this device further comprises:
The processes and displays unit is suitable for according to user instruction, the item that the safety information table in scan list is shown with risk being carried out respective handling, and after finishing dealing with, result is showed on the user interface of computing machine.
14. device as claimed in claim 10, wherein,
Described scanning element, before enumerating the root directory file of described movable storage device, be further adapted for the autorun.inf file that checks in described movable storage device, judge whether the executable file that this autorun.inf file points to exists risk, this executable file to be added in scan list, and the file that stops the self-starting autorun.inf of system file to point to.
15. device as claimed in claim 10, wherein,
Described security information amending unit is further adapted for the every of scan list and trusted list is mated, and the security information of occurrence is revised as trusted.
16. device as claimed in claim 10, wherein, described scanning element is suitable for at least one root directory file of enumerating, judges whether to mate any one in blacklist, special rules list or the list of cloud query type according to following order:
Steps A judges whether this root directory file mates any one in blacklist, is this root directory file to be added in scan list, otherwise execution in step B;
Step B judges whether this root directory file mates any one in the special rules list, is this root directory file to be added in scan list, otherwise execution in step C;
Step C judges whether this root directory file mates any one in the list of cloud query type, is this root directory file to be added in scan list.
17. a system that scans movable storage device, wherein, this system comprises: server and one or more device as described in any one in claim 10 to 16;
Described server is suitable for preserving blacklist, special rules list, the list of cloud query type and white list, for described device inquiry, and is suitable for the Safety query that described device provides the cloud query type.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310020638.7A CN103093145B (en) | 2013-01-18 | 2013-01-18 | A kind of methods, devices and systems scanning movable storage device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310020638.7A CN103093145B (en) | 2013-01-18 | 2013-01-18 | A kind of methods, devices and systems scanning movable storage device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103093145A true CN103093145A (en) | 2013-05-08 |
| CN103093145B CN103093145B (en) | 2016-01-13 |
Family
ID=48205701
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310020638.7A Active CN103093145B (en) | 2013-01-18 | 2013-01-18 | A kind of methods, devices and systems scanning movable storage device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103093145B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103617392A (en) * | 2013-11-22 | 2014-03-05 | 北京奇虎科技有限公司 | Method and device for safety scanning external storage device of smart terminal |
| CN103646669A (en) * | 2013-11-29 | 2014-03-19 | 北京奇虎科技有限公司 | Method and device for detecting reliability of removable storage device |
| CN103677668A (en) * | 2013-11-29 | 2014-03-26 | 北京奇虎科技有限公司 | Method and device for detecting mobile storage equipment |
| CN104778222A (en) * | 2015-03-23 | 2015-07-15 | 四川长虹电器股份有限公司 | Media library establishing and updating method on basis of USB (Universal Serial Bus) storage equipment |
| CN107025281A (en) * | 2017-03-31 | 2017-08-08 | 上海斐讯数据通信技术有限公司 | A kind of file management method of Intelligent worn device, module and system |
| CN110795403A (en) * | 2019-10-31 | 2020-02-14 | 北京永亚普信科技有限责任公司 | File arrival scanning optimization method for polling mechanism |
| CN110826068A (en) * | 2019-11-01 | 2020-02-21 | 海南车智易通信息技术有限公司 | Safety detection method and safety detection system |
| CN111367819A (en) * | 2020-03-30 | 2020-07-03 | 中国建设银行股份有限公司 | Code scanning and filtering method and device |
| CN111881305A (en) * | 2020-06-23 | 2020-11-03 | 上海博泰悦臻电子设备制造有限公司 | Scanning method and related equipment |
| WO2021217652A1 (en) * | 2020-04-30 | 2021-11-04 | 西门子股份公司 | Method and apparatus for controlling mobile storage device, and computer-readable medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100017877A1 (en) * | 2008-06-23 | 2010-01-21 | Symantec Corporation | Methods and systems for determining file classifications |
| CN101706851A (en) * | 2009-11-03 | 2010-05-12 | 广州广电运通金融电子股份有限公司 | Method and system for controlling process of self-help terminal |
| CN101923609A (en) * | 2009-06-09 | 2010-12-22 | 深圳市联软科技有限公司 | Computer network security protection method and system |
| CN102279917A (en) * | 2011-09-19 | 2011-12-14 | 奇智软件(北京)有限公司 | Multi-antivirus engine parallel antivirus method and system |
| CN102346827A (en) * | 2011-09-19 | 2012-02-08 | 奇智软件(北京)有限公司 | Method and device for handling computer viruses |
| CN102629403A (en) * | 2012-03-14 | 2012-08-08 | 深圳市紫金支点技术股份有限公司 | USB (Universal Serial Bus) flash disk authorization method and system based on ATM (Automatic Teller Machine) equipment |
-
2013
- 2013-01-18 CN CN201310020638.7A patent/CN103093145B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100017877A1 (en) * | 2008-06-23 | 2010-01-21 | Symantec Corporation | Methods and systems for determining file classifications |
