CN105354499A - Virus searching and killing method and device - Google Patents
Virus searching and killing method and device Download PDFInfo
- Publication number
- CN105354499A CN105354499A CN201510933152.1A CN201510933152A CN105354499A CN 105354499 A CN105354499 A CN 105354499A CN 201510933152 A CN201510933152 A CN 201510933152A CN 105354499 A CN105354499 A CN 105354499A
- Authority
- CN
- China
- Prior art keywords
- detected object
- feature
- characteristic information
- intranet server
- virus
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
Abstract
The invention provides a virus searching and killing method and device and relates to the field of computer security. The virus searching and killing method provided by the invention comprises the following steps: sending a request for inquiring a detection object from a client, and sending the feature information of the detection object to an intranet server; receiving the feature information of the detection object by the internet server, and matching the feature information of the detection object with features of a feature library of the intranet server to judge whether the detection object is a virus; if the feature information of the detection object does not exist in the feature library of the internet server during matching, updating the features of the feature library of the intranet server; and returning the judgment result back to the client by the intranet server. The virus searching and killing method and device provided by the invention solve the problem that a user in enterprise environment cannot directly connect to a public cloud server to carry out cloud searching and killing, and the cloud searching and killing mechanism is reasonably applied to the enterprise environment.
Description
Technical field
The present invention relates to computer safety field, especially relate to a kind of checking and killing method and device of virus.
Background technology
The client of the cloud killing technology of current use is extremely lightweight, only need extract feature to inquire about to Cloud Server, main calculating transfers to the cloud computing of Cloud Server by the local engine of traditional dependence client, but this cloud killing technical requirement client can be connected on publicly-owned Cloud Server, but a large amount of corporate environments is separation net, namely most of terminal machine directly can not connect public network server.
Summary of the invention
In view of this, the object of this invention is to provide a kind of checking and killing method of virus, solve the problem that user under corporate environment can not be directly connected to the enterprising killing of racking of publicly-owned Cloud Server, under cloud killing mechanism is rationally applied to corporate environment.
The invention provides a kind of checking and killing method of virus, comprising:
Client sends the request of inquiry detected object, and the characteristic information of described detected object is sent to intranet server;
Described intranet server receives the characteristic information of described detected object, and the feature of the characteristic information of described detected object with described intranet server feature database is mated, and judges whether described detected object is virus;
If the characteristic information of detected object described in matching process not in described intranet server feature database, then upgrades the feature of described intranet server feature database;
Result of determination is returned described client by described intranet server.
Wherein, the feature renewal process of described intranet server feature database comprises: established a communications link by isolating tool and outer net, and obtains the feature of described outer net transmission by described communication connection; Or described intranet server directly connects the feature that described outer net obtains the transmission of described outer net.
Wherein, described intranet server feature database comprises the white storehouse of User Defined, the white storehouse of background, the black storehouse of User Defined and the black storehouse of background.
Wherein, described deterministic process comprises: judge whether the characteristic information of described detected object mates with the feature in the white storehouse of described User Defined, if the characteristic matching in the characteristic information of described detected object and the white storehouse of described User Defined, then described detected object is not virus; If do not mate, then judge whether the characteristic information of described detected object mates with the feature in the white storehouse of described background.
Wherein, described deterministic process also comprises: if the characteristic matching in the characteristic information of described detected object and the white storehouse of described background, then described detected object is not virus; If do not mate, then judge whether the characteristic information of described detected object mates with the feature in the black storehouse of described User Defined.
Wherein, described deterministic process also comprises: if the characteristic matching in the characteristic information of described detected object and the black storehouse of described User Defined, then described detected object is virus; If do not mate, then judge whether the characteristic information of described detected object mates with the feature in the black storehouse of described background.
Wherein, described deterministic process also comprises: if the characteristic matching in the characteristic information of described detected object and the black storehouse of described background, then described detected object is virus; If do not mate, then not virus.
Wherein, described detected object is webpage or file.
Another object of the present invention is to provide a kind of killing device of virus, solves the problem that user under corporate environment can not be directly connected to the enterprising killing of racking of publicly-owned Cloud Server, under cloud killing mechanism is rationally applied to corporate environment.
The invention provides a kind of killing device of virus, comprising:
Sending module: the request sending inquiry detected object for client, is sent to described intranet server by the characteristic information of described detected object;
Matching module: for the feature of the characteristic information of described detected object with described intranet server feature database being mated, judges whether described detected object is virus;
Update module: not in described intranet server feature database, the feature of described intranet server feature database is upgraded for described detected object characteristic information in the matching process;
Return module: for result of determination is returned described client by described intranet server.
