CN103310154B - The method, apparatus and system that information security processes - Google Patents
The method, apparatus and system that information security processes Download PDFInfo
- Publication number
- CN103310154B CN103310154B CN201310218989.9A CN201310218989A CN103310154B CN 103310154 B CN103310154 B CN 103310154B CN 201310218989 A CN201310218989 A CN 201310218989A CN 103310154 B CN103310154 B CN 103310154B
- Authority
- CN
- China
- Prior art keywords
- file
- information
- client
- server end
- virus document
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses the method, apparatus and system that a kind of information security processes, belong to field of information security technology.Described method includes: when client executing file scan, obtains the information list to be collected that server end issues;Information according to the file included in the local corresponding software of information list to be collected collection;By the information reporting of file that collects to server end, make server end that the information of the file that all clients received report to be screened by preset rules, and according to the data synchronization updating back-end data screened, back-end data is for repairing the virus document in client.Server end of the present invention is by gathering the information of file from client, upgrade in time back-end data, it is thus achieved that the information of recent software, so after this software installed in certain client is destroyed, just in time it can be repaired, thus improve the repair ability of fail-safe software.
Description
Technical field
The present invention relates to field of information security technology, a kind of process particularly to information security method, equipment
And system.
Background technology
Along with the development of the Internet, various application are arisen at the historic moment, user can download on the internet various from
The application that oneself is interested, and it is installed in this locality.But some malicious attacker, can be implanted to virus
In application on the Internet, when this application of terminal downloads, virus will be invaded along with the installation of application
In terminal, other application in terminal is possible to be destroyed by the virus, thus can not use.So how
Could repair destroyed application is the problem needing in prior art to solve.
The most a lot of fail-safe softwares are the method that terminal provides that application is repaired, the operation of the Internet security software
Business collects existing application message, and after terminal installs this fail-safe software, fail-safe software is to the application in terminal
It is monitored, if it find that there is destroyed application, then according to the software information prestored to destroyed
Application is repaired.
During realizing the present invention, inventor finds that prior art at least there is problems in that
Application update on the Internet, than very fast, collects the letter of current application by fail-safe software operator
Breath, efficiency comparison is low, it is impossible to upgrade in time current emerging application message, the most once has emerging
Application is infracting by virus, and owing to not having this information applied, cannot repair it in time, thus
Reduce the repair ability of this fail-safe software.
Summary of the invention
In order to improve the repair ability to application of fail-safe software, the embodiment of the present invention provides a kind of information
The method, apparatus and system of safe handling.Described technical scheme is as follows:
On the one hand, it is provided that a kind of method that information security processes, described method includes:
When client executing file scan, obtain the information list to be collected that server end issues;
Instruction according to described information list to be collected gathers the letter of the file included in local corresponding software
Breath;
By the information reporting of the described described file collected to described server end, make described server end pair
The information of the file that all clients received report is screened by preset rules, and according to described screening
Data synchronization updating back-end data out, described back-end data is for the virus document in described client
Repair.
On the other hand, it is provided that a kind of method that information security processes, described method includes:
Server end issues information list to be collected to multiple in the client performing file scan, makes described visitor
Family end gathers the file included in described client corresponding software according to the instruction of described information list to be collected
Information;
Receive the information of the file that described each client reports;
The information of the file that the described all clients received report is screened by preset rules, and root
According to the described data synchronization updating back-end data screened, described back-end data is in described client
Virus document repair.
On the other hand, additionally providing a kind of client, described client includes:
Acquisition module, for when client executing file scan, obtains the letter to be collected that server end issues
Breath list;
Acquisition module, for being wrapped according in instruction collection this locality corresponding software of described information list to be collected
The information of the file contained;
Reporting module, is used for the information reporting of the described described file collected to described server end, makes
The information of the file that all clients received report is screened by described server end by preset rules,
And according to the described data synchronization updating back-end data screened, described back-end data is for described client
Virus document in end is repaired.
On the other hand, additionally providing a kind of server end, described server end includes:
Issue module, issue to be collected information to multiple in the client performing file scan for server end
List, makes described client gather described client corresponding software according to the instruction of described information list to be collected
Included in the information of file;
Receiver module, for receiving the information of the file that described each client reports;
Synchronization module, the information to the file that the described all clients received report that is used for is by preset rules
Screen, and according to the described data synchronization updating back-end data screened, described back-end data is used for
Virus document in described client is repaired.
On the other hand, additionally providing the system that a kind of information security processes, described system includes: as mentioned above
Client and server end as above.
The technical scheme that the embodiment of the present invention provides has the benefit that server end passes through from client
The information of upper collection file, upgrade in time back-end data, it is thus achieved that the information of recent software, so as certain visitor
After this software installed on the end of family is destroyed, owing to server end stores the information of this software, it becomes possible to and
Time it is repaired, thus improve the repair ability of fail-safe software.Due to the data of server end be from
Collect in each client, so include the most all popular popular softwares, so using this
Method repair coverage in embodiment is relatively wider, and repairing object is all abnormal documents, including infection type and misfortune
Hold type, support the most popular all popular softwares, can directly use after software reparation, eliminate weight
Newly installed cost;On the other hand, in repair process, simply virus document is replaced with secure file, do not have
Have the software to virus document place to reset so that it is higher to repair degree of accuracy, file after reparation and
Original document is completely the same, and highly versatile: do not fear any virus mutation, as long as can recognize that danger
File is all supported to repair.
