CN104462601B - File scanning method, device and system - Google Patents

File scanning method, device and system Download PDF

Info

Publication number
CN104462601B
CN104462601B CN201410854196.0A CN201410854196A CN104462601B CN 104462601 B CN104462601 B CN 104462601B CN 201410854196 A CN201410854196 A CN 201410854196A CN 104462601 B CN104462601 B CN 104462601B
Authority
CN
China
Prior art keywords
file
scanned
specified segment
cloud server
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410854196.0A
Other languages
Chinese (zh)
Other versions
CN104462601A (en
Inventor
汪圣平
杨晓东
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qax Technology Group Inc
Original Assignee
Beijing Qianxin Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qianxin Technology Co Ltd filed Critical Beijing Qianxin Technology Co Ltd
Priority to CN201410854196.0A priority Critical patent/CN104462601B/en
Publication of CN104462601A publication Critical patent/CN104462601A/en
Priority to PCT/CN2015/094707 priority patent/WO2016107309A1/en
Application granted granted Critical
Publication of CN104462601B publication Critical patent/CN104462601B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a file scanning method, device and system, and relates to the technical field of information security. The file scanning method, device and system aim at achieving the efficient cloud engine electronic file searching and killing. According to the main technical scheme, when a file to be scanned is uploaded to a cloud server so that searching and killing can be conducted, a client-side can upload a segment, containing the file type, of the file first according to the indication of the cloud server, the cloud server analyses the segment to determine the type of the file, the position of the file segment uploaded by the client-side is determined according to the type of the file, the client-side is indicated to only send the file segment which may contain security problems to the cloud server according to the indication of the cloud server so that searching and killing can be conducted, and security of the file is confirmed. The file scanning method, device and system are mainly used for the cloud searching and killing process of the file.

