CN103559443B - The virus scan method and apparatus of device for multi-core - Google Patents
The virus scan method and apparatus of device for multi-core Download PDFInfo
- Publication number
- CN103559443B CN103559443B CN201310535046.9A CN201310535046A CN103559443B CN 103559443 B CN103559443 B CN 103559443B CN 201310535046 A CN201310535046 A CN 201310535046A CN 103559443 B CN103559443 B CN 103559443B
- Authority
- CN
- China
- Prior art keywords
- scan
- scanning
- file
- virus
- thread
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 241000700605 Viruses Species 0.000 title claims abstract description 75
- 238000000034 method Methods 0.000 title claims abstract description 67
- 230000002155 anti-virotic effect Effects 0.000 claims description 43
- 125000004122 cyclic group Chemical group 0.000 claims description 4
- 230000008569 process Effects 0.000 description 14
- 230000006399 behavior Effects 0.000 description 9
- 230000008901 benefit Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 230000004048 modification Effects 0.000 description 6
- 238000012986 modification Methods 0.000 description 6
- 238000012546 transfer Methods 0.000 description 5
- 230000003612 virological effect Effects 0.000 description 5
- 238000004590 computer program Methods 0.000 description 3
- 201000010099 disease Diseases 0.000 description 3
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 3
- 238000010408 sweeping Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 239000002574 poison Substances 0.000 description 2
- 231100000614 poison Toxicity 0.000 description 2
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 230000006837 decompression Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000001035 drying Methods 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 208000015181 infectious disease Diseases 0.000 description 1
- 230000002458 infectious effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 230000002035 prolonged effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a kind of virus scan method and apparatus of device for multi-core, wherein, method includes:According to the CPU core number of device for multi-core, multiple scanning threads are created, the number of scanning thread is more than or equal to the CPU core number of device for multi-core;According to the multiple scan tasks of one or more file generateds to be scanned, multiple scan tasks are added in scan task queue;Scan task in scan task queue is distributed into scanning thread, so that scanning thread performs virus scan.The scheme provided according to the present invention, ensure that all CPU cores are in busy state, fully using system resource, improve the speed of scanning, so as to reduce the time that scanning takes CPU computings and disk operating, improve service efficiency of the user to equipment.
Description
Technical field
The present invention relates to field of computer technology, and in particular to a kind of virus scan method and apparatus of device for multi-core.
Background technology
Computer virus is the data for the destruction computer function worked out or inserted in computer program, can influence meter
The normal use of calculation machine and can self-replacation, generally in the form of one group of computer instruction or program code present.Instead
Antivirus engine be it is a set of judge specific program behavior whether be Virus (including suspect program) technology mechanism.Anti-virus draws
Hold up be antivirus software major part, be detection and find virus program, and virus base be have been found that viral feature
Set.During antivirus, with all programs or file in the feature comparison system in virus base, these features will be met
Program or file are determined as virus.
With the popularization of computer, user terminal, which is substantially all, needs installation antivirus software to sweep the file in computer
Retouch.When antivirus software is scanned, it is necessary to substantial amounts of CPU computings and disk operating so that scanning process is very long and influences
System speed.And in computer system include many identical files, such as Windows files, software installation APMB package,
Help file, compressed file etc..In the prior art, when the antivirus software of user terminal is scanned for the first time in meeting scan full hard disk computer
All Files, and can be in scanning file various contents, for example, for compressed package, prior art can be according to normally sweeping
Flow is retouched by the content decompression in compressed package and then is scanned one by one, to secure documents.Existing virus scan mode,
The Thread Count of Scan for Viruses is fixed, for device for multi-core, possibly the resource of system can not be discharged completely, for example, for 8 cores
CPU, if Thread Count is fixed as 6, might have unnecessary CPU and is in idle condition, this can also significantly reduce virus and sweep
Speed is retouched, so as to extend the time entirely scanned.For user, prolonged scanning can take CPU computings and disk always
Operation have impact on the speed of system, reduce service efficiency of the user to equipment.
The content of the invention
In view of the above problems, it is proposed that the present invention so as to provide one kind overcome above mentioned problem or at least in part solve on
State the virus scan method and apparatus of the device for multi-core of problem.
According to an aspect of the invention, there is provided a kind of virus scan method of device for multi-core, including:Set according to multinuclear
Standby CPU core number, creates multiple scanning threads, and the number of scanning thread is more than or equal to the CPU core number of device for multi-core;According to treating
The multiple scan tasks of one or more file generateds of scanning, multiple scan tasks are added in scan task queue;It will sweep
Retouch the scan task in task queue and distribute to scanning thread, so that scanning thread performs virus scan.
According to another aspect of the present invention there is provided a kind of virus scan device of device for multi-core, including:Thread creation mould
Block, suitable for creating multiple scanning threads according to the CPU core number of device for multi-core, the number of the scanning thread of establishment is more than or equal to more
The CPU core number of nuclear equipment;Task generation module, suitable for according to the multiple scan tasks of one or more file generateds to be scanned,
Multiple scan tasks are added in scan task queue;Distribute module, suitable for the scan task in scan task queue is divided
Dispensing scans thread, so that scanning thread performs virus scan.
According to the virus scan method and apparatus of the device for multi-core of the present invention, after scan procedure is initiated, according to device for multi-core
CPU core number, create number be more than or equal to equipment CPU core number scanning thread;According to one or more files to be scanned
Generate multiple scan tasks and multiple scan tasks are added in scan task queue;Scanning in scan task queue is appointed
The scanning thread is distributed in business, so that the scanning thread performs virus scan.According to the program, scanning number of threads is not small
It in equipment CPU core number, ensure that all CPU cores are in busy state, fully using system resource, improve the speed of scanning
Degree, so as to reduce the time that scanning takes CPU computings and disk operating, improves service efficiency of the user to equipment.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention,
And can be practiced according to the content of specification, and in order to allow the above and other objects of the present invention, feature and advantage can
Become apparent, below especially exemplified by the embodiment of the present invention.