Accompanying drawing explanation
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, institute in embodiment being described below
The accompanying drawing used is needed to be briefly described, it should be apparent that, the accompanying drawing in describing below is only the present invention
Some embodiments, for those of ordinary skill in the art, on the premise of not paying creative work,
Other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the method flow diagram that a kind of information security provided in the embodiment of the present invention one processes;
Fig. 2 is the method flow diagram that a kind of information security provided in the embodiment of the present invention two processes;
Fig. 3 is the method flow diagram that a kind of information security provided in the embodiment of the present invention three processes;
Fig. 4 is the method flow diagram that a kind of information security provided in the embodiment of the present invention four processes;
Fig. 5 is the schematic diagram of a kind of client provided in the embodiment of the present invention five;
Fig. 6 is the schematic diagram of the another kind of client provided in the embodiment of the present invention five;
Fig. 7 is the schematic diagram of a kind of server end provided in the embodiment of the present invention six;
Fig. 8 is the schematic diagram of the another kind of server end provided in the embodiment of the present invention six;
Fig. 9 is the application scenarios schematic diagram that a kind of information security provided in the embodiment of the present invention six processes;
Figure 10 is the system schematic that a kind of information security provided in the embodiment of the present invention seven processes.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearer, below in conjunction with accompanying drawing to the present invention
Embodiment is described in further detail.
Embodiment one
See Fig. 1, the present embodiment provides a kind of method that information security processes, including:
101, when client executing file scan, the information list to be collected that server end issues is obtained;
102, file included in local corresponding software is gathered according to the instruction of described information list to be collected
Information;
103, by the information reporting of the described described file collected to server end, described server end pair is made
The information of the file that all clients received report is screened by preset rules, and according to described screening
Data synchronization updating back-end data out, described back-end data is for the virus document in described client
Repair.
In another embodiment, the information list to be collected that described acquisition server end issues, including:
Send inquiry request to server end, described inquiry request be used for asking for instructions described server end the need of
Gather the information of Current software;
Receiving the query-response that described server end returns, described query-response includes information list to be collected.
In another embodiment, described before server end sends inquiry request, also include:
Judge that the user of the described client information gathering whether to server end is authorized, if it is,
Then continuing executing with the step sending inquiry request to server end, otherwise stopping sending inquiry to server end please
Ask.
In another embodiment, the information of described file includes but not limited to following one or more: file
The title of the software at place, filename, FileVersion, file size, file signature information, file place
The version of software, file MD5(Message Digest Algorithm5, Message Digest Algorithm 5)
And the GUID(Globally Unique Identifier of described client, GUID).
In another embodiment, described method also includes:
When finding virus document during described client scan, detect whether described virus document is to prop up
Hold the file of reparation, if it is, obtain the back-end data of described server end corresponding to described virus document,
And according to the back-end data of described server end, described virus document is repaired.
In another embodiment, whether the described virus document of described detection is the file supporting to repair, including:
Detect whether described virus document place catalogue is the popular software installation directory supporting to repair, if it is,
Then confirm that described virus document is the file supporting to repair, otherwise confirm that described virus document is not to support to repair
File, by described virus document delete or remove infected fragment in described virus document.
In another embodiment, the back-end data of the described server end that the described virus document of described acquisition is corresponding,
And according to the back-end data of described server end, described virus document is repaired, including:
The information of described virus document is sent to described server end;
When receive that described server end returns with the fileinfo of the information match of described virus document time,
Download the secure file corresponding with described virus document according to the described fileinfo matched, and use described peace
Whole file replaces described virus document, described in the fileinfo that matches include: the MD5 of described secure file
Download address information with described secure file.
In another embodiment, described method also includes:
When the file not having the information match with described virus document receiving the return of described server end is believed
During breath, described virus document is deleted or removes infected fragment in described virus document.
The beneficial effect of the present embodiment includes: server end passes through to gather the information of file from client, and
Shi Gengxin back-end data, it is thus achieved that the information of recent software, so when this software quilt installed in certain client
After destruction, owing to server end stores the information of this software, it becomes possible in time it is repaired, thus
Improve the repair ability of fail-safe software.
Embodiment two
See Fig. 2, the embodiment of the present invention provides a kind of method that information security processes, including:
201, server end issues information list to be collected to multiple in the client performing file scan, makes institute
State client to gather included in described client corresponding software according to the instruction of described information list to be collected
The information of file;
202, the information of the file that described each client reports is received;
203, the information of the file that the described all clients received report is screened by preset rules,
And according to the described data synchronization updating back-end data screened, described back-end data is for described client
Virus document in end is repaired.
In another embodiment, described server end issues to multiple clients at execution file scan and waits to adopt
Collection information list, including:
The inquiry request that the multiple client of received server-side sends when performing file scan, described inquiry please
Ask for asking described server end for instructions the need of the information gathering Current software;
Returning query-response to the plurality of client, described query-response includes information list to be collected.
In another embodiment, the information of described file includes but not limited to following one or more: file
The title of the software at place, filename, FileVersion, file size, file signature information, file place
The GUID GUID of the version of software, file MD5 and described client.
In another embodiment, the described information to the file that the described all clients received report is by advance
If rule is screened, and according to the described data synchronization updating back-end data screened, including:
Every Preset Time, the information of the file that the described all clients received report is screened, will
In the information of the file of described all client upload in addition to the GUID of client, out of Memory is consistent
Record accumulative total more than the first preset value document screening out;
The file that described accumulative total is maximum is selected in the described file screened;
When the file that described accumulative total is maximum accounts for all the second preset values reporting ratio, and described file is peace
During whole file, by described file synchronization to back-end data.
In another embodiment, described by after in described file synchronization to back-end data, also include:
Obtain the MD5 of described file;
MD5 according to described file obtains the secure file that described file is corresponding, and the described safety of corresponding storage
File.
In another embodiment, described method also includes:
Receive the information of the virus document that any client sends in the plurality of client;
The information of described virus document is matched with described back-end data;
When described back-end data has the fileinfo matched with described virus document, match described
Fileinfo be sent to described any client, make described any client according to described in the file that matches
Information downloads the secure file corresponding with described virus document, and replaces described virus literary composition with described secure file
Part, wherein, described in the fileinfo that matches include: the MD5 of described secure file and described secure file
Download address information.
The beneficial effect of the present embodiment includes: server end passes through to gather the information of file from client, and
Shi Gengxin back-end data, it is thus achieved that the information of recent software, so when this software quilt installed in certain client
After destruction, owing to server end stores the information of this software, it becomes possible in time it is repaired, thus
Improve the repair ability of fail-safe software.