Description

File scanning method, apparatus and system
Technical field
The present invention relates to a kind of field of information security technology, more particularly to a kind of file scanning method, apparatus and system.
Background technology
The popularization used with computer, a kind of new type file-e-file are born.E-file is by electronic computer Generating and processing, its information is recorded and represented with binary digital code, and which is tape, disk, light to be recorded in code form The carriers such as disk, rely on computer system access the file that can be transmitted on a communication network.The safety of e-file is most important. Local engine and cloud engine are generally divided into currently for the killing engine of e-file.Wherein, local engine locally to electronics File is scanned;Cloud engine is needed files passe cloud server, e-file is scanned by cloud server. During using cloud engine, need whole files passe high in the clouds, the inefficiency for big file.
The content of the invention
In view of this, the present invention provides a kind of file scanning method, apparatus and system, and main purpose is to realize efficiently Cloud engine killing e-file.
According to one aspect of the invention, there is provided a kind of file scanning method, including:
File scan request is sent to cloud server;
The first instruction of the upload file to be scanned that the cloud server sends is received, described first instructs for indicating The first specified segment of file to be scanned is uploaded, first specified segment includes the type information of file;
First specified segment of the file to be scanned is uploaded to by the cloud server according to the described first instruction, with Toilet states the type that cloud server obtains file to be scanned according to first specified segment;
The second instruction of the upload file to be scanned that the cloud server sends is received, described second instructs for indicating The second specified segment of file to be scanned is uploaded, second specified segment is the cloud server according to file to be scanned The fragment of safety problem is likely to occur in the file to be scanned that type determines;
Second specified segment is uploaded to by the cloud server according to the described second instruction, so that the high in the clouds takes Business device is scanned to the content of second specified segment, determines the safety of file to be scanned.
According to another aspect of the invention, there is provided a kind of file scanning method, including:
Receive the file scan request that client sends;
The first instruction for uploading file to be scanned is sent to the client, described first instructs for indicating to upload to wait to sweep The first specified segment of file is retouched, first specified segment includes the type information of file;
The first specified segment of the client upload is received, and parsing is carried out to first specified segment and obtain described The type of file to be scanned;
Second specified segment is determined according to the type of the file to be scanned, and upload is sent to the client treat Second specified segment of scanning file second instruction, second specified segment be the file to be scanned in be likely to occur peace The fragment of full problem;
The second specified segment of the client upload is received, the content of second specified segment is scanned, really The safety of fixed file to be scanned.
According to another aspect of the invention, there is provided a kind of client, including:
Scan request transmitting element, for sending file scan request to cloud server;
First receiving unit, for receiving the first instruction of the upload file to be scanned that the cloud server sends, institute State the first instruction for indicate upload file to be scanned the first specified segment, first specified segment includes the class of file Type information;
First file transmitting element, for instructing the first specified segment of the file to be scanned according to described first The cloud server is passed to, so that the cloud server obtains the class of file to be scanned according to first specified segment Type;
Second receiving unit, for receiving the second instruction of the upload file to be scanned that the cloud server sends, institute State the second instruction for indicate upload the second specified segment of file to be scanned, second specified segment is the cloud service The fragment of safety problem is likely to occur in the file to be scanned that device is determined according to the type of file to be scanned;
Second file transmitting element, for second specified segment is uploaded to the high in the clouds according to the described second instruction Server, so that the cloud server is scanned to the content of second specified segment, determines the peace of file to be scanned Quan Xing.
According to another aspect of the invention, there is provided a kind of cloud server, including:
Scan request receiving unit, for receiving the file scan request of client transmission;
First transmitting element, for the first instruction for uploading file to be scanned is sent to the client, described first refers to Make for indicating to upload the first specified segment of file to be scanned, first specified segment includes the type information of file;
First receiving unit, for receiving the first specified segment of the client upload, and specifies piece to described first Duan Jinhang parsings obtain the type of the file to be scanned;
Determining unit, for determining second specified segment according to the type of the file to be scanned;
Second transmitting element, for the second finger of the second specified segment for uploading file to be scanned is sent to the client Order, second specified segment are the fragment that safety problem is likely to occur in the file to be scanned;
Second receiving unit, for receiving the second specified segment of the client upload, to second specified segment Content be scanned, determine the safety of file to be scanned.
According to another aspect of the invention, there is provided a kind of document scanning system, including:
Client as above;With cloud server as above.
By above-mentioned technical proposal, technical scheme provided in an embodiment of the present invention at least has following advantages:
The file scanning method of present invention offer, apparatus and system, files passe cloud server to be scanned is being entered During row killing, client can be according to a fragment comprising file type of the first transmitting file of the instruction of cloud server, high in the clouds Server is analyzed the type for determining file to the fragment, and then the file piece of client upload is determined according to the type of file The position of section, the file fragment of the position are often the fragment that the file of the type has safety problem, and client is according to high in the clouds The instruction of server only would be possible to the file fragment comprising safety problem and be sent to cloud server carry out killing.This Sample, the content of first carrying of the fragment comprising file type are less, and the flow which takes is less, and what which can be quickly is transferred to Cloud server, second file fragment that may include safety problem, for comparing whole file, which is also less amount of, Transmission in a network is also very fast, and cloud server is very fast to the killing for also mutually comparing whole file during its killing, and this Two fragments are the fragment for being likely to occur safety problem determined according to file type, so ensure that the accurate of file killing Property.To sum up, realize efficient cloud engine killing e-file.
Described above is only the general introduction of technical solution of the present invention, in order to better understand the technological means of the present invention, And can be practiced according to the content of description, and in order to allow the above and other objects of the present invention, feature and advantage can Become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of the drawings