| CN101923609A (en) * | 2009-06-09 | 2010-12-22 | 深圳市联软科技有限公司 | Computer network security protection method and system |
| CN101706851A (en) * | 2009-11-03 | 2010-05-12 | 广州广电运通金融电子股份有限公司 | Method and system for controlling process of self-help terminal |
| CN102279917A (en) * | 2011-09-19 | 2011-12-14 | 奇智软件(北京)有限公司 | Multi-antivirus engine parallel antivirus method and system |
| CN102346827A (en) * | 2011-09-19 | 2012-02-08 | 奇智软件(北京)有限公司 | Method and device for handling computer viruses |
| CN102629403A (en) * | 2012-03-14 | 2012-08-08 | 深圳市紫金支点技术股份有限公司 | USB (Universal Serial Bus) flash disk authorization method and system based on ATM (Automatic Teller Machine) equipment |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103617392A (en) * | 2013-11-22 | 2014-03-05 | 北京奇虎科技有限公司 | Method and device for safety scanning external storage device of smart terminal |
| CN103617392B (en) * | 2013-11-22 | 2017-02-01 | 北京奇虎科技有限公司 | Method and device for safety scanning external storage device of smart terminal |
| CN103646669A (en) * | 2013-11-29 | 2014-03-19 | 北京奇虎科技有限公司 | Method and device for detecting reliability of removable storage device |
| CN103677668A (en) * | 2013-11-29 | 2014-03-26 | 北京奇虎科技有限公司 | Method and device for detecting mobile storage equipment |
| CN103677668B (en) * | 2013-11-29 | 2017-04-05 | 北京奇虎科技有限公司 | A kind of method and device of movable storage device detection |
| CN104778222A (en) * | 2015-03-23 | 2015-07-15 | 四川长虹电器股份有限公司 | Media library establishing and updating method on basis of USB (Universal Serial Bus) storage equipment |
| CN104778222B (en) * | 2015-03-23 | 2017-12-05 | 四川长虹电器股份有限公司 | Media library based on USB storage device is established and update method |
| CN107025281A (en) * | 2017-03-31 | 2017-08-08 | 上海斐讯数据通信技术有限公司 | A kind of file management method of Intelligent worn device, module and system |
| CN110795403A (en) * | 2019-10-31 | 2020-02-14 | 北京永亚普信科技有限责任公司 | File arrival scanning optimization method for polling mechanism |
| CN110795403B (en) * | 2019-10-31 | 2022-03-11 | 北京永亚普信科技有限责任公司 | File arrival scanning optimization method for polling mechanism |
| CN110826068A (en) * | 2019-11-01 | 2020-02-21 | 海南车智易通信息技术有限公司 | Safety detection method and safety detection system |
| CN110826068B (en) * | 2019-11-01 | 2022-03-18 | 海南车智易通信息技术有限公司 | Safety detection method and safety detection system |
| CN111367819A (en) * | 2020-03-30 | 2020-07-03 | 中国建设银行股份有限公司 | Code scanning and filtering method and device |
| WO2021217652A1 (en) * | 2020-04-30 | 2021-11-04 | 西门子股份公司 | Method and apparatus for controlling mobile storage device, and computer-readable medium |
| US11880459B2 (en) | 2020-04-30 | 2024-01-23 | Siemens Aktiengesellschaft | Method and apparatus for controlling mobile storage device, and computer-readable medium |
| CN111881305A (en) * | 2020-06-23 | 2020-11-03 | 上海博泰悦臻电子设备制造有限公司 | Scanning method and related equipment |
| CN111881305B (en) * | 2020-06-23 | 2024-03-01 | 博泰车联网科技(上海)股份有限公司 | Scanning method and related equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103093145B (en) | 2016-01-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103093145A (en) | Method and device and system for scanning mobile storage device | |
| US20180113862A1 (en) | Method and System for Electronic Document Version Tracking and Comparison | |
| JP5816198B2 (en) | System and method for sharing the results of computing operations between related computing systems | |
| EP2831798B1 (en) | Systems and methods for using property tables to perform non-iterative malware scans | |
| US20120017276A1 (en) | System and method of identifying and removing malware on a computer system | |
| CN102867147B (en) | A kind of method and apparatus of file scan | |
| CN102982284A (en) | Scanning equipment, cloud management equipment and method and system used for malicious program checking and killing | |
| CN103281325A (en) | Method and device for processing file based on cloud security | |
| US10191838B2 (en) | Method and device for checking influence of deleting cache file, and mobile terminal | |
| CN103019778A (en) | Startups cleaning method and device | |
| JP2019518298A (en) | Virus detection technology benchmarking | |
| EP2998902B1 (en) | Method and apparatus for processing file | |
| CN103034808A (en) | Scanning method, equipment and system and cloud management method and equipment | |
| CN103631904A (en) | System and method for selecting synchronous or asynchronous file access method during antivirus analysis | |
| US8448243B1 (en) | Systems and methods for detecting unknown malware in an executable file | |
| CN104143069A (en) | Method and system for protecting system file | |
| US10229267B2 (en) | Method and device for virus identification, nonvolatile storage medium, and device | |
| CN102982281A (en) | Program condition detecting method and system | |
| CN103559447A (en) | Detection method, detection device and detection system based on virus sample characteristics | |
| US7284273B1 (en) | Fuzzy scanning system and method | |
| CN103679027A (en) | Searching and killing method and device for kernel level malware | |
| US20210165904A1 (en) | Data loss prevention | |
| CN102902925A (en) | Infected file processing method and system | |
| CN102999722A (en) | File detecting system | |
| US8352438B1 (en) | Systems and methods for contextual evaluation of files for use in file restoration |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220725 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |