CN105528543A

CN105528543A - Remote antivirus method, client, console and system

Info

Publication number: CN105528543A
Application number: CN201510981876.3A
Authority: CN
Inventors: 李云庭; 薛欢; 程君; 王力
Original assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Priority date: 2015-12-23
Filing date: 2015-12-23
Publication date: 2016-04-27

Abstract

The invention discloses a remote antivirus method, a client, a console and a system, relates to the technical field of information security, and aims to avoid influencing the running and response speeds of smart terminal equipment in a process of deleting viruses by an antivirus application. According to the technical scheme of the invention, the method comprises the following steps: receiving a virus scanning strategy issued by the console through the client; scanning the terminal equipment in which the client is installed based on the virus scanning strategy, and determining whether a virus type which is consistent with a virus type to be scanned exists in the terminal equipment or not; if the virus type which is consistent with a virus type to be scanned exists in the terminal equipment, reporting a scanning result dialog to the console, wherein the scanning result dialog includes a preset storage position of the terminal equipment in which viruses exist; receiving a deletion instruction issued by the console, and deleting a virus corresponding to the virus type to be scanned stored in the preset storage position based on the deletion instruction. The remote antivirus method, the client, the console and the system are applied to a security protection process of the smart terminal equipment.

Description

The method of remote virus-killing, client, control desk and system

Technical field

The present invention relates to field of information security technology, particularly relate to a kind of method of remote virus-killing, client, control desk and system.

Background technology

Along with the development of computer technology, the level of informatization of human society is more and more higher, and the degree of dependence of entire society to intelligent terminal is also more and more higher, thereupon increasingly also comprises the threat existed in intelligent terminal; Described intelligent terminal comprises: smart mobile phone, panel computer etc.Developing rapidly of intelligent terminal provides many facilities to the work of user and life.

At present; in order to ensure the safety of intelligent terminal; user can install virus killing application program usually in intelligent terminal, by the various types of viruses in the prevention of virus killing application program or deletion intelligent terminal, browses rubbish etc., guarantees the safety of intelligent terminal.Virus killing application program is being carried out in the process of security protection to intelligent terminal; if determine to there is viral threat in intelligent terminal; then can directly this viral threat be deleted; but; in virus killing application program in the process of deleting virus; the operation exception of intelligent terminal is slow and response speed is comparatively slow, and then affects the Consumer's Experience of intelligent terminal user.

Summary of the invention

In view of this; the method of a kind of remote virus-killing provided by the invention, client, control desk and system; fundamental purpose is to solve in virus killing application program in the process of deleting virus; the operation exception of intelligent terminal slowly and response speed comparatively slow, and then affect the problem of Consumer's Experience of intelligent terminal user.

According to the present invention first aspect, the invention provides a kind of method of remote virus-killing, the method comprises:

Client receives the virus scan strategy that control desk issues, and comprises Virus Type to be scanned in described virus scan strategy;

Scan based on the terminal device of described virus scan strategy to client place, and determine whether described terminal device exists the Virus Type consistent with described Virus Type to be scanned;

If determine there is the Virus Type consistent with described Virus Type to be scanned in described terminal device, then report scanning result daily record to described control desk; The preset memory location of viral place terminal device is comprised in described scanning result daily record;

Receive the delete instruction that described control desk issues, and virus corresponding for the Virus Type described to be scanned of described preset memory location storage deleted based on described delete instruction, described delete instruction is used to indicate backstage and deletes described virus.

According to the present invention second aspect, the invention provides the method for another kind of remote virus-killing, the method comprises:

Control desk issues virus scan strategy to terminal device, comprises Virus Type to be scanned in described virus scan strategy;

Receive the scanning result daily record that described client reports; The preset memory location of viral place terminal device corresponding to Virus Type is comprised in described scanning result daily record;

Issue delete instruction to described client, described delete instruction is used to indicate the virus that client background deletes described preset memory location storage.