By the detailed description for reading hereafter preferred implementation, various other advantages and benefit are common for this area Technical staff will be clear from understanding.Accompanying drawing is only used for the purpose for illustrating preferred implementation, and is not considered as to the present invention Restriction.And in whole accompanying drawing, it is denoted by the same reference numerals identical part.In the accompanying drawings:
The flow chart that Fig. 1 shows a kind of client-side file scanning method provided in an embodiment of the present invention;
The flow chart that Fig. 2 shows a kind of cloud server side file scanning method provided in an embodiment of the present invention;
The flow chart that Fig. 3 shows another kind of client-side file scanning method provided in an embodiment of the present invention;
The flow chart that Fig. 4 shows another kind of cloud server side file scanning method provided in an embodiment of the present invention;
Fig. 5 shows a kind of composition frame chart of client provided in an embodiment of the present invention;
Fig. 6 shows the composition frame chart of another kind of client provided in an embodiment of the present invention;
Fig. 7 shows the composition frame chart of another kind of client provided in an embodiment of the present invention;
Fig. 8 shows a kind of composition frame chart of cloud server provided in an embodiment of the present invention;
Fig. 9 shows the composition frame chart of another kind of cloud server provided in an embodiment of the present invention;
Figure 10 shows the composition frame chart of another kind of cloud server provided in an embodiment of the present invention;
Figure 11 shows a kind of composition frame chart of document scanning system provided in an embodiment of the present invention.
Specific embodiment
The exemplary embodiment of the disclosure is more fully described below with reference to accompanying drawings.Although the disclosure is shown in accompanying drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure and should not be by embodiments set forth here Limited.On the contrary, there is provided these embodiments are able to be best understood from the disclosure, and can be by the scope of the present disclosure Complete conveys to those skilled in the art.
The embodiment of the present invention provides a kind of file scanning method, and the method is the method that client is surveyed, as shown in figure 1, should Method includes:
101st, file scan request is sent to cloud server.
When the file of client needs to carry out killing scanning, client sends file scan request to cloud server, So that cloud server is received after this document scan request, the instruction of upper transmitting file is sent to the client.Of the invention real Apply in example, cloud server needs from client the type for obtaining file to be scanned, and determines the class file according to file type It is often which place has the safety problem easily attacked by leak or threat etc., or hacker Jing often attacks the class file Which place.Therefore, cloud server after file scan request is received sends first to client first and instructs, hold Row 102.
102nd, receive the first instruction of the upload file to be scanned that the cloud server sends, described first instructs and be used for Indicate to upload the first specified segment of file to be scanned, first specified segment includes the type information of file.
First specified segment is the fragment for including file type as above, and the fragment is typically in what file started In front several bytes, such as front 4K.Therefore, relatively large file, the byte shared by the first specified segment can typically be ignored. Therefore first specified segment transmits shared resource in a network and time for being used is all few.To a certain extent Accelerate file scan.
Wherein, the size of first specified segment, is typically based on experience setting, and for example, 4K is specifically, of the invention to implement Example is not limited to this.The byte of the 4K length be enough to state current various types of files.In addition, wherein comprising except table Show outside the byte of file type, also including the byte for representing file size and file attribute.The specific embodiment of the present invention pair This is not limited.
103rd, the first specified segment of the file to be scanned is uploaded to by the cloud service according to the described first instruction Device, so that the cloud server obtains the type of file to be scanned according to first specified segment.
Client obtains first specified segment according to first instruction, specifies piece by the first of the file to be scanned Section is uploaded to the cloud server, so that cloud server parses first specified segment, obtains the class of file to be scanned Type, and obtain the second specified segment according to the file type, and send to the client and indicate, allows which on cloud server Pass the second specified segment.
104th, receive the second instruction of the upload file to be scanned that the cloud server sends, described second instructs and be used for Indicate to upload the second specified segment of file to be scanned, second specified segment is the cloud server according to text to be scanned The fragment of safety problem is likely to occur in the file to be scanned that the type of part determines.
105th, second specified segment is uploaded to by the cloud server according to the described second instruction, so as to the cloud End server is scanned to the content of second specified segment, determines the safety of file to be scanned.
The embodiment of the present invention also provides a kind of file scanning method, method of the method for cloud server side, such as Fig. 2 institutes Show, the method includes:
201st, receive the file scan request that client sends.
202nd, the first instruction for uploading file to be scanned is sent to the client, described first instructs for indicating to upload First specified segment of file to be scanned, first specified segment include the type information of file.
With regard to the associated description of the first specified segment, description is had been carried out in 102, be will not be described in great detail herein.
203rd, the first specified segment of the client upload is received, and parsing acquisition is carried out to first specified segment The type of the file to be scanned.
204th, second specified segment is determined according to the type of the file to be scanned, and is sent to the client Pass file to be scanned the second specified segment second instruction, second specified segment be the file to be scanned in may go out The fragment of existing safety problem.
It should be noted that a type of file, there is safety problem in which, easily by often limited where attack, its Be generally present in certain or some fix where, so file is carried out killing scan when, it is only necessary to according to file Type to determine and carry out killing for some local contents of this type file, just can determine that the safety of file.The position Put and usually rule of thumb arrange, or obtained according to some rule detections, specifically, the embodiment of the present invention is not limited to this System.
205th, the second specified segment of the client upload is received, the content of second specified segment is swept Retouch, determine the safety of file to be scanned.
In the embodiment of the present invention, when files passe cloud server to be scanned is carried out killing, client can be with root According to a fragment comprising file type of the first transmitting file of the instruction of cloud server, cloud server is analyzed to the fragment Determine the type of file, and then the position of the file fragment of client upload, the file of the position are determined according to the type of file Fragment is often that the file of the type has the fragment of safety problem, and client is only would be possible to according to the instruction of cloud server File fragment comprising safety problem is sent to cloud server and carries out killing.So, first includes file type The content that fragment is carried is less, and the flow which takes is less, and what which can be quickly is transferred to cloud server, and second may bag File fragment containing safety problem, for comparing whole file, which is also less amount of, and transmission in a network is also very fast, cloud End server is very fast to the killing for also mutually comparing whole file during its killing, and second fragment is to be determined according to file type The fragment for being likely to occur safety problem, so ensure that the accuracy of file killing.To sum up, realize efficient cloud engine Killing e-file.