Compared with prior art, illustrative embodiment of the present invention comprises following advantage:
The invention provides a kind of checking and killing method and device of virus, solve the problem that user under corporate environment can not be directly connected to the enterprising killing of racking of publicly-owned Cloud Server, under cloud killing mechanism is rationally applied to corporate environment.
Accompanying drawing explanation
The process flow diagram of the checking and killing method of the virus of Fig. 1 embodiment of the present invention;
The structured flowchart of the killing device of the virus of Fig. 2 embodiment of the present invention.
Embodiment
The invention provides a kind of checking and killing method and device of virus, Fig. 1 shows the checking and killing method of the virus in some embodiments, and Fig. 2 shows the killing device of the virus in some embodiments.
As shown in Figure 1, disclose a kind of checking and killing method of virus, the client that the method is used for can be PC, panel computer or mobile phone, and the method comprises following step:
The request of S1, client query detected object, is sent to intranet server by the characteristic information of described detected object;
During client scan detected object, first can calculate MD5 code and the crc value of detected object, the MD5 code calculated and crc value together send to intranet server along with the characteristic information of detected object, intranet server recalculates MD5 code and crc value to the detected object received, the MD5 code of detected object send client and crc value and the MD5 code recalculated and crc value carry out checking and verifying, if the two is inconsistent, then illustrate that mistake appears in the communication of the characteristic information sending detected object, needs client to resend; Intranet server receives the characteristic information of correct detected object, will use the characteristic information of channel number password to decipher detected object.
S2, intranet server receive the characteristic information of described detected object, and the feature of the characteristic information of described detected object with described intranet server feature database are mated, and judge whether described detected object is virus;
In some optional embodiments, described intranet server feature database comprises the white storehouse of User Defined, the white storehouse of background, the black storehouse of User Defined and the black storehouse of background.
In some optional embodiments, described deterministic process comprises: judge whether the characteristic information of described detected object mates with the feature in the white storehouse of described User Defined, if the characteristic matching in the characteristic information of described detected object and the white storehouse of described User Defined, then described detected object is not virus; If do not mate, then judge whether the characteristic information of described detected object mates with the feature in the white storehouse of described background; If the characteristic matching in the characteristic information of described detected object and the white storehouse of described background, then described detected object is not virus; If do not mate, then judge whether the characteristic information of described detected object mates with the feature in the black storehouse of described User Defined; If the characteristic matching in the characteristic information of described detected object and the black storehouse of described User Defined, then described detected object is virus; If do not mate, then judge whether the characteristic information of described detected object mates with the feature in the black storehouse of described background; If the characteristic matching in the characteristic information of described detected object and the black storehouse of described background, then described detected object is virus; If do not mate, then not virus.
In the process judged, first carry out the coupling of Bai Ku, then carry out the coupling in black storehouse, the queries of client can be reduced; Preferentially carry out self-defined white storehouse or black storehouse, mainly because self-defined white storehouse or black storehouse are under user's actual environment, the probability of hit virus is high.
If detected object characteristic information described in S3 matching process not in described intranet server feature database, then upgrades the feature of described intranet server feature database;
In some optional embodiments, the feature renewal process of described intranet server feature database comprises: established a communications link by isolating tool and outer net, and obtains the feature of described outer net transmission by described communication connection; Or described intranet server directly connects the feature that described outer net obtains the transmission of described outer net.
Intranet server is in separation net, if the renewal not in time of intranet server feature database, can cause the inefficient problem of checking and killing virus, because the intranet server feature database in separation net cannot upgrade, namely can only dispose static nature storehouse in separation net.In the present embodiment, intranet server can obtain by above-mentioned renewal process the characteristic set upgraded for intranet server feature database from outer net, characteristic set according to obtaining upgrades feature database, under realizing separation net environment thus, the deployment in dynamic virus characteristic storehouse, can promote network killing ability.
Generation and the transmission of characteristic set determine by outer net, outer net can determine which kind of is characterized as focus feature, and the focus feature in which kind of to be added in characteristic set and all factors relating to generating feature set such as kind, quantity of feature in characteristic set period.
Result of determination is returned described client by S4, network server;
After the characteristic information of detected object and the characteristic matching process of intranet server feature database terminate, the characteristic information of detected object is encrypted by intranet server, turns back to client.
In some optional embodiments, described detected object is webpage or file.