According to third aspect of the present invention, the invention provides a kind of client, this client comprises:

First receiving element, for receiving the virus scan strategy that control desk issues, comprises Virus Type to be scanned in described virus scan strategy;

Scanning element, scans for the terminal device of described virus scan strategy to client place received based on described first receiving element;

Determining unit, in the process that scans based on the terminal device of described virus scan strategy to client place in described scanning element, determines whether described terminal device exists the Virus Type consistent with described Virus Type to be scanned;

First reports unit, for determining that when described determining unit described terminal device exists the Virus Type consistent with described Virus Type to be scanned, then reports scanning result daily record to described control desk; The preset memory location of viral place terminal device is comprised in described scanning result daily record;

Second receiving element, for reporting unit to after described control desk reports scanning result daily record described first, receives the delete instruction that described control desk issues;

Delete cells, the virus that the Virus Type described to be scanned that described preset memory location stores by the described delete instruction for receiving based on described second receiving element is corresponding is deleted, and described delete instruction is used to indicate backstage and deletes described virus.

According to the present invention the 4th aspect, the invention provides a kind of control desk, this control desk comprises:

First issues unit, for issuing virus scan strategy to terminal device, comprises Virus Type to be scanned in described virus scan strategy;

First receiving element, for issuing unit to after described terminal device issues virus scan strategy described first, receives the scanning result daily record that described client reports; The preset memory location of viral place terminal device corresponding to described Virus Type to be scanned is comprised in described scanning result daily record;

Second issues unit, for receive scanning result daily record that described client reports at described first receiving element after, issues delete instruction to described client, and described delete instruction is used to indicate client background and deletes the virus that described preset memory location stores.

According to the present invention the 5th aspect, the invention provides a kind of system of remote virus-killing, this system comprises: client as above and control desk as above.

By technique scheme, the method of remote virus-killing provided by the invention, client, control desk and system, client when carrying out security protection to terminal device, first, receive the virus scan strategy that control desk issues, in this virus scan strategy, comprise Virus Type to be scanned; Secondly, whether consistent with Virus Type to be scanned client scans based on the terminal device of virus scan strategy to client place received, in scanning process, to determine in terminal device Virus Type; When determining to there is the Virus Type consistent with Virus Type to be scanned in terminal device, report scanning result daily record to described control desk; Wherein, the preset memory location of viral place terminal device is comprised in this scanning result daily record; Finally, client receives the delete instruction that control desk issues, and the virus that the Virus Type to be scanned that preset memory location stores based on this delete instruction by client is corresponding is deleted; Compared with prior art, the present invention to when to delete in terminal device viral, deletion be the virus that Virus Type that control desk is specified is corresponding, the safety of terminal device file can be guaranteed; In addition, when to delete in terminal device viral, virus is that " mourning in silence " deletes, and namely virus is deleted on the backstage of terminal device by client, can not affect operation and the response speed of terminal device; In addition, after virus is deleted, data content virus run empties, and improve the process that virus uses, the internal memory that releasing virus takies, certain procedures can improve operation and the response speed of terminal device.

Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to technological means of the present invention can be better understood, and can be implemented according to the content of instructions, and can become apparent, below especially exemplified by the specific embodiment of the present invention to allow above and other objects of the present invention, feature and advantage.

Accompanying drawing explanation

By reading hereafter detailed description of the preferred embodiment, various other advantage and benefit will become cheer and bright for those of ordinary skill in the art.Accompanying drawing only for illustrating the object of preferred implementation, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts by identical reference symbol.In the accompanying drawings:

Fig. 1 shows the process flow diagram of the method for a kind of remote virus-killing that the embodiment of the present invention provides;

Fig. 2 shows the process flow diagram of the method for the another kind of remote virus-killing that the embodiment of the present invention provides;

Fig. 3 shows the composition frame chart that the embodiment of the present invention provides a kind of client;

Fig. 4 shows the composition frame chart that the embodiment of the present invention provides another kind of client;

Fig. 5 shows the composition frame chart that the embodiment of the present invention provides a kind of control desk;

Fig. 6 shows the composition frame chart that the embodiment of the present invention provides another kind of control desk;

Fig. 7 shows the composition frame chart that the embodiment of the present invention provides a kind of system of remote virus-killing.

Embodiment

Below with reference to accompanying drawings exemplary embodiment of the present disclosure is described in more detail.Although show exemplary embodiment of the present disclosure in accompanying drawing, however should be appreciated that can realize the disclosure in a variety of manners and not should limit by the embodiment set forth here.On the contrary, provide these embodiments to be in order to more thoroughly the disclosure can be understood, and complete for the scope of the present disclosure can be conveyed to those skilled in the art.