Brief description of the drawings
By reading the detailed description of hereafter preferred embodiment, various other advantages and benefit is common for this area
Technical staff will be clear understanding.Accompanying drawing is only used for showing the purpose of preferred embodiment, and is not considered as to the present invention
Limitation.And in whole accompanying drawing, identical part is denoted by the same reference numerals.In the accompanying drawings:
Fig. 1 shows the flow chart of the virus scan method of device for multi-core according to an embodiment of the invention;
Fig. 2 shows the flow chart of the virus scan method of device for multi-core in accordance with another embodiment of the present invention;
Fig. 3 shows the structural representation of the virus scan device of device for multi-core according to an embodiment of the invention.
Embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although showing the disclosure in accompanying drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
Limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
Complete conveys to those skilled in the art.
Fig. 1 shows the flow chart of the virus scan method of device for multi-core according to an embodiment of the invention, such as Fig. 1 institutes
Show, this method comprises the following steps:
Step S101, according to the CPU core number of device for multi-core, creates multiple scanning threads, the number of scanning thread be more than or
Equal to the CPU core number of device for multi-core.
When implementing, obtaining the opportunity of the characteristic information such as CPU core number of device for multi-core can have a variety of, for example, can be with
Obtained during antivirus software is installed, or, obtained when user changes configuration information, or obtained in scanning process
Take, etc., specific opportunity can be selected according to specific characteristic information.
For example, if it is desired to obtain the hardware environment information of computer system, then it can just go to obtain during installation
Take corresponding characteristic information, including the size of internal memory, CPU processing speeds etc..If necessary to obtain the protection class that user uses
Type, then can obtain when user is configured or changed to the configuration information of antivirus software.Obtain if desired to be scanned
The type information of file, then can be first during antivirus software performs scanning, before specifically needing to scan a certain file
First judge type of this document, etc..
When the virus scanning program of the embodiment of the present invention initiates scan procedure, it usually can obtain including equipment CPU core number
Hardware asset information inside.In device for multi-core, generally multiple scan tasks are scanned with multithreading, multiple lines
Journey transfers to multiple core cpus to be respectively processed.In the present invention, equipment CPU is made full use of to realize, scanning thread
Number should be more than or equal to CPU core number, so, when scan task is enough, and each CPU core can be participated at scanning thread
Reason.
Step S102, according to the multiple scan tasks of one or more file generateds to be scanned, multiple scan tasks are added
It is added in scan task queue.
Scanning thread is used as main sweep object using file.In scanning process, be each file generated to be scanned extremely
A few scan task.Need to be managed multiple scan tasks with a kind of data structure, this is generally realized by queue,
Completed scan task is deleted from front end, newly-generated scan task is inserted from tail of the queue.
Step S103, scanning thread is distributed to by the scan task in scan task queue, so that scanning thread performs disease
Poison scanning.
At this moment, scanning thread has got scan task from the scan task queue of foundation, can pass through feature afterwards
The modes such as information matches perform virus scan.
The method provided according to the above embodiment of the present invention, after scan procedure is initiated, according to the CPU core number of device for multi-core,
The scanning thread that number is more than or equal to equipment CPU core number is created, multiple threads transfer to multiple core cpus to be respectively processed;
According to the multiple scan tasks of one or more file generateds to be scanned and multiple scan tasks are added to scan task queue
In;Scan task in scan task queue is distributed into the scanning thread, so that the scanning thread performs virus scan.
According to the program, the quantity of scanning thread is not less than equipment CPU core number, therefore, it is possible to ensure that all CPU cores are in busy shape
State, fully using system resource, improves the speed of scanning, so that the time that scanning takes CPU computings and disk operating is reduced,
Improve service efficiency of the user to equipment.
Fig. 2 shows the flow chart of device for multi-core virus scan method in accordance with another embodiment of the present invention, such as Fig. 2 institutes
Show, this method comprises the following steps:
Step S201, according to the CPU core number of device for multi-core, creates multiple scanning threads, the number of scanning thread be more than or
Equal to the CPU core number of device for multi-core.
When virus scanning program initiates scan procedure, the hardware resource including equipment CPU core number usually can be obtained
Information.In device for multi-core, generally multiple scan tasks are scanned with multithreading, multiple threads transfer to multiple CPU
Core is respectively processed.In the present invention, equipment CPU is made full use of to realize, the number of scanning thread should be more than
Or equal to CPU core number, so, when scan task is enough, each CPU core can participate in scanning thread process.
In multiple scanning threads are created, each scanning thread distribution is on a CPU core, multiple scanning thread parallels
Perform.
Alternatively, if the CPU core number of the equipment of operation virus scanning program is n, 2n+1 scanning thread is created.
Step S202, according to the multiple scan tasks of one or more file generateds to be scanned, multiple scan tasks are added
It is added in scan task queue.
Scanning thread is used as main sweep object using file.In scanning process, be each file generated to be scanned extremely
A few scan task.Need to obtain the file attribute information of file to be scanned, such as file size, filemodetime and text
Part path etc..File attribute record this document last time is by amended file size, modification time and file in system
The attribute informations such as path, attribute information carries out real-time update according to the modification of file.
For example, can be by the scan mode of internal memory, will file attribute information and the file attribute information that is preserved in caching
Matched, when the file attribute of file to be scanned is matched with the file attribute preserved in caching, file to be scanned is determined
For malicious file or non-malicious file, when the file attribute preserved in the file attribute and caching of file to be scanned is mismatched,
Other files that file to be scanned is defined as being scanned by name single scan mode.Because file attribute information is including a variety of
Information, therefore each attribute information can one by one be matched according to preset order when being matched, for example, first matching
File size, next matching files modification time, last matching files path etc..
Wherein, when all properties information of a certain file is all consistent with the file attribute information preserved in caching, just really
The file attribute for determining the file attribute of this document with being preserved in caching is matched, when any one attribute information of a certain file is with delaying
Deposit middle preservation file attribute information it is inconsistent when, it is determined that the file attribute preserved in the file attribute and caching of this document is not
Matching.When all properties information of a certain file is all consistent with the file attribute information preserved in caching, this document is just determined
File attribute matched with the file attribute preserved in caching, if the file attribute information now matched in internal memory is corresponding
File is malicious file, then the scanning result of this document is malicious file, if the file attribute information pair matched in internal memory
The file answered is non-malicious file, then the scanning result of this document is non-malicious file.