The embodiment of the present invention also provides a kind of file scanning method, as shown in figure 3, the method includes:
301st, client determines the size of file to be scanned;When the size of the file to be scanned is more than predetermined value, hold Row 302;When the size of the file to be scanned is less than or equal to predetermined value, 307 are performed.
It should be noted that carrying out one for file to be scanned filters detection, and when file is not very big, can Killing scanning is locally carried out in client, when file is very big, send it to cloud server, by cloud server Carry out killing scanning.When this document size threshold value is arranged, the minimum size for being typically no less than the first specified segment of the threshold value.When So, the embodiment of the present invention is not limited to this, it is also possible to less than the size of first specified segment.
302nd, file scan request is sent to cloud server.
303rd, the client receives the first of the upload file to be scanned that the cloud server sends and instructs, and described first Instruct for indicating to upload the first specified segment of file to be scanned, first specified segment includes the type letter of file Breath.
Wherein, with regard to the associated description of the first specified segment, the associated description at 102, the embodiment of the present invention be may be referred to This is not limited.
304th, the client is according to the first specified segment of the file to be scanned is uploaded to by the described first instruction Cloud server, so that the cloud server obtains the type of file to be scanned according to first specified segment.
305th, the client receives the second instruction of the uploading scanned file that the cloud server sends, and described second refers to Make for indicating to upload the second specified segment of file to be scanned, second specified segment is the cloud server according to treating The fragment of safety problem is likely to occur in the file to be scanned that the type of scanning file determines.
306th, second specified segment is uploaded to the cloud server according to the described second instruction by the client, with Toilet is stated cloud server and the content of second specified segment is scanned, and determines the safety of file to be scanned.
Wherein, cloud server directly specifies specific fragment when the second specified segment is indicated, sometimes, sometimes Wait the side-play amount for then indicating relative first specified segment.When specific fragment is directly specified, client direct access is corresponding The fragment is uploaded to cloud server by fragment.Refer to comprising second in instructing when described the second of cloud server instruction It is during the side-play amount of the length of stator section and relative first instruction fragment, described to be specified described second according to the described second instruction Fragment is uploaded to the cloud server and can adopt but be not limited to following method realization, and the method includes:
1st, the starting position of second specified segment is calculated according to the described first instruction fragment and the side-play amount.
2nd, second specified segment is obtained according to the length of the starting position and second specified segment.
3rd, second specified segment for obtaining is uploaded to into the cloud server.
307th, the client receives the scanning result of the file described to be scanned that the cloud server sends, and sweeps described Retouch result output display.Terminate the cloud server scanning of file herein.
User knows the safety of file to be scanned for convenience, and server scans the second specified segment determination text beyond the clouds After the safety of part, scanning result can also be sent to client by cloud server, after client receives the scanning result, By the scanning result output display.Wherein, the mode of the output display can be prompting frame formula, or dialogue frame, tool The embodiment of the present invention of body is not defined to this.When being shown, can be word, or music, or Picture, or animation, can also be above-mentioned combination, and the specific embodiment of the present invention is not limited to this.
308th, the file to be scanned is scanned by the local killing engine of the client, determines file to be scanned Safety, and by scanning result output display.Terminate the killing scanning of file herein.
When it is determined that Documents Comparison hour, without files passe cloud server can also be realized quickly scanning killing, Specifically the file to be scanned is scanned by the local killing engine of the client, determines the safety of file to be scanned. With regard to the concrete grammar of local killing engine, any one current, the specific embodiment of the present invention can be adopted not to carry out this Limit.
The embodiment of the present invention also provides a kind of file scanning method, method of the method for cloud server side, such as Fig. 4 institutes Show, the method includes:
401st, receive the file scan request that client sends.
402nd, the first instruction for uploading file to be scanned is sent to the client, described first instructs for indicating to upload First specified segment of file to be scanned, first specified segment include the type information of file.
Wherein, the associated description with regard to the first specified segment may be referred to the associated description at 102, the embodiment of the present invention this Place will not be described in great detail.
403rd, the first specified segment of the client upload is received, parsing is carried out to first specified segment and is obtained institute State the type information and size of file to be scanned.
Size and attribute letter of first specified segment in addition to comprising file type information, also including file Breath.The embodiment of the present invention treating after the first specified segment of scanning file parsed, can obtain file type information and Size information.If size of the size of the first specified segment more than file to be scanned, client, can be by after the first instruction is received The full content of file to be scanned is uploaded to cloud server, therefore, when the size of file of the client to uploading is not sentenced When disconnected, cloud server, can be to the size of the first specified segment and the file to be scanned for uploading after the first specified segment is received Size compare, to avoid unnecessary data transfer.
404th, judge whether the size of the file to be scanned is more than the size of first specified segment;If it is determined that described The size of file to be scanned then performs 405 more than the size of first specified segment;If it is determined that the file to be scanned is big The little size less than or equal to first specified segment, then perform 408.
When it is determined that the size of the file to be scanned is less than or equal to the size of first specified segment, cloud service Device need not send second to client again and instruct, just can directly to the first specified segment comprising file full text to be scanned Content carry out killing scanning, determine the safety of file.When it is determined that the size of the file to be scanned refers to more than described first During the size of stator section, the file to be scanned is larger, needs cloud server to send files passe instruction to client again.
405th, second specified segment is determined according to the type of the file to be scanned, and is sent to the client Pass file to be scanned the second specified segment second instruction, second specified segment be the file to be scanned in may go out The fragment of existing safety problem.
406th, the second specified segment of the client upload is received, the content of second specified segment is swept Retouch, determine the safety of file to be scanned.