Embodiment three
Providing a kind of method that information security processes in the embodiment of the present invention, in the present embodiment, server end can
Can carry out information with multiple clients mutual, the client being previously mentioned in the present embodiment includes and server simultaneously
Any one client that end interacts, other clients are similar, to this with the execution flow process of this client
The present embodiment repeats no more.In the present embodiment, in order to realize the reparation to client file, by gathering
The information of the file in client, establishes background data base beyond the clouds, when the file quilt in certain client
During destruction, it is possible to corrupted file is repaired by the back-end data utilizing server end to safeguard.See Fig. 3,
Method flow includes:
301, when client executing file scan, it is judged that whether the user of described client is to server end
Information gathering is authorized, if it is, perform step 302, otherwise stops sending inquiry to server end
Request.
In this step, client is mounted with preset security software, in order to ensure the right of privacy of user and know the inside story
Power, this fail-safe software can gather the fileinfo in this client after authorized.Concrete, when with
When family triggering client carries out file scan, first check whether the user of this client adds appointment plan,
If it is, confirm that the information gathering of server end is authorized by this client user, client is permissible
Continue executing with collecting flowchart, if the user of this client does not add implement plan, then confirm this client
User's not information gathering to server end authorizes, and server end cannot obtain the literary composition in this client
Part information.Wherein, it is intended that plan includes but not limited to the cloud killing plan that operator initiates.
What deserves to be explained is, in order to improve user's experience sense to preset security software, in the present embodiment preferably
Ground, when gathering the information of client, first confirms whether user is authorized server end, certainly,
In order to ensure the safety of client-side information, it is also possible to default setting server end can gather the letter of client
Breath, without the mandate of client user, in this present embodiment and be not specifically limited.
Certainly, the present embodiment preferably carries out information gathering when client executing file scan, certainly
Can also trigger message collection by other means, such as, server end and client were carried out by the designated time
Information gathering, is not specifically limited in this present embodiment.
302, client sends inquiry request, and described inquiry request is used for asking described server for instructions
Hold the need of the information gathering Current software.
In this step, in order to save the electricity of client, the method not taking Real-time Collection client-side information,
But after the mandate obtaining client user, first inquire about server end the need of gather Current software
Information, if server end needs collection information, perform collecting flowchart the most again, be not acquired,
Thus save the power consumption of client.
303, the inquiry request that received server-side client sends, and return query-response to client.
In this step, when the inquiry of received server-side to client is asked, if needing collection information,
In query-response, then carry information list to be collected, if need not collection information, then in query-response
Return the instruction that need not gather, as returned sky, then it represents that need not collection information.Wherein, specifically with what
The mode of kind indicates client need not in collection information the present embodiment and be not specifically limited.
In this step, information list to be collected is for determining that under certain software version, certain filename is corresponding just
Really which file is, it includes but not limited to one or more information: the title of software to be collected,
Filename, FileVersion, file size, file signature information, the version of software, file MD5 and institute
State the GUID GUID etc. of client.Wherein, client is according to the finger of information list to be collected
Show and the corresponding software in client is carried out information gathering.
In this step, server end may and interact between multiple client simultaneously, askes each transmission
Ask that the client of information will return query-response information, but the content of its query-response information can be not
With, in this present embodiment and be not specifically limited.
304, client receives the query-response that described server end returns, and described query-response includes to be collected
Information list.
Wherein, step 302-304 is specifically to perform client to obtain the information list to be collected that server end issues
Flow process, this flow process initiated by client, and it is to be collected that certain client obtains that server end issues
The method of information list is also not necessarily limited to this, such as client and server real-time Communication for Power, when server end finds
Client when carrying out file scan, then directly issues information list to be collected to client, to this this enforcement
In example and be not specifically limited.
305, client is according to the file included in the local corresponding software of described information list to be collected collection
Information, and by the information reporting of the described file collected to server end.
In this step, client is after getting information list to be collected, according to the instruction of this list to client
The information of the file included in corresponding software in end, wherein, corresponding software in client
Refer to need the software of collection information.Concrete, client is when performing file scan, it is judged that Current Scan
To software whether in information list to be collected, if it is, this software is carried out information gathering, if
No, then need not this software is acquired.Wherein, the information of file includes but not limited to following one
Or multiple: the title of the software at file place, filename, FileVersion, file size, file signature are believed
Breath, the version of software at file place, file MD5 and the GUID GUID of described client
Deng.Wherein, the concrete method gathered similarly to the prior art, repeats no more in this present embodiment.
306, the information of the file that all clients received report is sieved by server end by preset rules
Choosing, and according to the data synchronization updating back-end data screened, described back-end data is for described client
Virus document in end is repaired.
In this step, server end carries out pretreatment to the information of the file that all clients received report,
To update back-end data.Preferably, to the information of the file that the described all clients received report by advance
If rule is screened, and according to the described data synchronization updating back-end data screened, including:
Every Preset Time, the information of the file that the described all clients received report is screened, will
In the information of the file of described all client upload in addition to the GUID of client, out of Memory is consistent
Record accumulative total more than the first preset value document screening out;
The file that described accumulative total is maximum is selected in the described file screened;
When the file that described accumulative total is maximum accounts for all the second preset values reporting ratio, and described file is peace
During whole file, by described file synchronization to back-end data.
Such as, synchronizing every 6 hours information to collecting, the information wherein synchronized meets: a. removes
Outside user GUID, the consistent record accumulative total of remaining full detail have to be larger than 1000, and selects cumulative amount
Maximum file synchronizes;B. the file that cumulative amount is maximum accounts for and reports record ratio to must be over 50%, with
Prevent junk data from entering software information inquiry storehouse;C. the safe class of the file that cumulative amount is maximum is necessary for white,
It is safe to guarantee the fileinfo synchronized.Preset security software in the present embodiment, protects at server end
Deposit a huge library of data volume, this document storehouse contains the file of user's overwhelming majority, Mei Gewen
Part has a security level attributes, and grade generally can be divided into from low to high: black, unknown and white, Ke Yixiang
The safe class of each file of this document library inquiry.