Further, file can also be scanned by way of black and white lists, passes through the blacklist pre-saved
When being scanned, the filename pre-saved in the filename and blacklist of each file in other files is compared
Compared with when the filename of some file is matched with the filename pre-saved, it is to belong to the second determination file to determine some file
Malicious file;When being scanned by the white list pre-saved, by the filename of each file in other files with
The filename pre-saved in white list is compared, when the filename of some file is matched with the filename pre-saved,
It is the non-malicious file for belonging to the second determination file to determine some file.
Wherein, white list is generally safeguarded by user in client, and the file that user will determine as non-malicious is added to
Preserved in white list, can be with information such as the filenames and file path of log file in white list;Blacklist is generally by killing
Malicious software provider is safeguarded, the malicious file of determination is added in blacklist according to monitoring and preserved.
In the embodiment of the present invention, the object of scanning can include PE type files, and PE class files typically refer to Windows behaviour
Make the program file in system, common PE type files include executable file, dynamic link library file, object type and expanded
The type files such as component.Sweep object also includes various non-PE class files, for example, application program temporary file, history accesses trace
Mark etc..
The scanning position information of the sweep object includes desktop, and my document, download directory is soft based on instant messaging
The file that part and/or Email are received, and/or, external storage equipment;Wherein, the download directory, based on instant messaging
The scanning position information for the file that software and/or Email are received, is obtained by being read from the configuration file of corresponding software
;The scanning position information of the external storage equipment, by being initiated by the application programming interfaces api function of operating system with working as
The inquiry of the connected external storage equipment of preceding equipment is obtained;The file format information includes executable file, and/or,
OFFICE documents.
For example, sweep object mark and corresponding scanning position information as shown in the following Table 1 can be included;And, such as
Sweep object mark and corresponding file format information shown in table 2 below.
Table 1:
Wherein, the download directory, the scan position of the file received based on MSN and/or Email
Information, is obtained by being read from the configuration file of corresponding software;The scanning position information of the external storage equipment, by by
The inquiry that the application programming interfaces api function of operating system initiates the external storage equipment being connected with current device is obtained.
Table 2:
| Sweep object is identified | File format information |
| Executable file | .exe file |
| OFFICE documents | .doc file .xls files .ppt files .vso files |
Certainly, the file format information of above-mentioned OFFICE documents is solely for example, and those skilled in the art are according to actual
Situation is arbitrarily set, for example, it is also possible to file format .docx files more than 2007 versions including office documents,
.xlsx file .pptx files, the file format information, the invention is not limited in this regard such as .vsox files.
In the present embodiment, the document location for the user's frequent operation that can be shown for user behavior information and/
Or the information of file format, generate corresponding specific sweep object.For example, in nearest 5 days, user frequently downloads from the Internet soft
Part, then generation includes the specific sweep object of " download directory ";Or such as, in nearest 5 days, user frequently reads and writes " my text
Shelves ", then generation includes the specific sweep object of " my document ";Or such as, in nearest 5 days, user has handled substantial amounts of WORD
With PPT files, then generation includes the specific sweep object of " OFFICE documents ".On " download directory ", " my document ",
The explanation of " OFFICE documents " may be referred to the content shown in above-mentioned Tables 1 and 2, and the present invention will not be repeated here.
The scanning performed according to sweep object potential risk that may be present includes:Leak attacker scanning, it is compacted
Worm virus scan, Rootkit scannings, spyware scanning, wooden horse scanning, ad ware scanning, infectious virus scanning, and/
Or scan for malware.
Multiple Anti- Virus Engines are potentially included in virus scanning program, for example, BitDefender Anti- Virus Engines, small red
Umbrella Anti- Virus Engine, cloud killing engine and QVM (Qihoo Virtual Machine, artificial intelligence engine) engine.Deng.Each
Scanning engine can have the advantages that it is each different, for example, scanning engine A advantage is that committed memory is smaller, scanning engine B
Advantage be sweep speed than very fast;Scanning engine C is good at scanning imaging system file, and scanning engine D is good at the non-program file of scanning,
Etc..It should be noted that the characteristics of for some non-paradoxes, a variety of advantages may be concentrated on a scanning engine, example
Such as, it is the characteristics of scanning engine A:Committed memory is small and is good at non-program file of scanning, etc..
Partial document could may finally be confirmed to be virus document after the scanning of multiple Anti- Virus Engines.This
When, to any one Anti- Virus Engine, need the behavior for scanning each file to generate a corresponding scan task for the engine.
At the same time it can also pre-save the corresponding Call Condition of each scanning engine.Namely scanning engine can be pre-set adjusted with it
With the corresponding relation between condition.When implementing, the Call Condition is specifically as follows:It can be got in computer system
Various possible characteristic informations.Specifically, characteristic information can be including the software environment information in computer system, hardware environment
Information, type of protection and file type to be scanned etc..Wherein, software environment information, as its name suggests, can include calculating
The operating system of machine, the antivirus software installed etc.;Hardware environment information can include memory size, the CPU of computer
Processing speed etc..Type of protection can be divided into two kinds of real-time protection and manual scanning, generally can select or change anti-by user
Protect type:For example, the type of protection of antivirus software acquiescence can be real-time protection, if user does not receive this type of protection,
Real-time protection can will be closed, when needing to be scanned, then manually boot scanning process.On file type to be scanned,
Plurality of classes can be obtained according to different sorting techniques, for example, from whether being program file angle, program file can be divided into
And non-program file, being further divided into multimedia file (can also wherein include video, sound from file coding format angularly
Frequency etc.) and text, from the angle of file size, it is further divided into mass file and small files, etc..