407th, the scanning result of the file to be scanned is sent to into the client.Terminate sweeping for this file to be scanned Retouch.
408th, the first specified segment of the file to be scanned is scanned, determines the safety of file to be scanned, and Perform 407.
In the embodiment of the present invention, when files passe cloud server to be scanned is carried out killing, client can be with root According to a fragment comprising file type of the first transmitting file of the instruction of cloud server, cloud server is analyzed to the fragment Determine the type of file, and then the position of the file fragment of client upload, the file of the position are determined according to the type of file Fragment is often that the file of the type has the fragment of safety problem, and client is only would be possible to according to the instruction of cloud server File fragment comprising safety problem is sent to cloud server and carries out killing.So, first includes file type The content that fragment is carried is less, and the flow which takes is less, and what which can be quickly is transferred to cloud server, and second may bag File fragment containing safety problem, for comparing whole file, which is also less amount of, and transmission in a network is also very fast, cloud End server is very fast to the killing for also mutually comparing whole file during its killing, and second fragment is to be determined according to file type The fragment for being likely to occur safety problem, so ensure that the accuracy of file killing.To sum up, realize efficient cloud engine Killing e-file.
Also, in the embodiment of the present invention, as small documents are uploaded to cloud server in the local killing ratio of client The killing efficiency high of killing is carried out, and in order to ensure the high speed killing of all size file, is swept file being sent to cloud server Before retouching request, the size for treating killing file can be first detected, when it is determined that the size of file to be scanned is more than certain value, The killing of cloud server is carried out;Small documents have then locally carried out killing scanning in client, determine the safety of file.
Further, when client is not detected to the size of file, when cloud server receive client according to After the first specified segment that cloud server is uploaded, the relation of the size and the first specified segment size of file to be scanned is determined, When the size of file to be scanned is less than or equal to the size of the first specified segment, directly the first specified segment is scanned, Determine the safety of file.Only when the size of file to be scanned is more than the size of the first specified segment, just send out to client Serve the instruction for passing the second specified segment.In order to avoid the repetition of small documents is transmitted.
Based on said method, the embodiment of the present invention also provides a kind of client, as shown in figure 5, the client includes:
Scan request transmitting element 51, for sending file scan request to cloud server.
First receiving unit 52, for receiving the first instruction of the upload file to be scanned that the cloud server sends, Described first instructs for indicating to upload the first specified segment of file to be scanned, and first specified segment includes file Type information.
First file transmitting element 53, for instructing the first specified segment of the file to be scanned according to described first The cloud server is uploaded to, so that the cloud server obtains the class of file to be scanned according to first specified segment Type.
Second receiving unit 54, for receiving the second instruction of the upload file to be scanned that the cloud server sends, Described second instructs for indicating to upload the second specified segment of file to be scanned, and second specified segment is taken for the high in the clouds The fragment of safety problem is likely to occur in the file to be scanned that business device is determined according to the type of file to be scanned.
Second file transmitting element 55, for second specified segment is uploaded to the cloud according to the described second instruction End server, so that the cloud server is scanned to the content of second specified segment, determines file to be scanned Safety.
Further, as shown in fig. 6, the client also includes:
Scanning result receiving unit 56, for receiving the scanning knot of the file described to be scanned that the cloud server sends Really.
Output display unit 57, for by the scanning result output display.
When the side-play amount of the length comprising the second specified segment in the described second instruction and relative first instruction fragment, The second file transmitting element 55 includes:
Computing module, for being calculated second specified segment according to the described first instruction fragment and the side-play amount Starting position.
Acquisition module, specifies for obtaining described second according to the length of the starting position and second specified segment Fragment.
File sending module, for second specified segment for obtaining is uploaded to the cloud server.
Further, as shown in fig. 7, the client also includes:
Judging unit 58, for determining the size of file to be scanned.
The scan request transmitting element 51 is additionally operable to, when the size of the file to be scanned is more than predetermined value, Xiang Yun End server sends file scan request.
Scanning element 59, for when the size of the file to be scanned is less than or equal to predetermined value, by the client Local killing engine the file to be scanned is scanned, determine the safety of file to be scanned.
The embodiment of the present invention also provides a kind of cloud server, as shown in figure 8, the cloud server includes:
Scan request receiving unit 61, for receiving the file scan request of client transmission.
First transmitting element 62, instructs for sending the first of upload file to be scanned to the client, described first Instruct for indicating to upload the first specified segment of file to be scanned, first specified segment includes the type letter of file Breath.
First receiving unit 63, for receiving the first specified segment of the client upload;
Resolution unit 64, for carrying out parsing the type for obtaining the file to be scanned to first specified segment.
Determining unit 65, for determining second specified segment according to the type of the file to be scanned;
Second transmitting element 66, for the second of the second specified segment for uploading file to be scanned is sent to the client Instruction, second specified segment are the fragment that safety problem is likely to occur in the file to be scanned.
Second receiving unit 67, for receiving the second specified segment of the client upload.
Scanning element 68, for being scanned to the content of second specified segment, determines the safety of file to be scanned Property.
Further, as shown in figure 9, the cloud server also includes:
Scanning result transmitting element 69, for it is determined that after the safety of file to be scanned, by the file to be scanned Scanning result be sent to the client.
Further, as shown in Figure 10, the cloud server also includes:
The resolution unit 64 is additionally operable to, when in first specified segment also including the size of file, to described the One specified segment carries out parsing the size for obtaining the file to be scanned.
Whether judging unit 610, the size for judging the file to be scanned are big more than first specified segment It is little.
The determining unit 65 is additionally operable to, it is determined that the size of the file to be scanned is more than first specified segment During size, second specified segment is determined according to the type of the file to be scanned.
The scanning element 68 is additionally operable to, it is determined that the size of the file to be scanned is specified less than or equal to described first During the size of fragment, the first specified segment of the file to be scanned is scanned, the safety of file to be scanned is determined.
The embodiment of the present invention also provides a kind of document scanning system, and as shown in figure 11, this document scanning system includes:
Client 71 and cloud server 72.