In the present embodiment, server end collects the information of the file in multiple client dynamically, to update cloud
The back-end data of end storage, when so having new software to occur, server end can get new soft timely
The information of part, if this software goes wrong when follow-up operation, utilizes the back-end data just can be in time to it
Repair, thus improve the repair ability of fail-safe software.
307, obtain the MD5 of described file, obtain, according to the MD5 of described file, the peace that described file is corresponding
Whole file, and the described secure file of corresponding storage.
In this step, after filtering out the file needing to synchronize, obtain the MD5 of this document, and according to this article
The MD5 of part mates in white library, by corresponding file synchronization to file download storehouse.Wherein,
White library and file download storehouse are all parts for server end.When there is a need to the file repaired, according to
The MD5 of file obtains the secure file of its correspondence from file download storehouse, downloads this document and repairs.
The beneficial effect of the present embodiment includes: server end passes through to gather the information of file from client, and
Shi Gengxin back-end data, it is thus achieved that the information of recent software, so when this software quilt installed in certain client
After destruction, owing to server end stores the information of this software, it becomes possible in time it is repaired, thus
Improve the repair ability of fail-safe software.Owing to the data of server end collect from each client,
So include the most all popular popular softwares, so using the method repair coverage in the present embodiment
The widest, repairing object is all abnormal documents, including infection type and abduction type, supports the most popular
All popular softwares, can directly use after software reparation, eliminate the cost reinstalled;On the other hand,
In repair process, simply virus document is replaced with secure file, the software at virus document place is not entered
Row refitting so that reparation degree of accuracy is higher, and file and original document after reparation are completely the same and general
Property strong: do not fear any virus mutation, as long as can recognize that danger file all support repair.
Embodiment four
The embodiment of the present invention provides a kind of method that information security processes, Application Example in the present embodiment
The back-end data that in three, server end is set up, repairs the file that client is destroyed, sees Fig. 4, side
Method flow process includes:
401, when finding virus document during described client scan, whether described virus document is detected
For support repair file, if it is, perform step 402, otherwise this virus document is directly deleted or
Remove infected fragment in virus document.
In this step, virus document can find in a scan, it is also possible to is to be monitored file
Middle discovery, in this present embodiment and be not specifically limited.Preferably, whether described virus document is detected
For supporting the file repaired, including: detect whether described virus document place catalogue is to support that repairs commonly uses
Software installation directory, if it is, confirm that described virus document is the file supporting to repair, otherwise confirms institute
Stating virus document is not the file supporting to repair, and is deleted by described virus document or removes quilt in virus document
The fragment infected.The present embodiment can also having, whether other detection virus document is the literary composition supporting to repair certainly
The method of part, in this present embodiment and be not specifically limited.
In the present embodiment, if be detected that the virus document not section of support repair, then directly this document is deleted
Or infected fragment in removing virus document, in order to avoid this virus document may proceed to infect to other file.
402, the information of described virus document is sent to described server end.
In this step, virus document is the file supporting to repair, then the information of this virus document is sent to clothes
Business device end, to repair it.Wherein, the information of virus document includes but not limited to: virus document institute
At the title of software, virus file names, virus document version, virus document size, virus document A.L.S.
Breath, the version of virus document place software, virus document MD5 etc..
403, the information of described virus document is matched by server end with described back-end data, and will mate
To information return to client.
In this step, after server end receives the information of the virus document that client sends, by virus document
Information is mated with the information in software information inquiry storehouse, if there being the information matched, then will match
Fileinfo return to client, wherein, the fileinfo matched includes but not limited to: described safety
The MD5 of file and the download address information etc. of described secure file.Software information inquiry storehouse is server end
A part.
404, client receives the file of the information match with described virus document that described server end returns
Information, downloads the secure file corresponding with described virus document according to the described fileinfo matched, and uses
Described secure file replaces described virus document.
In this step, when client receives the literary composition of the information match with virus document that server end returns
During part information, download this secure file according to the download address of secure file, and verify the MD5 value of this document,
After verifying successfully, replace current virus document with secure file, thus complete the reparation to virus document.
Wherein need not reinstall the software at this document place, it is only necessary to replace virus therein with secure file
File, the software that just can make this virus document place is properly functioning, improves remediation efficiency.
What deserves to be explained is, when client receives not having and described virus document of described server end return
The fileinfo of information match time, described virus document is deleted or removes in virus document infected
Fragment.
Wherein, step 402-404 is after concrete execution obtains the described server end that described virus document is corresponding
Number of units evidence, and the step described virus document repaired according to the back-end data of described server end.
The beneficial effect of the present embodiment includes: server end passes through to gather the information of file from client, and
Shi Gengxin back-end data, it is thus achieved that the information of recent software, so when this software quilt installed in certain client
After destruction, owing to server end stores the information of this software, it becomes possible in time it is repaired, thus
Improve the repair ability of fail-safe software.Owing to the data of server end collect from each client,
So include the most all popular popular softwares, so using the method repair coverage in the present embodiment
The widest, repairing object is all abnormal documents, including infection type and abduction type, supports the most popular
All popular softwares, can directly use after software reparation, eliminate the cost reinstalled;On the other hand,
In repair process, simply virus document is replaced with secure file, the software at virus document place is not entered
Row refitting so that reparation degree of accuracy is higher, and file and original document after reparation are completely the same and general
Property strong: do not fear any virus mutation, as long as can recognize that danger file all support repair.
Embodiment five
See Fig. 5, the embodiment of the present invention provides a kind of client, including: acquisition module 501, gather
Module 502 and reporting module 503.