Specifically when preserving corresponding relation, if characteristic information is the information of enumeration type, it can directly preserve scanning and draw
Hold up the corresponding relation between characteristic information.For example, type of protection can include two kinds of real-time protection and manual scanning, then can be with
Which corresponding scanning engine is when preserving real-time protection, and which corresponding scanning engine is during manual scanning;File type can
, then can be with the corresponding scanning engine of save routine file, and non-program file pair with including program file and non-program file
The scanning engine answered;Etc..And if the characteristic information obtained is the hardware loops such as the memory size of computer, CPU processing speeds
Environment information, then can preserve the corresponding relation between characteristic information and scanning engine by the way of quantifying.For example, when internal memory is small
When certain is preset, correspond to certain scanning engine, internal memory be more than this it is preset when, then correspond to another scanning engine;Or, when CPU processing
Speed be more than certain it is preset when, correspond to certain scanning engine, less than this it is preset when, then correspond to another scanning engine, etc..
In the embodiment of the present invention, the management to scan task can be realized by scan task queue, in favor of follow-up step
To scanning thread distribution task in rapid, for example, can be according to average time-consuming, occupation condition of each scan task etc. to sweeping
Retouch task ranking.
When file needs to be scanned by multiple Anti- Virus Engines, it can be built for different Anti- Virus Engines
Vertical different task queue, or all scan tasks are added in a total task queue, and sub- team is set up wherein
Row, each subqueue one Anti- Virus Engine of correspondence and the one or more threads related to the engine.
Step S203, judges whether the number of the scan task in scan task queue is more than or equal to of scanning thread
Number.If it is, performing step S204, otherwise, step S205 is performed.
File to be scanned is scanned through at least one Anti- Virus Engine, after confirming as virus document or non-viral file,
The scan task related to this document is completed, and these scan tasks are removed from scan task queue.In scanning process, scanning
Process may also add new scan task into scan task queue.Therefore, the scan task number in scan task queue is
Dynamically.Accordingly, it is necessary to which scan task is dynamically assigned into multiple scanning threads.
Step S204, is that each scanning thread distributes at least one scan task.
For example, scan task number is q1 in Current Scan task queue, scanning Thread Count is m, wherein, q1 is more than m, then first
First m scan task is taken out from scan task queue, is sequentially allocated to m scanning thread, then, goes to step S203,
Judge remaining scan task number q2 in scan task queue, it is assumed that during this, scan procedure is no longer to scan task queue
Middle addition task, then q2=q1-m, if q2 is still more than or equal to m, repeat step S204, otherwise, performs step S205.
Step S205, whole scan tasks in scan task queue is distributed to selected partial scan thread.
At this moment, the number of tasks in scan task queue is less than scanning Thread Count, can only selected part scanning thread perform it is surplus
Remaining whole scan tasks.The specific method of salary distribution can depend on the circumstances, for example, as described in step s 102, according to
The average of scan task is taken, and occupation condition is ranked up to the scan task in queue, then can be appointed residue scanning
Longer scan task is taken in business and distributes to the time-consuming shorter scanning thread of history general assignment, with the consumption of averagely each scanning thread
When, more fully utilize resource.
Step S206, after the completion of all scan tasks in scan task queue are performed, discharges all scanning threads.
Scanning thread is obtained after scan task from scan task queue, and performing virus to the file in scan task sweeps
Retouch.Scanning thread performs virus scan and specifically included:Thread is scanned to verify the characteristic information of file and this document in packet
Characteristic information matched, if matching, it is determined that file is not virus document;If mismatching, it is determined that the file is disease
Malicious file.
The characteristic information that 4 dimensions can be carried out to the file in scan task is matched, 4 dimensions and its preferential suitable
Sequence is:File size, filemodetime, filename CRC (CRC) values and content match information.To characteristic information
Matching by above-mentioned priority carry out.First, by the file size of scanned document with verifying the file recorded in packet
Size is matched, if the match is successful, this document directly is confirmed as into virus, it is not necessary to carry out filemodetime and its
The matching of his characteristic information dimension.If file size can the match is successful, then by the matching dimensionality of next priority, i.e. this article
The filemodetime of part is with verifying that the modification time of packet is matched.If the match is successful, this document is confirmed as into virus,
The matching of follow-up dimension is no longer carried out, if the match is successful, proceeds the matching of lower dimension.Other follow-up dimensions are done
Identical processing.If all the match is successful for 4 dimensions, this document is confirmed as into non-viral file.
After the completion of all scan tasks, corresponding API (application programming interfaces) function in scan procedure calling system, release
All scanning threads and its shared resource.
The method provided according to the above embodiment of the present invention, after scan procedure is initiated, according to the CPU core number of device for multi-core,
Multiple scanning threads performed parallel that number is more than or equal to equipment CPU core number are created, transfer to multiple core cpus to carry out respectively
Processing;The behavior that each Anti- Virus Engine is scanned into each file generates a corresponding scan task, and by the scanning of generation
Task is added in scan task queue;Then, the scanning in scan task queue is distributed to described according to certain Regular Task
Thread is scanned, scanning thread performs virus scan by way of characteristic information is matched;And after the completion of whole scan tasks, release
Put all scan procedures.According to the program, the quantity of scanning thread is not less than equipment CPU core number, therefore, it is possible to ensure all CPU
Core is in busy state, and using the method in the present embodiment, the distribution of scan task is more uniform, more fully utilizes system
Resource, multiple scanning threads are performed parallel in different CPU cores, further increase sweep speed.In addition, multi engine scanning side
Formula and the method for various dimensions characteristic information matching also can more accurately determine virus document.
Fig. 3 shows the virus scan device of device for multi-core according to an embodiment of the invention, as shown in figure 3, the dress
Put including:Thread creation module 21, task generation module 22 and distribute module 23.
Thread creation module 21 is suitable to create multiple scanning threads, of scanning thread according to the CPU core number of device for multi-core
CPU core number of the number more than or equal to device for multi-core.
When virus scanning program initiates scan procedure, the hardware resource including equipment CPU core number usually can be obtained
Information.In device for multi-core, generally multiple scan tasks are scanned with multithreading, multiple threads transfer to multiple CPU
Core is respectively processed.In the present invention, equipment CPU is made full use of to realize, the scanning that thread creation module 21 is created
The number of thread should be more than or equal to CPU core number, so, when scan task is enough, and each CPU core can participate in scanning
Thread process.
In multiple scanning threads that thread creation module 21 is created, a core of each scanning thread distribution in CPU
On, multiple scanning thread parallels are performed.