It should be noted that with regard to the description related to cloud server 72 of client 71, refer in Fig. 1 to Figure 10 Associated description, the embodiment of the present invention will not be described in great detail herein.
In the embodiment of the present invention, when files passe cloud server to be scanned is carried out killing, client can be with root According to a fragment comprising file type of the first transmitting file of the instruction of cloud server, cloud server is analyzed to the fragment Determine the type of file, and then the position of the file fragment of client upload, the file of the position are determined according to the type of file Fragment is often that the file of the type has the fragment of safety problem, and client is only would be possible to according to the instruction of cloud server File fragment comprising safety problem is sent to cloud server and carries out killing.So, first includes file type The content that fragment is carried is less, and the flow which takes is less, and what which can be quickly is transferred to cloud server, and second may bag File fragment containing safety problem, for comparing whole file, which is also less amount of, and transmission in a network is also very fast, cloud End server is very fast to the killing for also mutually comparing whole file during its killing, and second fragment is to be determined according to file type The fragment for being likely to occur safety problem, so ensure that the accuracy of file killing.To sum up, realize efficient cloud engine Killing e-file.
Also, in the embodiment of the present invention, as small documents are uploaded to cloud server in the local killing ratio of client The killing efficiency high of killing is carried out, and in order to ensure the high speed killing of all size file, is swept file being sent to cloud server Before retouching request, the size for treating killing file can be first detected, when it is determined that the size of file to be scanned is more than certain value, The killing of cloud server is carried out;Small documents have then locally carried out killing scanning in client, determine the safety of file.
Further, when client is not detected to the size of file, when cloud server receive client according to After the first specified segment that cloud server is uploaded, the relation of the size and the first specified segment size of file to be scanned is determined, When the size of file to be scanned is less than or equal to the size of the first specified segment, directly the first specified segment is scanned, Determine the safety of file.Only when the size of file to be scanned is more than the size of the first specified segment, just send out to client Serve the instruction for passing the second specified segment.In order to avoid the repetition of small documents is transmitted.
In the above-described embodiments, the description to each embodiment all emphasizes particularly on different fields, and does not have the portion described in detail in certain embodiment Point, may refer to the associated description of other embodiment.
It is understood that said method and the correlated characteristic in device mutually can be referred to.In addition, in above-described embodiment " first ", " second " etc. be, for distinguishing each embodiment, and not represent the quality of each embodiment.
Those skilled in the art can be understood that, for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, may be referred to the corresponding process in preceding method embodiment, will not be described here.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein. Various general-purpose systems can also be used together based on teaching in this.As described above, construct required by this kind of system Structure be obvious.Additionally, the present invention is also not for any certain programmed language.It is understood that, it is possible to use it is various Programming language realizes the content of invention described herein, and the description done to language-specific above is to disclose this Bright preferred forms.
In description mentioned herein, a large amount of details are illustrated.It is to be appreciated, however, that the enforcement of the present invention Example can be put into practice in the case where not having these details.In some instances, known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this description.
Similarly, it will be appreciated that in order to simplify the disclosure and help understand one or more in each inventive aspect, exist Above to, in the description of the exemplary embodiment of the present invention, each feature of the present invention is grouped together into single enforcement sometimes In example, figure or descriptions thereof.However, should the method for the disclosure be construed to reflect following intention:I.e. required guarantor The more features of feature is expressly recited in each claim by the application claims ratio of shield.More precisely, such as following Claims it is reflected as, inventive aspect is less than all features of single embodiment disclosed above.Therefore, Thus the claims for following specific embodiment are expressly incorporated in the specific embodiment, wherein each claim itself All as the separate embodiments of the present invention.
Those skilled in the art are appreciated that can be carried out adaptively to the module in the equipment in embodiment Change and they are arranged in one or more different from embodiment equipment.Can be the module or list in embodiment Unit or component are combined into a module or unit or component, and can be divided in addition multiple submodule or subelement or Sub-component.In addition at least some in such feature and/or process or unit is excluded each other, can adopt any Combine to all features disclosed in this specification (including adjoint claim, summary and accompanying drawing) and so disclosed Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (includes adjoint power Profit is required, summary and accompanying drawing) disclosed in each feature can it is identical by offers, be equal to or the alternative features of similar purpose carry out generation Replace.
Although additionally, it will be appreciated by those of skill in the art that some embodiments described herein include other embodiments In some included features rather than further feature, but the combination of the feature of different embodiments means in of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment required for protection appoint One of meaning can in any combination mode using.
The present invention all parts embodiment can be realized with hardware, or with one or more processor operation Software module realize, or with combinations thereof realize.It will be understood by those of skill in the art that can use in practice Microprocessor or digital signal processor (DSP) are realizing file scanning method according to embodiments of the present invention, device and be The some or all functions of some or all parts in system.The present invention is also implemented as described here for performing Method some or all equipment or program of device (for example, computer program and computer program).This The program of the realization present invention of sample can be stored on a computer-readable medium, or can have one or more signal Form.Such signal can be downloaded from internet website and be obtained, or provide on carrier signal, or with any other Form is provided.
It should be noted that above-described embodiment the present invention will be described rather than limits the invention, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference markss between bracket should not be configured to limitations on claims.Word "comprising" is not excluded the presence of not Element listed in the claims or step.Word "a" or "an" before element does not exclude the presence of multiple such Element.The present invention can come real by means of the hardware for including some different elements and by means of properly programmed computer It is existing.If in the unit claim for listing equipment for drying, several in these devices can be by same hardware branch To embody.The use of word first, second, and third does not indicate that any order.These words can be explained and be run after fame Claim.