Acquisition module 501, for when client executing file scan, it is to be collected that acquisition server end issues
Information list;
Acquisition module 502, gathers institute in local corresponding software for the instruction according to described information list to be collected
The information of the file comprised;
Reporting module 503, is used for the information reporting of the described described file collected to server end, makes institute
State server end the information of the file that all clients received report is screened by preset rules, and
According to the described data synchronization updating back-end data screened, described back-end data is for described client
In virus document repair.
In another embodiment, see Fig. 6, described acquisition module 501, including:
First transmitting element 501a, for sending, to server end, the request of inquiry, described inquiry request is for asking
Show that described server end is the need of the information gathering Current software;
Receive unit 501b, for receiving the query-response that described server end returns, described query-response bag
Include information list to be collected.
In another embodiment, seeing Fig. 6, described acquisition module also includes:
Judging unit 501c, for described first transmitting element 501a before server end sends inquiry request,
Judge that the user of the described client information gathering whether to server end is authorized, if it is, continue
The continuous step performing to send inquiry request to server end, otherwise stops sending inquiry request to server end.
In another embodiment, the information of described file includes but not limited to following one or more: file
The title of the software at place, filename, FileVersion, file size, file signature information, file place
The GUID GUID of the version of software, file MD5 and described client.
In another embodiment, seeing Fig. 6, described client also includes:
Repair module 504, for when finding virus document during described client scan, detection is described
Whether virus document is the file supporting to repair, if it is, obtain the described clothes that described virus document is corresponding
The back-end data of business device end, and according to the back-end data of described server end, described virus document is repaired.
In another embodiment, see Fig. 6, described repair module 504, including:
Detector unit 504a, for detecting whether described virus document place catalogue is the conventional soft of support reparation
Part installation directory, if it is, confirm that described virus document is the file supporting to repair, otherwise confirms described
Virus document is not the file supporting to repair, and is deleted by described virus document or removes in described virus document
Infected fragment.
In another embodiment, described repair module 504, including:
Second transmitting element 504b, for being sent to described server end by the information of described virus document;
Repair unit 504c, for when receiving the information phase with described virus document that described server end returns
During the fileinfo mated, download the peace corresponding with described virus document according to the described fileinfo matched
Whole file, and replace described virus document with described secure file, described in the fileinfo that matches include:
The MD5 of described secure file and the download address information of described secure file.
In another embodiment, described repair module 504 also includes:
Delete unit 504d, for when receiving not having and described virus document of described server end return
During the fileinfo of information match, described virus document is deleted or removed in described virus document and is felt
The fragment of dye.
The beneficial effect of the present embodiment includes: server end passes through to gather the information of file from client, and
Shi Gengxin back-end data, it is thus achieved that the information of recent software, so when this software quilt installed in certain client
After destruction, owing to server end stores the information of this software, it becomes possible in time it is repaired, thus
Improve the repair ability of fail-safe software.
Embodiment six
See Fig. 7, the embodiment of the present invention provides a kind of server end, including: issue module 601, connect
Receive module 602 and synchronization module 603.
Issue module 601, issue to be collected letter to multiple in the client performing file scan for server end
Breath list, makes described client gather described client according to the instruction of described information list to be collected the softest
The information of the file included in part;
Receiver module 602, for receiving the information of the file that described each client reports;
Synchronization module 603, the information to the file that the described all clients received report that is used for is by default rule
Then screen, and according to the described data synchronization updating back-end data screened, described back-end data is used
In the virus document in described client is repaired.
In another embodiment, see Fig. 8, described in issue module 601, including:
Receive unit 601a, for receiving the inquiry request that multiple client sends when performing file scan,
Described inquiry request is for asking described server end for instructions the need of the information gathering Current software;
Return unit 601b, for returning query-response to the plurality of client, described query-response wraps
Include information list to be collected.
In another embodiment, the information of described file includes but not limited to following one or more: file
The title of the software at place, filename, FileVersion, file size, file signature information, file place
The GUID GUID of the version of software, file MD5 and described client.
In another embodiment, see Fig. 8, described synchronization module 603, including:
Screening unit 603a, for the file reported the described all clients received every Preset Time
Information screen, by the information of the file of described all client upload except the GUID of client
Outside, the accumulative total of the record that out of Memory is consistent more than the first preset value document screening out;
Acquiring unit 603b, for selecting the file that described accumulative total is maximum in the described file screened;
Lock unit 603c, for all reporting the second of ratio to preset when the maximum file of described accumulative total accounts for
Value, and when described file is secure file, by described file synchronization to back-end data.
In another embodiment, seeing Fig. 8, described synchronization module 603 also includes:
Memory element 603d, is used for after described lock unit is by described file synchronization to back-end data,
Obtain the MD5 of described file, obtain, according to the MD5 of described file, the secure file that described file is corresponding,
And the described secure file of corresponding storage.
In another embodiment, described receiver module is additionally operable to receive any client in the plurality of client
The information of the virus document sent;
Seeing Fig. 8, described server end also includes: matching module 604, for by the letter of described virus document
Breath matches with described back-end data;
The described module that issues is additionally operable to when there being the file letter matched with described virus document in described back-end data
During breath, the described fileinfo matched is sent to described any client, makes described any client root
Download the secure file corresponding with described virus document according to the described fileinfo matched, and use described safety
Described virus document replaced by file, wherein, described in the fileinfo that matches include: described secure file
The download address information of MD5 and described secure file.
It should be understood that server end only being partitioned into above-mentioned each functional module that above-described embodiment provides
Row illustrates, and in actual application, can distribute above-mentioned functions by different functional modules as desired
Complete, the internal structure of equipment will be divided into different functional modules, with complete described above all or
Person's partial function.Such as, application scenarios schematic diagram as shown in Figure 9, multiple client and servers enter
Row is mutual, and server end includes that software information collects storehouse, software information inquiry storehouse, file/software information Cache
(cache memory), white library and file download storehouse.Software information is collected storehouse and is used for collecting client
On fileinfo, then by synchronizing information to software information inquiry storehouse, after synchronously completing, take out new
It is synchronized to the file MD5 in software information inquiry storehouse, mates in white library, by corresponding file
It is synchronized to file download storehouse.After client detects virus document, by file/software information Cache to
The information of software information inquiry this virus document of library inquiry, and after obtaining match information from the address of coupling
Carry secure file, and by MD5, secure file is verified, replaced by rear secure file in verification
Virus document, completes the reparation to virus document.File download storehouse, software information inquiry storehouse and file/software
Information Cache is associated together by MD5, and the most concrete interaction does not repeats them here.