Alternatively, if the CPU core number of the equipment of operation virus scanning program is n, thread creation module 21 creates 2n+
1 scanning thread.
Task generation module 22 is suitable to according to the multiple scan tasks of one or more file generateds to be scanned, is swept multiple
The task of retouching is added in scan task queue.
Scanning thread is used as main sweep object using file.In scanning process, task generation module 22 is each to wait to sweep
At least one scan task of the file generated retouched.Task generation module 22 needs to enter multiple scan tasks with a kind of data structure
Row management, this is generally realized by queue, and completed scan task is deleted from front end, and newly-generated scan task is from team
Tail is inserted.
Task generation module 22 can generate scan task to PE type files, and PE class files typically refer to Windows behaviour
Make the program file in system, common PE type files include executable file, dynamic link library file, object type and expanded
The type files such as component.Task generation module 22 can also be various non-PE class files generation scan tasks, for example, application program
Temporary file, history accesses vestige etc..
Multiple Anti- Virus Engines are potentially included in virus scanning program, for example, BitDefender Anti- Virus Engines, small red
Umbrella Anti- Virus Engine, cloud killing engine etc..Partial document may could final quilt after the scanning of multiple Anti- Virus Engines
Confirm as virus document.At this moment, to any one Anti- Virus Engine, task generation module 22 is that the engine needs to scan each text
The behavior of part generates a corresponding scan task.
When scan task is added in scan task queue by task generation module 22, it is possible to use scan task queue is real
Now to the management of scan task, in favor of in subsequent step to scanning thread distribution task, for example, task generation module 22 can be with
Average time-consuming, occupation condition according to each scan task etc. sorts to scan task.
When file needs to be scanned by multiple Anti- Virus Engines, task generation module 22 can be difference
Anti- Virus Engine set up different task queues, or all scan tasks are added in a total task queue, and
Subqueue, each subqueue one Anti- Virus Engine of correspondence and the one or more lines related to the engine are set up wherein
Journey.
Distribute module 23 is suitable to the scan task in scan task queue distributing to the scanning thread, is swept for described
Retouch thread and perform virus scan.
File to be scanned is scanned through at least one Anti- Virus Engine, be confirmed to be virus document or non-viral file it
Afterwards, the scan task related to this document performs completion, and corresponding scan task is also removed from scan task queue.Sweeping
During retouching, task generation module 22 is also possible into scan task queue add new scan task, namely scan task team
Scan task number in row is dynamic.Accordingly, distribute module 23 needs scan task being dynamically assigned to multiple scannings
Thread.Therefore, the present apparatus further comprises:Whether judge module 24 is big suitable for judging the scan task in scan task queue
In or equal to scanning thread number.
Distribute module 23 is further adapted for:The scan task judged in judge module 24 in scan task queue be more than or
It is that each scanning thread distributes at least one scan task during equal to the number for scanning thread;Judge to sweep in judge module 24
When retouching the scan task in task queue less than the number for scanning thread, whole scan tasks in scan task queue are distributed
To selected partial scan thread.
For example, judge module 24 detects that scan task number is q1 in Current Scan task queue, scanning Thread Count is m,
Wherein, q1 is more than m, then distribute module 23 first takes out m scan task from scan task queue, is sequentially allocated to m
Thread is scanned, then, judge module 24 continues to detect remaining scan task number q2 in scan task queue, it is assumed that this process
In, scan procedure no longer adds task into scan task queue, then q2=q1-m, if it is determined that module 24 detects q2 still
More than or equal to m, then repeatedly said process;If it is determined that module 24 detects the task that q2 is less than in m, i.e. scan task queue
Number is less than scanning Thread Count, then distribute module 23 can only the remaining whole scan tasks of selected part scanning thread execution.Specifically
The method of salary distribution can depend on the circumstances, for example, distribute module 23 can be according to the average time-consuming of scan task, occupation condition pair
Scan task in queue is ranked up, and longer scan task will be taken in remaining scan task and distributes to history general assignment consumption
When shorter scanning thread, with the time-consuming of averagely each scanning thread.
Distribute module 23 distributes to scan task after scanning thread, and scanning thread starts to hold the file in scan task
Row scanning, this can be carried out by way of characteristic matching, therefore virus scan device also includes matching module 26, suitable for by text
The characteristic information of part verifies that the characteristic information in packet is matched with this document, if matching, it is determined that this document is not disease
Poison;If mismatching, this document is defined as virus.
Further, matching module 26 can carry out the matching of 4 dimensions, institute to the file feature information in scan task
State 4 dimensions and its priority is:File size, filemodetime, filename CRC (CRC) values and content
Match information.Matching of the matching module 26 to characteristic information is carried out by above-mentioned priority.First, matching module 26 will be scanned
The file size of file is matched with the file size recorded in checking packet, if the match is successful, directly by this article
Part confirms as virus, it is not necessary to carry out the matching of filemodetime and other characteristic information dimensions.If file size can
The match is successful, then carries out the modification of the matching of next priority dimension, the i.e. filemodetime of this document and checking packet
Time match.If the match is successful, this document is confirmed as into virus, the matching of follow-up dimension is no longer carried out, if matched into
Work(, proceeds the matching of lower dimension.Identical processing is done to other follow-up dimensions.If matching module 26 is to file
4 dimensions all successful match, then confirm as non-viral file by this document.
Virus scan device also includes removing module 25, has been performed suitable for all scan tasks in scan task queue
Cheng Hou, discharges all scanning threads.
For example, after the completion of all scan tasks in scan task queue, removing corresponding API in the calling system of module 25
(application programming interfaces) function, discharges all scanning threads and its shared resource.
The device provided according to the above embodiment of the present invention, thread creation module is created according to the CPU core number of device for multi-core
Number is more than or equal to multiple scanning threads performed parallel of equipment CPU core number, and task generation module is according to be scanned one
Scan task is simultaneously added in scan task queue by individual or multiple multiple scan tasks of file generated, and then distribute module will be swept
Retouch the scan task in task queue and distribute to scanning thread, so that scanning thread performs virus scan.According to the program, scanning
The quantity of thread is not less than equipment CPU core number, therefore, it is possible to ensure that all CPU cores are in busy state, is sufficiently used
System resource, multiple scanning threads are performed parallel in different CPU cores, further increase sweep speed.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein.