Claims (19)

1. a kind of file scanning method, it is characterised in that include:
File scan request is sent to cloud server;
The first instruction of the upload file to be scanned that the cloud server sends is received, described first instructs for indicating to upload First specified segment of file to be scanned, first specified segment include the type information of file;
First specified segment of the file to be scanned is uploaded to by the cloud server according to the described first instruction, with toilet State the type that cloud server obtains file to be scanned according to first specified segment;
The second instruction of the upload file to be scanned that the cloud server sends is received, described second instructs for indicating to upload Second specified segment of file to be scanned, second specified segment are type of the cloud server according to file to be scanned It is determined that file to be scanned in be likely to occur the fragment of safety problem;
Second specified segment is uploaded to by the cloud server according to the described second instruction, so as to the cloud server The content of second specified segment is scanned, the safety of file to be scanned is determined.
2. method according to claim 1, it is characterised in that also include:
The scanning result of the file described to be scanned that the cloud server sends is received, and will be scanning result output aobvious Show.
3. method according to claim 2, it is characterised in that when the length comprising the second specified segment in the described second instruction It is during the side-play amount of degree and relative first instruction fragment, described second specified segment to be uploaded to according to the described second instruction The cloud server includes:
The starting position of second specified segment is calculated according to the described first instruction fragment and the side-play amount;
Second specified segment is obtained according to the length of the starting position and second specified segment;
Second specified segment for obtaining is uploaded to into the cloud server.
4. the method according to any one of claim 1-3, it is characterised in that also include:
Determine the size of file to be scanned;
When the size of the file to be scanned is more than predetermined value, perform described to cloud server transmission file scan request.
5. method according to claim 4, it is characterised in that also include:
When the size of the file to be scanned is less than or equal to predetermined value, by the local killing engine of client to described to be scanned File is scanned, and determines the safety of file to be scanned.
6. a kind of file scanning method, it is characterised in that include:
Receive the file scan request that client sends;
The first instruction for uploading file to be scanned is sent to the client, described first instructs for indicating to upload text to be scanned First specified segment of part, first specified segment include the type information of file;
The first specified segment of the client upload is received, and first specified segment is carried out to wait to sweep described in parsing acquisition Retouch the type of file;
Second specified segment is determined according to the type of the file to be scanned, and it is to be scanned upload to be sent to the client Second instruction of the second specified segment of file, second specified segment are asked for safety is likely to occur in the file to be scanned The fragment of topic;
The second specified segment of the client upload is received, the content of second specified segment is scanned, it is determined that treating The safety of scanning file.
7. method according to claim 6, it is characterised in that it is determined that after the safety of file to be scanned, also including:
The scanning result of the file to be scanned is sent to into the client.
8. the method according to claim 6 or 7, it is characterised in that to be scanned when also including in first specified segment During the size of file, also include:
First specified segment is carried out parsing the size for obtaining the file to be scanned;
Judge whether the size of the file to be scanned is more than the size of first specified segment;
If it is determined that the size of the file to be scanned is then performed and is treated described in the basis more than the size of first specified segment The type of scanning file determines second specified segment, and second to client transmission upload file to be scanned is specified Second instruction of fragment.
9. method according to claim 8, it is characterised in that also include:
If it is determined that size of the size of the file to be scanned less than or equal to first specified segment, then to described to be scanned First specified segment of file is scanned, and determines the safety of file to be scanned.
10. a kind of client, it is characterised in that include:
Scan request transmitting element, for sending file scan request to cloud server;
First receiving unit, for receiving the first instruction of the upload file to be scanned that the cloud server sends, described the One instructs for indicating to upload the first specified segment of file to be scanned, and first specified segment includes the type letter of file Breath;
First file transmitting element, for being uploaded to the first specified segment of the file to be scanned according to the described first instruction The cloud server, so that the cloud server obtains the type of file to be scanned according to first specified segment;
Second receiving unit, for receiving the second instruction of the upload file to be scanned that the cloud server sends, described the Two instruct for indicating to upload the second specified segment of file to be scanned, and second specified segment is the cloud server root According to the fragment that safety problem is likely to occur in the file to be scanned that the type of file to be scanned determines;
Second file transmitting element, for second specified segment is uploaded to the cloud service according to the described second instruction Device, so that the cloud server is scanned to the content of second specified segment, determines the safety of file to be scanned.
11. clients according to claim 10, it is characterised in that also include:
Scanning result receiving unit, for receiving the scanning result of the file described to be scanned that the cloud server sends;
Output display unit, for by the scanning result output display.
12. clients according to claim 11, it is characterised in that include the second specified segment in instructing when described second Length and relative first instruction fragment side-play amount when, the second file transmitting element includes:
Computing module, for being calculated opening for second specified segment according to the described first instruction fragment and the side-play amount Beginning position;
Acquisition module, specifies piece for obtaining described second according to the length of the starting position and second specified segment Section;
File sending module, for second specified segment for obtaining is uploaded to the cloud server.
13. clients according to any one of claim 10-12, it is characterised in that also include:
Judging unit, for determining the size of file to be scanned;
The scan request transmitting element is additionally operable to, when the size of the file to be scanned is more than predetermined value, to cloud service Device sends file scan request.
14. clients according to claim 13, it is characterised in that also include:
Scanning element, for when the size of the file to be scanned is less than or equal to predetermined value, by the local of the client Killing engine is scanned to the file to be scanned, determines the safety of file to be scanned.
15. a kind of cloud servers, it is characterised in that include:
Scan request receiving unit, for receiving the file scan request of client transmission;
First transmitting element, for the first instruction for uploading file to be scanned is sent to the client, first instruction is used In indicating to upload the first specified segment of file to be scanned, first specified segment includes the type information of file;
First receiving unit, for receiving the first specified segment of the client upload;
Resolution unit, for carrying out parsing the type for obtaining the file to be scanned to first specified segment;
Determining unit, for determining second specified segment according to the type of the file to be scanned;
Second transmitting element, for the second instruction of the second specified segment for uploading file to be scanned is sent to the client, Second specified segment is the fragment that safety problem is likely to occur in the file to be scanned;
Second receiving unit, for receiving the second specified segment of the client upload;
Scanning element, for being scanned to the content of second specified segment, determines the safety of file to be scanned.
16. cloud servers according to claim 15, it is characterised in that also include:
Scanning result transmitting element, for it is determined that after the safety of file to be scanned, by the scanning of the file to be scanned As a result it is sent to the client.
17. cloud servers according to claim 15 or 16, it is characterised in that also include:
The resolution unit is additionally operable to, and when in first specified segment also including the size of file, specifies to described first Fragment carries out parsing the size for obtaining the file to be scanned;
Judging unit, for judging whether the size of the file to be scanned is more than the size of first specified segment;
The determining unit is additionally operable to, it is determined that the size of the file to be scanned is more than the size of first specified segment When, second specified segment is determined according to the type of the file to be scanned.
18. cloud servers according to claim 16, it is characterised in that also include:
The scanning element is additionally operable to, it is determined that the size of the file to be scanned is less than or equal to first specified segment During size, the first specified segment of the file to be scanned is scanned, the safety of file to be scanned is determined.
19. a kind of document scanning systems, it is characterised in that include:
Client as any one of claim 10-14;
With the cloud server as any one of claim 15-17.
CN201410854196.0A 2014-12-31 2014-12-31 File scanning method, device and system Active CN104462601B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201410854196.0A CN104462601B (en) 2014-12-31 2014-12-31 File scanning method, device and system
PCT/CN2015/094707 WO2016107309A1 (en) 2014-12-31 2015-11-16 File scanning method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410854196.0A CN104462601B (en) 2014-12-31 2014-12-31 File scanning method, device and system