The beneficial effect of the present embodiment includes: server end passes through to gather the information of file from client, and
Shi Gengxin back-end data, it is thus achieved that the information of recent software, so when this software quilt installed in certain client
After destruction, owing to server end stores the information of this software, it becomes possible in time it is repaired, thus
Improve the repair ability of fail-safe software.
Embodiment 7
See Figure 10, the embodiment of the present invention provides the system that a kind of information security processes, including: implement
Client 500 described in example five and the server end 600 described in embodiment six.
The beneficial effect of the present embodiment includes: server end passes through to gather the information of file from client, and
Shi Gengxin back-end data, it is thus achieved that the information of recent software, so when this software quilt installed in certain client
After destruction, owing to server end stores the information of this software, it becomes possible in time it is repaired, thus
Improve the repair ability of fail-safe software.
It should be understood that the server end of above-described embodiment offer, client and information security process is
System, is only illustrated with the division of above-mentioned each functional module, in actual application, and can be as desired
Above-mentioned functions distribution is completed by different functional modules, the internal structure of equipment will be divided into different merits
Energy module, to complete all or part of function described above.
It addition, the server end of above-described embodiment offer, client and the system of information security process and information
The embodiment of the method for safe handling belongs to same design, and it implements process and refers to embodiment of the method, here
Repeat no more.
The invention described above embodiment sequence number, just to describing, does not represent the quality of embodiment.
One of ordinary skill in the art will appreciate that all or part of step realizing above-described embodiment can be passed through
Hardware completes, it is also possible to instructing relevant hardware by program and complete, described program can be stored in
In a kind of computer-readable recording medium, storage medium mentioned above can be read only memory, disk or
CD etc..
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all the present invention's
Within spirit and principle, any modification, equivalent substitution and improvement etc. made, should be included in the present invention's
Within protection domain.
Claims (23)
1. the method that an information security processes, it is characterised in that described method includes:
When client executing file scan, obtain the information list to be collected that server end issues;
Instruction according to described information list to be collected gathers the letter of the file included in local corresponding software
Breath;
By the information reporting of the described described file collected to described server end, make described server end pair
The information of the file that all clients received report is screened by preset rules, and according to described screening
Data synchronization updating back-end data out, it is thus achieved that the information of recent software, described back-end data is for institute
The virus document stated in client is repaired;
The information list to be collected that described acquisition server end issues, including:
Judge that the user of the described client information gathering whether to server end is authorized, particularly as follows:
Judge that the preset security software installed in described client is the most authorized;
If it is, send inquiry request to server end, described inquiry request is used for asking described server for instructions
Hold the need of the information gathering Current software;Receive the query-response that described server end returns, described inquiry
Ask that response includes information list to be collected;
Otherwise stop sending inquiry request to server end.
Method the most according to claim 1, it is characterised in that the information of described file includes following
One or more: the title of the software at file place, filename, FileVersion, file size, file label
Name information, the version of software at file place, file MD5 and the GUID of described client
GUID。
Method the most according to claim 1, it is characterised in that described method also includes:
When finding virus document during described client scan, detect whether described virus document is to prop up
Hold the file of reparation, if it is, obtain the back-end data of described server end corresponding to described virus document,
And according to the back-end data of described server end, described virus document is repaired.
Method the most according to claim 3, it is characterised in that whether the described virus document of described detection
For supporting the file repaired, including:
Detect whether described virus document place catalogue is the popular software installation directory supporting to repair, if it is,
Then confirm that described virus document is the file supporting to repair, otherwise confirm that described virus document is not to support to repair
File, by described virus document delete or remove infected fragment in described virus document.
Method the most according to claim 3, it is characterised in that the described virus document of described acquisition is corresponding
The back-end data of described server end, and according to the back-end data of described server end to described virus document
Repair, including:
The information of described virus document is sent to described server end;
When receive that described server end returns with the fileinfo of the information match of described virus document time,
Download the secure file corresponding with described virus document according to the described fileinfo matched, and use described peace
Whole file replaces described virus document, described in the fileinfo that matches include: the MD5 of described secure file
Download address information with described secure file.
Method the most according to claim 5, it is characterised in that described method also includes:
When the file not having the information match with described virus document receiving the return of described server end is believed
During breath, described virus document is deleted or removes infected fragment in file.
7. the method that an information security processes, it is characterised in that described method includes:
Server end issues information list to be collected to multiple in the client performing file scan, makes described visitor
Family end gathers the file included in described client corresponding software according to the instruction of described information list to be collected
Information;
Receive the information of the file that described each client reports;
The information of the file that the described all clients received report is screened by preset rules, and root
According to the described data synchronization updating back-end data screened, it is thus achieved that the information of recent software, described rear number of units
According to for the virus document in described client is repaired;
Described server end issues information list to be collected to multiple in the client performing file scan, including:
In the case of the information gathering of server end has been carried out authorizing by the user of client, server terminates
Receiving the inquiry request that multiple client sends when performing file scan, described inquiry request is used for asking for instructions described
Server end is the need of the information gathering Current software;
Returning query-response to the plurality of client, described query-response includes information list to be collected.
Method the most according to claim 7, it is characterised in that the information of described file includes following
One or more: the title of the software at file place, filename, FileVersion, file size, file label
Name information, the version of software at file place, file MD5 and the GUID of described client
GUID。
Method the most according to claim 7, it is characterised in that described to the described all visitors received
The information of the file that family end reports is screened by preset rules, and according to the described data syn-chronization screened
Update back-end data, including:
Every Preset Time, the information of the file that the described all clients received report is screened, will
In the information of the file of described all client upload in addition to the GUID of client, out of Memory is consistent
Record accumulative total more than the first preset value document screening out;
The file that described accumulative total is maximum is selected in the described file screened;
When the file that described accumulative total is maximum accounts for all the second preset values reporting ratio, and described file is peace
During whole file, by described file synchronization to back-end data.