Various general-purpose systems can also be used together with based on teaching in this.As described above, construct required by this kind of system
Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It is understood that, it is possible to use it is various
Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair
Bright preferred forms.
In the specification that this place is provided, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention
Example can be put into practice in the case of these no details.In some instances, known method, structure is not been shown in detail
And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help to understand one or more of each inventive aspect, exist
Above in the description of the exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes
In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:It is i.e. required to protect
The application claims of shield features more more than the feature being expressly recited in each claim.More precisely, such as following
Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore,
Thus the claims for following embodiment are expressly incorporated in the embodiment, wherein each claim is in itself
All as the separate embodiments of the present invention.
Those skilled in the art, which are appreciated that, to be carried out adaptively to the module in the equipment in embodiment
Change and they are arranged in one or more equipment different from the embodiment.Can be the module or list in embodiment
Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or
Sub-component.In addition at least some in such feature and/or process or unit exclude each other, it can use any
Combination is disclosed to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so to appoint
Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power
Profit is required, summary and accompanying drawing) disclosed in each feature can or similar purpose identical, equivalent by offer alternative features come generation
Replace.
Although in addition, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments
In included some features rather than further feature, but the combination of the feature of be the same as Example does not mean in of the invention
Within the scope of and form different embodiments.For example, in the following claims, times of embodiment claimed
One of meaning mode can be used in any combination.
The present invention all parts embodiment can be realized with hardware, or with one or more processor run
Software module realize, or realized with combinations thereof.It will be understood by those of skill in the art that can use in practice
Microprocessor or digital signal processor (DSP) realize the virus scan device of device for multi-core according to embodiments of the present invention
In some or all parts some or all functions.The present invention is also implemented as described herein for performing
The some or all equipment or program of device (for example, computer program and computer program product) of method.So
Realization the present invention program can store on a computer-readable medium, or can have one or more signal shape
Formula.Such signal can be downloaded from internet website and obtained, and either be provided or with any other shape on carrier signal
Formula is provided.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability
Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims,
Any reference symbol between bracket should not be configured to limitations on claims.Word "comprising" is not excluded the presence of not
Element listed in the claims or step.Word "a" or "an" before element does not exclude the presence of multiple such
Element.The present invention can be by means of including the hardware of some different elements and coming real by means of properly programmed computer
It is existing.In if the unit claim of equipment for drying is listed, several in these devices can be by same hardware branch
To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and run after fame
Claim.
The invention discloses:A1, a kind of device for multi-core virus scan method, including:
According to the CPU core number of the device for multi-core, multiple scanning threads are created, the number of the scanning thread is more than or waited
In the CPU core number of the device for multi-core;
According to the multiple scan tasks of one or more file generateds to be scanned, the multiple scan task is added to and swept
Retouch in task queue;
Scan task in scan task queue is distributed into the scanning thread, so that the scanning thread performs virus
Scanning.
A2, the method according to A1, the multiple scanning thread parallel operation.
A3, the method according to A1, each file will be scanned by multiple Anti- Virus Engines;
It is described to be specifically included according to the multiple scan tasks of one or more file generateds to be scanned:Each anti-virus is drawn
Hold up the corresponding scan task of behavior generation for scanning each file.
A4, the method according to A1, the scan task in the queue by scan task distribute to the scanning thread
Including:
Judge whether the scan task in the scan task queue is more than or equal to the number of scanning thread;
If so, distributing at least one scan task for each scanning thread;
Otherwise, whole scan tasks in the scan task queue are distributed to selected partial scan thread.
A5, any method according to A1-A4, the CPU core number according to device for multi-core create multiple scannings
Thread is specially:2n+1 scanning thread is created, wherein n is the CPU core number of the device for multi-core.
A6, the method according to A1, also include:All scan tasks in the scan task queue perform completion
Afterwards, all scanning threads are discharged.
A7, any method according to A1-A6, the scanning thread perform virus scan and specifically included:
The characteristic information of file and this document are verified that the characteristic information in packet is matched by scan procedure, if
Match somebody with somebody, it is determined that the file is not virus;If mismatching, it is determined that the file is virus.
A8, the method according to A7, the priority that the characteristic information is matched are followed successively by:File size, text
Part modification time, filename cyclic redundancy check value and content match information.
The invention also discloses:B9, a kind of device for multi-core virus scan device, including:
Thread creation module, suitable for creating multiple scanning threads, the scan line according to the CPU core number of the device for multi-core
The number of journey is more than or equal to the CPU core number of the device for multi-core;
Task generation module, will be described more suitable for according to the multiple scan tasks of one or more file generateds to be scanned
Individual scan task is added in scan task queue;
Distribute module, suitable for the scan task in scan task queue is distributed into the scanning thread, sweeps for described
Retouch thread and perform virus scan.
B10, the device according to B9, the multiple scanning threads run parallel of the thread creation module creation.
B11, the device according to B9, each file will be scanned by multiple Anti- Virus Engines;
The task generation module is further adapted for:The behavior that each Anti- Virus Engine is scanned into each file generates correspondence
A scan task.
B12, the device according to B9, also include:Judge module, suitable for judging the scan task in scan task queue
Whether the number of scanning thread is more than or equal to;
The distribute module is further adapted for:Judge that the scan task in scan task queue is big in the judge module
It is that each scanning thread distributes at least one scan task when scanning the number of thread;Sentence in the judge module
When the scan task in scan task queue of breaking is less than the number of scanning thread, the whole in the scan task queue is swept
The task of retouching distributes to selected partial scan thread.
B13, any device according to B9-B12, the thread creation module are further adapted for creating 2n+1
Thread is scanned, wherein n is the CPU core number of the device for multi-core.
B14, the device according to B9, also include:Module is removed, is appointed suitable for all scannings in scan task queue
After the completion of business is performed, all scanning threads are discharged.