As shown in Figure 2, disclose a kind of killing device of virus, comprising:
Send the request of inquiry detected object for client, the characteristic information of described detected object is sent to the sending module 11 of described intranet server;
For the feature of the characteristic information of described detected object with described intranet server feature database being mated, judge whether described detected object is viral matching module 12;
For described detected object characteristic information in the matching process not in described intranet server feature database, to the update module 13 that the feature of described intranet server feature database upgrades;
Module 14 is returned for what result of determination is returned by described intranet server described client.
Above the checking and killing method and device that the invention provides a kind of virus are described in detail, apply specific case herein to set forth the principle of the embodiment of the present invention and embodiment, the explanation of above embodiment is just for helping method and the core concept thereof of understanding the embodiment of the present invention; Meanwhile, for one of ordinary skill in the art, according to the thought of the embodiment of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as the restriction to the embodiment of the present invention.
Claims (9)
1. a viral checking and killing method, is characterized in that, comprising:
Client sends the request of inquiry detected object, and the characteristic information of described detected object is sent to intranet server;
Described intranet server receives the characteristic information of described detected object, and the feature of the characteristic information of described detected object with described intranet server feature database is mated, and judges whether described detected object is virus;
If the characteristic information of detected object described in matching process not in described intranet server feature database, then upgrades the feature of described intranet server feature database;
Result of determination is returned described client by described intranet server.
2. the checking and killing method of virus according to claim 1, it is characterized in that, the feature renewal process of described intranet server feature database comprises: established a communications link by isolating tool and outer net, and obtains the feature of described outer net transmission by described communication connection; Or described intranet server directly connects the feature that described outer net obtains the transmission of described outer net.
3. the checking and killing method of virus according to claim 1, is characterized in that, described intranet server feature database comprises the white storehouse of User Defined, the white storehouse of background, the black storehouse of User Defined and the black storehouse of background.
4. the checking and killing method of virus according to claim 3, it is characterized in that, described deterministic process comprises: judge whether the characteristic information of described detected object mates with the feature in the white storehouse of described User Defined, if the characteristic matching in the characteristic information of described detected object and the white storehouse of described User Defined, then described detected object is not virus; If do not mate, then judge whether the characteristic information of described detected object mates with the feature in the white storehouse of described background.
5. the checking and killing method of virus according to claim 4, is characterized in that, described deterministic process also comprises: if the characteristic matching in the characteristic information of described detected object and the white storehouse of described background, then described detected object is not virus; If do not mate, then judge whether the characteristic information of described detected object mates with the feature in the black storehouse of described User Defined.
6. the checking and killing method of virus according to claim 5, is characterized in that, described deterministic process also comprises: if the characteristic matching in the characteristic information of described detected object and the black storehouse of described User Defined, then described detected object is virus; If do not mate, then judge whether the characteristic information of described detected object mates with the feature in the black storehouse of described background.
7. the checking and killing method of virus according to claim 6, is characterized in that, described deterministic process also comprises: if the characteristic matching in the characteristic information of described detected object and the black storehouse of described background, then described detected object is virus; If do not mate, then not virus.
8. the checking and killing method of virus according to claim 1, is characterized in that, described detected object is webpage or file.
9. a viral killing device, is characterized in that, comprising:
Sending module: the request sending inquiry detected object for client, is sent to described intranet server by the characteristic information of described detected object;
Matching module: for the feature of the characteristic information of described detected object with described intranet server feature database being mated, judges whether described detected object is virus;
Update module: not in described intranet server feature database, the feature of described intranet server feature database is upgraded for described detected object characteristic information in the matching process;