Method the most according to claim 9, it is characterised in that described described file synchronization is arrived after
After in number of units evidence, also include:
Obtain the MD5 of described file;
MD5 according to described file obtains the secure file that described file is corresponding, and the described safety of corresponding storage
File.
11. methods according to claim 7, it is characterised in that described method also includes:
Receive the information of the virus document that any client sends in the plurality of client;
The information of described virus document is matched with described back-end data;
When described back-end data has the fileinfo matched with described virus document, match described
Fileinfo be sent to described any client, make described any client according to described in the file that matches
Information downloads the secure file corresponding with described virus document, and replaces described virus literary composition with described secure file
Part, wherein, described in the fileinfo that matches include: the MD5 of described secure file and described secure file
Download address information.
12. 1 kinds of clients, it is characterised in that described client includes:
Acquisition module, for when client executing file scan, obtains the letter to be collected that server end issues
Breath list;
Acquisition module, for being wrapped according in instruction collection this locality corresponding software of described information list to be collected
The information of the file contained;
Reporting module, is used for the information reporting of the described described file collected to described server end, makes
The information of the file that all clients received report is screened by described server end by preset rules,
And according to the described data synchronization updating back-end data screened, it is thus achieved that the information of recent software, described after
Number of units is according to for repairing the virus document in described client;
Described acquisition module, including:
First transmitting element, for sending inquiry request to server end, described inquiry request is used for asking institute for instructions
State server end the need of the information gathering Current software;
Receiving unit, for receiving the query-response that described server end returns, described query-response includes treating
Gather information list;
Judging unit, for described first transmitting element before server end sends inquiry request, it is judged that institute
State the user of the client information gathering whether to server end to be authorized, particularly as follows: judge described visitor
The preset security software installed on the end of family is the most authorized;Send out if it is, continue executing with to server end
Send the step of inquiry request, otherwise stop sending inquiry request to server end.
13. clients according to claim 12, it is characterised in that the information of described file include with
Under one or more: the title of the software at file place, filename, FileVersion, file size, literary composition
Part signing messages, the version of software at file place, file MD5 and the globally unique mark of described client
Know symbol GUID.
14. clients according to claim 12, it is characterised in that described client also includes:
Repair module, for when finding virus document during described client scan, detecting described disease
Whether poison file is the file supporting to repair, if it is, obtain the described service that described virus document is corresponding
The back-end data of device end, and according to the back-end data of described server end, described virus document is repaired.
15. clients according to claim 14, it is characterised in that described repair module, including:
Detector unit, for detecting whether described virus document place catalogue is the popular software peace supporting to repair
Dress catalogue, if it is, confirm that described virus document is the file supporting to repair, otherwise confirms described virus
File is not the file supporting to repair, and described virus document is deleted or is removed in described virus document and is felt
The fragment of dye.
16. clients according to claim 14, it is characterised in that described repair module, including:
Second transmitting element, for being sent to described server end by the information of described virus document;
Repair unit, for when receiving the information match with described virus document that described server end returns
Fileinfo time, download corresponding with described virus document safety according to the described fileinfo matched civilian
Part, and replace described virus document with described secure file, described in the fileinfo that matches include: described
The MD5 of secure file and the download address information of described secure file.
17. clients according to claim 16, it is characterised in that described repair module also includes:
Delete unit, for when receive that described server end returns not with the information of described virus document
During the fileinfo matched, described virus document is deleted or removes in described virus document infected
Fragment.
18. 1 kinds of server ends, it is characterised in that described server end includes:
Issue module, issue to be collected information to multiple in the client performing file scan for server end
List, makes described client gather described client corresponding software according to the instruction of described information list to be collected
Included in the information of file;
Receiver module, for receiving the information of the file that described each client reports;
Synchronization module, the information to the file that the described all clients received report that is used for is by preset rules
Screen, and according to the described data synchronization updating back-end data screened, it is thus achieved that the letter of recent software
Breath, described back-end data is for repairing the virus document in described client;
Described issue module, including:
Receive unit, for situation about the information gathering of server end being authorized the user of client
Under, receiving the inquiry request of multiple client transmission when performing file scan, described inquiry request is for asking
Show that described server end is the need of the information gathering Current software;
Returning unit, for returning query-response to the plurality of client, described query-response includes treating
Gather information list.
19. server ends according to claim 18, it is characterised in that the information of described file includes
Following one or more: the title of the software at file place, filename, FileVersion, file size,
File signature information, the version of software at file place, file MD5 and described client globally unique
Identifier GUID.
20. server ends according to claim 18, it is characterised in that described synchronization module, including:
Screening unit, for every the Preset Time letter to the file that the described all clients received report
Breath screen, by the information of the file of described all client upload in addition to the GUID of client,
The accumulative total of the record that out of Memory is consistent more than the first preset value document screening out;
Acquiring unit, for selecting the file that described accumulative total is maximum in the described file screened;
Lock unit, for accounting for all the second preset values reporting ratio when the maximum file of described accumulative total,
And described file is when being secure file, by described file synchronization to back-end data.
21. server ends according to claim 20, it is characterised in that described synchronization module also includes:
Memory element, for after described lock unit is by described file synchronization to back-end data, obtains
The MD5 of described file, obtains, according to the MD5 of described file, the secure file that described file is corresponding, and right
Described secure file should be stored.
22. server ends according to claim 18, it is characterised in that described server end also includes:
Described receiver module is additionally operable to receive the virus document of any client transmission in the plurality of client
Information;
Matching module, for matching the information of described virus document with described back-end data;
The described module that issues is additionally operable to when there being the file letter matched with described virus document in described back-end data
During breath, the described fileinfo matched is sent to described any client, makes described any client root
Download the secure file corresponding with described virus document according to the described fileinfo matched, and use described safety
Described virus document replaced by file, wherein, described in the fileinfo that matches include: described secure file
The download address information of MD5 and described secure file.