B15, any device according to B9-B14, also include:Matching module, suitable for by the characteristic information of file
Verify that the characteristic information in packet is matched with this document, if matching, it is determined that the file is not virus;If not
Match somebody with somebody, it is determined that the file is virus.
B16, the device according to B15, the matching module are further adapted for believing feature according to following priority
Breath is matched:File size, filemodetime, filename cyclic redundancy check value and content match information.
Claims (14)
1. a kind of virus scan method of device for multi-core, including:
According to the CPU core number of the device for multi-core, multiple scanning threads are created, the number of the scanning thread is more than the multinuclear
The CPU core number of equipment;
According to the multiple scan tasks of one or more file generateds to be scanned, the multiple scan task is added to scanning and appointed
It is engaged in queue;Wherein, partial document will be scanned by multiple Anti- Virus Engines, be that different Anti- Virus Engines set up difference
Task queue;The corresponding relation between Anti- Virus Engine and its Call Condition is pre-set, each Anti- Virus Engine is scanned
The behavior of each file generates a corresponding scan task;The Call Condition is:Software environment letter in computer system
Breath, hardware environment information, type of protection and file type to be scanned;Wherein, the use shown for user behavior information
The document location of family frequent operation and/or the information of file format, generate corresponding specific sweep object;
Scan task in scan task queue is distributed into the scanning thread, swept so that the scanning thread performs virus
Retouch.
2. according to the method described in claim 1, the multiple scanning thread parallel operation.
3. according to the method described in claim 1, the scan task in the queue by scan task distributes to the scan line
Journey includes:
Judge whether the scan task in the scan task queue is more than or equal to the number of scanning thread;
If so, distributing at least one scan task for each scanning thread;
Otherwise, whole scan tasks in the scan task queue are distributed to selected partial scan thread.
4. the method according to any one of claim 1-3, the CPU core number according to device for multi-core, create multiple sweep
Retouching thread is specially:2n+1 scanning thread is created, wherein n is the CPU core number of the device for multi-core.
5. according to the method described in claim 1, also include:All scan tasks in the scan task queue have been performed
Cheng Hou, discharges all scanning threads.
6. the method according to any one of claim 1-3, the scanning thread performs virus scan and specifically included:
The characteristic information of file and this document are verified that the characteristic information in packet is matched by scan procedure, if matching,
It is not virus to determine the file;If mismatching, it is determined that the file is virus.
7. method according to claim 6, the priority that the characteristic information is matched is followed successively by:File size,
Filemodetime, filename cyclic redundancy check value and content match information.
8. a kind of virus scan device of device for multi-core, including:
Thread creation module, suitable for creating multiple scanning threads according to the CPU core number of the device for multi-core, the scanning thread
Number is more than or equal to the CPU core number of the device for multi-core;
Task generation module, suitable for according to the multiple scan tasks of one or more file generateds to be scanned, being swept the multiple
The task of retouching is added in scan task queue;Wherein, partial document will be scanned by multiple Anti- Virus Engines, be different
Anti- Virus Engine sets up different task queues;The corresponding relation between Anti- Virus Engine and its Call Condition is pre-set, will
The behavior that each Anti- Virus Engine scans each file generates a corresponding scan task;The Call Condition is:Computer
Software environment information, hardware environment information, type of protection and file type to be scanned in system;Wherein, for user's row
The document location and/or the information of file format of the user's frequent operation shown by information, generate corresponding specific scanning
Object;
Distribute module, suitable for the scan task in scan task queue is distributed into the scanning thread, for the scan line
Cheng Zhihang virus scans.
9. device according to claim 8, the multiple scanning threads run parallel of the thread creation module creation.
10. device according to claim 8, also includes:Judge module, suitable for judging that the scanning in scan task queue is appointed
Whether business is more than or equal to the number of scanning thread;
The distribute module is further adapted for:The scan task judged in the judge module in scan task queue be more than or
It is that each scanning thread distributes at least one scan task during equal to the number for scanning thread;Judge in the judge module
When scan task in scan task queue is less than the number of scanning thread, whole scannings in the scan task queue are appointed
Selected partial scan thread is distributed in business.
11. any device according to claim 8-10, the thread creation module is further adapted for creating 2n+1
Individual scanning thread, wherein n is the CPU core number of the device for multi-core.
12. device according to claim 8, also includes:Module is removed, suitable for all scannings in scan task queue
After the completion of tasks carrying, all scanning threads are discharged.
13. any device according to claim 8-10, also includes:Matching module, suitable for the feature of file is believed
Cease and verify that the characteristic information in packet is matched with this document, if matching, it is determined that the file is not virus;If not
Match somebody with somebody, it is determined that the file is virus.