The embodiment of the present invention provides a kind of method of remote virus-killing, and the method is applied to client-side, and as shown in Figure 1, the method comprises:

101, client receives the virus scan strategy that control desk issues.

In the embodiment of the present invention, client is when carrying out security protection to terminal device, first, receive the virus scan strategy that control desk issues, Virus Type to be scanned is comprised in described virus scan strategy, the virus identifications that different Virus Types is corresponding different, this virus identifications is the unique identification of virus; Because the renewal speed of virus is too fast, the strategy that the operation maintenance personnel that control desk is control desk to the virus scan strategy that client issues rule of thumb artificially is arranged, operation maintenance personnel, when arranging virus scan strategy, determines Virus Type to be scanned according to the renewal of virus database in control desk.The Virus Type of the embodiment of the present invention to virus to be scanned in virus scan strategy does not limit.

102, client scans based on the terminal device of described virus scan strategy to client place, and determines whether described terminal device exists the Virus Type consistent with described Virus Type to be scanned.

Because the communication interaction between client and control desk depends on network, when client is after acquisition virus scan strategy, utilize the scanning engine of network-side and the local engine of client to combine and scan.In the process of scanning, determine whether there is the Virus Type consistent with its Virus Type according to Virus Type to be scanned, if there is not the Virus Type consistent with Virus Type to be scanned in terminal device, then illustrate in this terminal device to there is not security threat; If determine to there is the Virus Type consistent with Virus Type to be scanned in terminal device, then illustrate in this terminal device to there is security threat, order performs step 103.

Two kinds of scanning killing patterns are all included: general mode and enhancement mode in scanning engine or local engine.Described general mode is adopt the file characteristic in immediate mode extraction terminal device, carries out killing successively by the order of virus database and local virus database in local cache, network.Described enhancement mode is multiple features of complete extraction terminal device file, and the attached bag considering file carries out checking and killing virus.Wherein, the information of file can comprise: the attached bag that file name, certificate MD5 (Message Digest Algorithm 5, MessageDigestAlgorithm), version number, file MD5, certificate term of life or file comprise.Client, when end of scan equipment, can select above-mentioned arbitrary scan killing pattern, and its foundation selected is the actual demand of terminal user.The embodiment of the present invention does not specifically limit the scanning killing pattern comprised in scanning engine or local engine.

Exemplary, scanning engine or local engine can detect virus by the eigenwert of the associated documents extracting application program.The eigenwert of extraction document can adopt multiple method, such as mate ELF (ExecutableandLinkingFormat, can chained file be performed) machine instruction of executable code in file, specifically when the eigenwert of extraction document, can the data (instruction of executable code or wherein a part) of one section of designated length in an extraction document.

In the embodiment of the present invention, client, when calling checking and killing virus engine and scanning terminal device, can scan terminal device including but not limited to following mode, and such as, the whole memory disks in end of scan equipment, are called scan full hard disk; Or client is when calling viral antivirus engine and scanning terminal device, and in an end of scan equipment, system starts necessary file, such as: internal memory, IE, plug-in unit, registration table etc., is called rapid scanning.The specific implementation of the embodiment of the present invention to client scan terminal device limits.

Optionally, when client scans based on the terminal device of described virus scan strategy to client place, first, client is according to the characteristic information of application program, judge whether this application program exists with default application program white list, if this application program is present in default application program white list, then determine that this application program does not exist security threat; If determine, this application program is not present in default application program white list, then client determines the security of this application program based on virus scan strategy.It should be noted that, this kind of implementation, client carries out in this locality determining whether there is security threat in terminal device, has speeded the speed of end of scan equipment.

Wherein, presetting application program white list can including but not limited to following content, such as: the title of the known application program of being trusted, the title of the known application program of being trusted comprises: the bag name of the UID (unique identifier) of application program and the installation kit of application program.Default application program blacklist is also comprised in client, presetting application program blacklist can including but not limited to following content, such as: the title of known malicious application and described application features data can comprise the data of known malice feature (such as mountain vallage application characteristic); The title of described known malicious application comprises the bag name of the UID (unique identifier) of application program and the installation kit of application program.The embodiment of the present invention does not limit the default application program white list i.e. particular content preset in application program blacklist.

If 103 determine that described terminal device exists the Virus Type consistent with described Virus Type to be scanned, then client reports scanning result daily record to described control desk.