The system that 23. 1 kinds of information securities process, it is characterised in that described system includes: such as claim
Client described in any one of 12-17 and the server end as described in any one of claim 18-22.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310218989.9A CN103310154B (en) | 2013-06-04 | 2013-06-04 | The method, apparatus and system that information security processes |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310218989.9A CN103310154B (en) | 2013-06-04 | 2013-06-04 | The method, apparatus and system that information security processes |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103310154A CN103310154A (en) | 2013-09-18 |
| CN103310154B true CN103310154B (en) | 2016-12-28 |
Family
ID=49135359
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310218989.9A Active CN103310154B (en) | 2013-06-04 | 2013-06-04 | The method, apparatus and system that information security processes |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103310154B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103593613A (en) * | 2013-11-26 | 2014-02-19 | 北京网秦天下科技有限公司 | Method, terminal, server and system for computer virus detection |
| CN104317672A (en) * | 2014-10-24 | 2015-01-28 | 北京奇虎科技有限公司 | System file repairing method, device and system |
| CN106934276B (en) * | 2015-12-30 | 2020-02-28 | 北京金山安全软件有限公司 | Method and device for detecting security of mobile terminal system and mobile terminal |
| CN106709344B (en) * | 2016-08-09 | 2019-12-13 | 腾讯科技(深圳)有限公司 | Virus checking and killing notification method and server |
| CN109587095A (en) * | 2017-09-28 | 2019-04-05 | 中国电信股份有限公司 | Information security control method, device and system |
| CN112580037B (en) * | 2019-09-30 | 2023-12-12 | 奇安信安全技术(珠海)有限公司 | Method, device and equipment for repairing virus file data |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102592103A (en) * | 2011-01-17 | 2012-07-18 | 中国电信股份有限公司 | Secure file processing method, equipment and system |
| CN102799500A (en) * | 2012-06-25 | 2012-11-28 | 腾讯科技(深圳)有限公司 | System repair method, device and storage medium |
| CN102902604A (en) * | 2012-09-28 | 2013-01-30 | 北京奇虎科技有限公司 | Method and device for repairing files |
| CN102902922A (en) * | 2012-09-29 | 2013-01-30 | 北京奇虎科技有限公司 | File repair method and system |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101924762B (en) * | 2010-08-18 | 2013-02-27 | 北京奇虎科技有限公司 | Cloud security-based active defense method |
| CN102843400A (en) * | 2011-06-23 | 2012-12-26 | 珠海市君天电子科技有限公司 | method and system for downloading file |
| CN103023988B (en) * | 2012-11-27 | 2016-05-04 | 北京金山云科技有限公司 | File synchronisation method, server, client and terminal device |
-
2013
- 2013-06-04 CN CN201310218989.9A patent/CN103310154B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102592103A (en) * | 2011-01-17 | 2012-07-18 | 中国电信股份有限公司 | Secure file processing method, equipment and system |
| CN102799500A (en) * | 2012-06-25 | 2012-11-28 | 腾讯科技(深圳)有限公司 | System repair method, device and storage medium |
| CN102902604A (en) * | 2012-09-28 | 2013-01-30 | 北京奇虎科技有限公司 | Method and device for repairing files |
| CN102902922A (en) * | 2012-09-29 | 2013-01-30 | 北京奇虎科技有限公司 | File repair method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103310154A (en) | 2013-09-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103310154B (en) | The method, apparatus and system that information security processes | |
| CN107395767B (en) | Message pushing system and method based on long connection | |
| CN103023710B (en) | A kind of safety test system and method | |
| CN103391216B (en) | A kind of illegal external connection is reported to the police and blocking-up method | |
| EP2566130B1 (en) | Automatic analysis of security related incidents in computer networks | |
| US20230096032A1 (en) | Hybrid Approach To Data Governance | |
| CN102592103B (en) | Secure file processing method, equipment and system | |
| CN103685150B (en) | The method and apparatus of upload file | |
| CN104270467B (en) | A kind of virtual machine management-control method for mixed cloud | |
| JP6408395B2 (en) | Blacklist management method | |
| CN105653329A (en) | Application management method, apparatus and system | |
| CN105659245A (en) | Context-aware network forensics | |
| CN107395395B (en) | Processing method and device of safety protection system | |
| CN107294924B (en) | Vulnerability detection method, device and system | |
| CN111898124B (en) | Process access control method and device, storage medium and electronic equipment | |
| CN107864056A (en) | A kind of distributed event acquisition probe, distributed event high speed acquisition system and method | |
| CN111010405B (en) | SaaS-based website security monitoring system | |
| CN102045220A (en) | Wooden horse monitoring and auditing method and system thereof | |
| CN108092936A (en) | A kind of Host Supervision System based on plug-in architecture | |
| CN112261172A (en) | Service addressing access method, device, system, equipment and medium | |
| CN110620768A (en) | Baseline safety detection method and device for intelligent terminal of Internet of things | |
| CN109522042A (en) | A kind of patch update method, system and associated component | |
| CN109918089A (en) | A kind of software deployment method and system | |
| CN109684155A (en) | Monitor configuration method, device, equipment and readable storage medium storing program for executing | |
| CN108809950B (en) | Wireless router protection method and system based on cloud shadow system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20190730 Address after: Shenzhen Futian District City, Guangdong province 518044 Zhenxing Road, SEG Science Park 2 East Room 403 Co-patentee after: Tencent cloud computing (Beijing) limited liability company Patentee after: Tencent Technology (Shenzhen) Co., Ltd. Address before: 518000 Guangdong city of Shenzhen province Futian District SEG Science Park 2 East Room 403 Patentee before: Tencent Technology (Shenzhen) Co., Ltd. |