Publications (2)

Publication Number Publication Date
CN104462601A CN104462601A (en) 2015-03-25
CN104462601B true CN104462601B (en) 2017-04-12

Family

ID=52908636

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410854196.0A Active CN104462601B (en) 2014-12-31 2014-12-31 File scanning method, device and system

Country Status (2)

Country Link
CN (1) CN104462601B (en)
WO (1) WO2016107309A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104462601B (en) * 2014-12-31 2017-04-12 北京奇安信科技有限公司 File scanning method, device and system
CN105590058B (en) * 2015-12-18 2019-04-26 北京奇虎科技有限公司 The detection method and device of virtual machine escape
CN112347041A (en) * 2020-11-03 2021-02-09 紫光云引擎科技(苏州)有限公司 Industrial cloud application store system file uploading security scanning method and system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7636946B2 (en) * 2005-08-31 2009-12-22 Microsoft Corporation Unwanted file modification and transactions
CN102902915B (en) * 2012-09-29 2016-06-29 北京奇虎科技有限公司 The system that file behavior characteristics is detected
CN102982284B (en) * 2012-11-30 2016-04-20 北京奇虎科技有限公司 For the scanning device of rogue program killing, cloud management equipment and method and system
CN103914655A (en) * 2014-03-17 2014-07-09 北京奇虎科技有限公司 Downloaded file security detection method and device
CN104462601B (en) * 2014-12-31 2017-04-12 北京奇安信科技有限公司 File scanning method, device and system

Also Published As

Publication number Publication date
CN104462601A (en) 2015-03-25
WO2016107309A1 (en) 2016-07-07

Similar Documents

Publication Publication Date Title
AU2015380394B2 (en) Methods and systems for identifying potential enterprise software threats based on visual and non-visual data
US9043917B2 (en) Automatic signature generation for malicious PDF files
US9294486B1 (en) Malware detection and analysis
AU2012347793B2 (en) Detecting malware using stored patterns
US8141158B2 (en) Measuring coverage of application inputs for advanced web application security testing
US7203959B2 (en) Stream scanning through network proxy servers
RU2551820C2 (en) Method and apparatus for detecting viruses in file system
CN101743530B (en) Method and system for anti-virus scanning of partially available content
RU2536664C2 (en) System and method for automatic modification of antivirus database
EP3814961A1 (en) Analysis of malware
US10810176B2 (en) Unsolicited bulk email detection using URL tree hashes
CN103281325A (en) Method and device for processing file based on cloud security
CN104462601B (en) File scanning method, device and system
US8201247B1 (en) Method and apparatus for providing a computer security service via instant messaging
US11695784B2 (en) Reassembly free deep packet inspection for peer to peer networks
CN110023938A (en) The system and method for determining file similarity are counted using function length
CN104239795B (en) The scan method and device of file
US20160191531A1 (en) Method for file scrubbing in a security gateway for threat prevention
US11023590B2 (en) Security testing tool using crowd-sourced data
EP3709200A1 (en) Determining security risks in binary software code based on network protocols
US8495050B2 (en) Identifying universal resource locator rewriting rules
US11556819B2 (en) Collection apparatus, collection method, and collection program
CN106649834A (en) Asynchronous transmission method, device and system of log data
CN106529292A (en) Virus checking and killing method and apparatus
US11966477B2 (en) Methods and apparatus for generic process chain entity mapping

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20170112

Address after: 100015 Chaoyang District Road, Jiuxianqiao, No. 10, building No. 3, floor 15, floor 17, 1701-26,

Applicant after: BEIJING QIANXIN TECHNOLOGY Co.,Ltd.

Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park)

Applicant before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Applicant before: Qizhi software (Beijing) Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: 100088 Building 3 332, 102, 28 Xinjiekouwai Street, Xicheng District, Beijing

Patentee after: QAX Technology Group Inc.

Address before: 100015 15, 17 floor 1701-26, 3 building, 10 Jiuxianqiao Road, Chaoyang District, Beijing.

Patentee before: BEIJING QIANXIN TECHNOLOGY Co.,Ltd.

CP03 Change of name, title or address