When there is the Virus Type consistent with Virus Type to be scanned in client determination terminal device, illustrate in terminal device to there is security threat, now, client is according to this scanning result, generate scanning result daily record, comprise the bag name, Virus Type etc. of the preset memory location of viral place terminal device, the corresponding virus of Virus Type in described scanning result daily record, the scanning result daily record of generation is reported to control desk by client.

104, client receives the delete instruction that described control desk issues, and virus corresponding for the Virus Type described to be scanned of described preset memory location storage is deleted based on described delete instruction.

Control desk is after the scanning result daily record receiving client transmission, scanning result daily record is resolved, obtain its preset memory location and Virus Type, and issue delete instruction to client, this delete instruction is used to indicate client background and deletes virus corresponding to Virus Type to be scanned; After client receives the delete instruction that control desk issues, confirm preset memory location and the Virus Type at viral place, backstage obtains virus from preset memory location, and is deleted.The delete instruction that client issues based on control desk, the normal operation of deleting and not affecting terminal device of virus being mourned in silence from the backstage of terminal device.

At the delete instruction that client end response control desk issues, virus in terminal device is deleted, when client deletes virus, corresponding mode of deleting virus is selected according to the extent of injury of virus, described mode of deleting virus can realize including but not limited to following mode, such as: leak reparation, wooden horse killing, plug-in unit cleaning, security of system, security configuration etc.The embodiment of the present invention does not limit the specific implementation of deleting virus.

Wherein, leak reparation refers to the reparation to system vulnerability, system vulnerability refers to the defect of operating system in logical design or the mistake produced when writing, this defect or mistake can be utilized by illegal person or computer hacker, attack by implanting the mode such as wooden horse, virus or control whole computer, thus the capsule information stolen in computer and information, even destroy operating system, as a kind of preferred exemplary of the present embodiment, system vulnerability can comprise detection Loopholes of OS, office leak, third party's security update etc.;

Wooden horse killing refers to the killing to trojan horse program, trojan horse program is virus document popular at present, different from general virus, it can not self-reproduction, also " deliberately " do not go to infect alternative document, it, by self camouflage attraction user is downloaded execution, provides open by kind of a door for person's computer to executing kind of a wooden horse person, make to execute kind of person to damage arbitrarily, steal by the file of kind of person, even remote control is by the computer of kind of person;

Plug-in unit is cleared up, refer to the cleaning to plug-in unit, plug-in unit refers to the program that a kind of application programming interfaces following certain specification are write out, in computer system, some program needs the support of some plug-in units, wherein these plug-in unit classifications are various, after computer is poisoning, have some Malwares attack computer, these malicious plugins can download Virus Info, destroy, control etc. to computer system;

Security of system, refer to and apply system safety engineering and system security management method within systems life cycle, dangerous matter sources in identification system, and take effective control measure to make its danger minimum, thus make system reach best safe coefficient in the performance specified, time and cost-range;

Security configuration, refers to the configuration of influential system safety.

Optionally, after the virus in terminal device is deleted by client, the data content that virus is being run by client empties, when data content empties, can adopt but be not limited to under type realization, such as, call firststop mechanism, the data content that virus is being run empties.

The method of the remote virus-killing that the embodiment of the present invention provides, client, when carrying out security protection to terminal device, first, receives the virus scan strategy that control desk issues, comprises Virus Type to be scanned in this virus scan strategy; Secondly, whether consistent with Virus Type to be scanned client scans based on the terminal device of virus scan strategy to client place received, in scanning process, to determine in terminal device Virus Type; When determining to there is the Virus Type consistent with Virus Type to be scanned in terminal device, report scanning result daily record to described control desk; Wherein, the preset memory location of viral place terminal device is comprised in this scanning result daily record; Finally, client receives the delete instruction that control desk issues, and the virus that the Virus Type to be scanned that preset memory location stores based on this delete instruction by client is corresponding is deleted; Compared with prior art, the embodiment of the present invention to when to delete in terminal device viral, deletion be the virus that Virus Type that control desk is specified is corresponding, the safety of terminal device file can be guaranteed; In addition, when to delete in terminal device viral, virus is that " mourning in silence " deletes, and namely virus is deleted on the backstage of terminal device by client, can not affect operation and the response speed of terminal device; In addition, after virus is deleted, data content virus run empties, and improve the process that virus uses, the internal memory that releasing virus takies, certain procedures can improve operation and the response speed of terminal device.