14. device according to claim 13, the matching module is further adapted for according to following priority to feature
Information is matched:File size, filemodetime, filename cyclic redundancy check value and content match information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310535046.9A CN103559443B (en) | 2013-11-01 | 2013-11-01 | The virus scan method and apparatus of device for multi-core |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310535046.9A CN103559443B (en) | 2013-11-01 | 2013-11-01 | The virus scan method and apparatus of device for multi-core |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103559443A CN103559443A (en) | 2014-02-05 |
| CN103559443B true CN103559443B (en) | 2017-07-14 |
Family
ID=50013689
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310535046.9A Active CN103559443B (en) | 2013-11-01 | 2013-11-01 | The virus scan method and apparatus of device for multi-core |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103559443B (en) |
Families Citing this family (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103841196B (en) * | 2014-03-07 | 2017-05-17 | 长沙裕邦软件开发有限公司 | File uploading system and method based on multithreading |
| CN105320555B (en) * | 2014-06-17 | 2019-05-24 | 腾讯科技(深圳)有限公司 | The method and device of task is executed at the terminal |
| CN105224856A (en) * | 2014-07-02 | 2016-01-06 | 腾讯科技(深圳)有限公司 | Computer system detection method and device |
| US9141431B1 (en) * | 2014-10-07 | 2015-09-22 | AO Kaspersky Lab | System and method for prioritizing on access scan and on demand scan tasks |
| CN104408369A (en) * | 2014-10-24 | 2015-03-11 | 腾讯科技(深圳)有限公司 | Scanning method and device |
| CN105791614B (en) * | 2014-12-24 | 2019-05-10 | 深圳Tcl数字技术有限公司 | File scanning method and terminal |
| CN104899097A (en) * | 2015-04-17 | 2015-09-09 | 杭州华三通信技术有限公司 | Thread allocation quantity calculating method and apparatus |
| CN105718799B (en) * | 2015-09-10 | 2020-07-14 | 哈尔滨安天科技集团股份有限公司 | Method and system for identifying file overflow vulnerability |
| CN107203552B (en) | 2016-03-17 | 2021-12-28 | 阿里巴巴集团控股有限公司 | Garbage recovery method and device |
| CN107800690B (en) * | 2017-10-09 | 2021-07-06 | 西安交大捷普网络科技有限公司 | Task allocation method of distributed vulnerability scanning system |
| CN108052826B (en) * | 2017-12-20 | 2019-10-25 | 北京明朝万达科技股份有限公司 | Distributed sensitive data scan method and system based on anti-data-leakage terminal |
| CN108009430B (en) * | 2017-12-22 | 2020-04-10 | 北京明朝万达科技股份有限公司 | Sensitive data rapid scanning method and device |
| CN110941478B (en) * | 2018-09-21 | 2024-03-01 | 北京奇虎科技有限公司 | Execution method and device of file scanning task and computing equipment |
| CN109976891B (en) * | 2019-03-28 | 2020-11-03 | 北京网聘咨询有限公司 | Server task processing method based on task thread configuration |
| CN110333911A (en) * | 2019-07-04 | 2019-10-15 | 北京迈格威科技有限公司 | A kind of file packet read method and device |
| CN112214765A (en) * | 2020-09-29 | 2021-01-12 | 珠海豹好玩科技有限公司 | Virus checking and killing method and device, electronic equipment and storage medium |
| CN112199679B (en) * | 2020-09-29 | 2024-07-19 | 珠海豹好玩科技有限公司 | Virus checking and killing method and device under Linux system |
| CN112565366B (en) * | 2020-11-27 | 2022-11-08 | 平安普惠企业管理有限公司 | Distributed file importing method, device, equipment and storage medium |
| CN114301627A (en) * | 2021-11-29 | 2022-04-08 | 北京天融信网络安全技术有限公司 | Uploaded file security scanning method and device and computer readable storage medium |
| CN118036007B (en) * | 2024-04-15 | 2024-09-10 | 建信金融科技有限责任公司 | Virus scanning method, system, scanner and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102279917A (en) * | 2011-09-19 | 2011-12-14 | 奇智软件(北京)有限公司 | Multi-antivirus engine parallel antivirus method and system |
| CN102346827A (en) * | 2011-09-19 | 2012-02-08 | 奇智软件(北京)有限公司 | Method and device for handling computer viruses |
| CN102722417A (en) * | 2012-06-07 | 2012-10-10 | 腾讯科技(深圳)有限公司 | Distribution method and device for scan task |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7540027B2 (en) * | 2005-06-23 | 2009-05-26 | International Business Machines Corporation | Method/system to speed up antivirus scans using a journal file system |
| US9235703B2 (en) * | 2005-09-30 | 2016-01-12 | Lenovo Enterprise Solutions (Singapore) Pte. Ltd. | Virus scanning in a computer system |
| CN101685486B (en) * | 2008-09-23 | 2011-12-07 | 联想(北京)有限公司 | Virus killing method and virus killing system with multiple antivirus engines |
| CN101719208B (en) * | 2009-12-07 | 2012-12-05 | 珠海市君天电子科技有限公司 | Method and device for automatically extracting characteristics of virus file |
| CN102970272B (en) * | 2011-09-01 | 2015-05-20 | 腾讯科技(深圳)有限公司 | Method, device and cloud server for detesting viruses |
-
2013
- 2013-11-01 CN CN201310535046.9A patent/CN103559443B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102279917A (en) * | 2011-09-19 | 2011-12-14 | 奇智软件(北京)有限公司 | Multi-antivirus engine parallel antivirus method and system |
| CN102346827A (en) * | 2011-09-19 | 2012-02-08 | 奇智软件(北京)有限公司 | Method and device for handling computer viruses |
| CN102722417A (en) * | 2012-06-07 | 2012-10-10 | 腾讯科技(深圳)有限公司 | Distribution method and device for scan task |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103559443A (en) | 2014-02-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103559443B (en) | The virus scan method and apparatus of device for multi-core | |
| US10997307B1 (en) | System and method for clustering files and assigning a property based on clustering | |
| US9348998B2 (en) | System and methods for detecting harmful files of different formats in virtual environments | |
| KR101693370B1 (en) | Fuzzy whitelisting anti-malware systems and methods | |
| US8424093B2 (en) | System and method for updating antivirus cache | |
| US9477835B2 (en) | Event model for correlating system component states | |
| CN102982121B (en) | A kind of file scanning method, file scanning device and file detection system | |
| US8914889B2 (en) | False alarm detection for malware scanning | |
| US8621634B2 (en) | Malware detection based on a predetermined criterion | |
| US20130145471A1 (en) | Detecting Malware Using Stored Patterns | |
| EP2784715B1 (en) | System and method for adaptive modification of antivirus databases | |
| EP1977523A2 (en) | Forgery detection using entropy modeling | |
| US7543334B2 (en) | Update status alerting for a malware scanner | |
| US11288368B1 (en) | Signature generation | |
| CN102346827B (en) | Method and device for handling computer viruses | |
| CN104217165B (en) | The processing method of file and device | |
| US20200412740A1 (en) | Methods, devices and systems for the detection of obfuscated code in application software files | |
| US8448243B1 (en) | Systems and methods for detecting unknown malware in an executable file | |
| CN103679027A (en) | Searching and killing method and device for kernel level malware | |
| US11397812B2 (en) | System and method for categorization of .NET applications | |
| CN106203105B (en) | File management method and device | |
| US11481491B2 (en) | Managing virus scanning of container images | |
| CN102999722B (en) | File detection system | |
| US9648025B1 (en) | Using space-filling curves to fingerprint data | |
| WO2023196090A1 (en) | Anomalous activity detection in container images |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220718 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right |