Return module: for result of determination is returned described client by described intranet server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510933152.1A CN105354499A (en) | 2015-12-15 | 2015-12-15 | Virus searching and killing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510933152.1A CN105354499A (en) | 2015-12-15 | 2015-12-15 | Virus searching and killing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105354499A true CN105354499A (en) | 2016-02-24 |
Family
ID=55330470
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510933152.1A Pending CN105354499A (en) | 2015-12-15 | 2015-12-15 | Virus searching and killing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105354499A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106412913A (en) * | 2016-10-13 | 2017-02-15 | 西安瀚炬网络科技有限公司 | Scanning analysis method and system for wireless networks |
| CN110287701A (en) * | 2019-06-28 | 2019-09-27 | 深信服科技股份有限公司 | A kind of malicious file detection method, device, system and associated component |
| CN112580029A (en) * | 2019-09-27 | 2021-03-30 | 奇安信科技集团股份有限公司 | Network system and method and device for searching and killing viruses of terminal of full-isolation network |
| CN112580029B (en) * | 2019-09-27 | 2024-04-12 | 奇安信科技集团股份有限公司 | Network system and method and device for checking and killing viruses of all-isolated network terminal |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070198420A1 (en) * | 2006-02-03 | 2007-08-23 | Leonid Goldstein | Method and a system for outbound content security in computer networks |
| CN103020520A (en) * | 2012-11-26 | 2013-04-03 | 北京奇虎科技有限公司 | Enterprise-based document security detection method and system |
| CN103049697A (en) * | 2012-11-26 | 2013-04-17 | 北京奇虎科技有限公司 | File detection method and system for enterprises |
| CN103647753A (en) * | 2013-11-19 | 2014-03-19 | 北京奇虎科技有限公司 | LAN file security management method, server and system |
| CN104281809A (en) * | 2014-09-30 | 2015-01-14 | 北京奇虎科技有限公司 | Method, device and system for searching and killing viruses |
| CN104539739A (en) * | 2015-01-26 | 2015-04-22 | 浙江大学 | System, method and device for uploading files |
-
2015
- 2015-12-15 CN CN201510933152.1A patent/CN105354499A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070198420A1 (en) * | 2006-02-03 | 2007-08-23 | Leonid Goldstein | Method and a system for outbound content security in computer networks |
| CN103020520A (en) * | 2012-11-26 | 2013-04-03 | 北京奇虎科技有限公司 | Enterprise-based document security detection method and system |
| CN103049697A (en) * | 2012-11-26 | 2013-04-17 | 北京奇虎科技有限公司 | File detection method and system for enterprises |
| CN103647753A (en) * | 2013-11-19 | 2014-03-19 | 北京奇虎科技有限公司 | LAN file security management method, server and system |
| CN104281809A (en) * | 2014-09-30 | 2015-01-14 | 北京奇虎科技有限公司 | Method, device and system for searching and killing viruses |
| CN104539739A (en) * | 2015-01-26 | 2015-04-22 | 浙江大学 | System, method and device for uploading files |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106412913A (en) * | 2016-10-13 | 2017-02-15 | 西安瀚炬网络科技有限公司 | Scanning analysis method and system for wireless networks |
| CN110287701A (en) * | 2019-06-28 | 2019-09-27 | 深信服科技股份有限公司 | A kind of malicious file detection method, device, system and associated component |
| CN112580029A (en) * | 2019-09-27 | 2021-03-30 | 奇安信科技集团股份有限公司 | Network system and method and device for searching and killing viruses of terminal of full-isolation network |
| CN112580029B (en) * | 2019-09-27 | 2024-04-12 | 奇安信科技集团股份有限公司 | Network system and method and device for checking and killing viruses of all-isolated network terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102970362B (en) | The method of a kind of high in the clouds data sharing and device | |
| WO2018177124A1 (en) | Service processing method and device, data sharing system and storage medium | |
| CN110598280B (en) | Equipment simulation system and method and computer readable storage medium | |
| KR102363559B1 (en) | Information transmission method and device | |
| CN103023933B (en) | A kind of log-on message Integrated Processing System and method | |
| JP6756738B2 (en) | Reliable login method and equipment | |
| US20120320815A1 (en) | Entity Identification Based on Proximity to Access Points | |
| CN110602214B (en) | Evidence storing and processing method, device, equipment and medium of judicial chain | |
| CN105827683A (en) | Data synchronization method, server and electronic device | |
| US20120330892A1 (en) | Client-based data replication | |
| CN109104701B (en) | Information sending method based on equipment identification code and server | |
| CN103902339A (en) | Application installation method, terminal and server | |
| CN105306210A (en) | Method, device and system for realizing authorization through application | |
| CN104238819A (en) | Detection method and system for display screen state in mobile terminal | |
| CN103136342A (en) | Searching method, system and searching server of application programs (APP) | |
| CN102624687A (en) | Networking program user authentication method based on mobile terminal | |
| CN105141605A (en) | Session method, web server and browser | |
| CN105306485A (en) | Network access authentication methods, authentication server and authentication system | |
| CN104850971A (en) | Correlation method between order information and logistics information, and device thereof | |
| CN105354499A (en) | Virus searching and killing method and device | |
| CN103888264A (en) | Inter-mobile-phone data transferring method based on background data exchange, terminal and system | |
| CN104298757A (en) | Method and system allowing compatibility with mobile clients and databases different in version | |
| CN112738019B (en) | Method and device for displaying device information, storage medium and electronic device | |
| CN102790757A (en) | User identification method and system for network transaction | |
| CN104967525A (en) | News sharing method, apparatus and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160224 |