Further, the deletion state of client in order to allow control desk learn virus in the terminal device at this client place, after virus to be deleted according to delete instruction by client, report virus to delete daily record to control desk, this virus is deleted in daily record and is recorded virus and delete successful daily record and the failed daily record of virus deletion.Its object is to, allow in control desk determination terminal device whether also there is virus corresponding to Virus Type to be scanned in virus scan strategy.

Further, due to virus can depend on, the position be stored in terminal device is uncertain, not unique, therefore, when client deletes virus, need the preset memory location of difference stored according to virus, determine the method for different deletion virus, below by for the preset memory location of virus for application program installation kit and application program, illustrate that the virus that Virus Type described to be scanned that how described preset memory location stores based on described delete instruction by client is corresponding is deleted.

When preset memory location is application program installation kit, client obtains this application program installation kit, and is deleted by this application program installation kit; Owing to comprising multiple file in application program installation kit, client, after deletion application program installation kit, determines whether this application program installation kit is deleted successfully, and all files folder that namely whether client comprises application program installation kit is thoroughly removed; After the thorough removing of all files folder that client determination application program installation kit comprises, virus is reported to delete successful daily record to control desk; After the thorough removing of all files folder that client determination application program installation kit comprises, virus is reported to delete failed daily record to control desk.Optionally, after the thorough removing of all files folder that client determination application program installation kit comprises, client ejects application program installation kit and removes residual information, to point out, whether user is manual carries out complete deletion by content residual in application program installation kit.

When preset memory location is application program, client directly obtains this application program, and the application program of acquisition is unloaded.After the offload is complete, client determines whether this application program unloads successfully, if application program unloads successfully, then reports virus to delete successful daily record to control desk; If application program dismount failure, then virus is reported to delete failed daily record to control desk.

It should be noted that, due to virus can depend on, the position be stored in terminal device is uncertain, not unique, above-described when preset memory location be application program installation kit and application program, be only exemplary citing, when practical operation, the embodiment of the present invention does not limit preset memory location, viral place.

Further, after client receives the virus scan strategy that control desk issues, virus scan strategy is resolved, obtain Virus Type to be scanned, based on this Virus Type to be scanned, the local virus database of client is upgraded, when reality is implemented, based on this Virus Type to be scanned to execution sequence the dividing without priority that the local virus database of client upgrades and client scans based on the terminal device of described virus scan strategy to client place, first can perform and based on this Virus Type to be scanned, the local virus database of client be upgraded, perform client again to scan based on the terminal device of described virus scan strategy to client place, or, based on this Virus Type to be scanned the local virus database of client upgraded and client to scan based on the terminal device of described virus scan strategy to client place be asynchronous execution.The embodiment of the present invention does not limit the execution sequence that the local virus database of client upgrades and client scans based on the terminal device of described virus scan strategy to client place based on this Virus Type to be scanned.

Optionally, after the virus database in control desk upgrades, upgrade the local virus database of client by control desk, when control desk upgrades the virus database in client, be background update, the normal running speed of terminal device can not be affected.

Further, as the refinement of above-described embodiment, when step 102 client scans based on the terminal device of described virus scan strategy to client place, as a kind of implementation of the embodiment of the present invention, client end response is in the first sweep limit instruction, and based on the first sweep limit instruction and virus scan strategy, the terminal device to client place scans; Wherein, this first sweep limit instruction is used to indicate and carries out scan full hard disk to terminal device.As the another kind of implementation of the embodiment of the present invention, client end response is in the second sweep limit instruction, and based on the second sweep limit instruction and virus scan strategy, the terminal device to client place scans; Wherein, this second sweep limit instruction is used to indicate and carries out local rapid scanning to the preset critical file in terminal device.

When client scans based on the terminal device of virus scan strategy to client place, the opportunity of its scanning can be the operation maintenance personnel setting of control desk, or, also can be the scanning of terminal user's manual triggers, the embodiment of the present invention limit the concrete opportunity to client scan terminal device.

Further, the embodiment of the present invention also provides the method for another kind of remote virus-killing, and the method is applied to control desk side, and as shown in Figure 2, the method comprises:

201, control desk issues virus scan strategy to terminal device.

Characteristic information in the terminal device stored in control desk, system characteristic of correspondence information in different terminal equipment there are differences, exemplary, when terminal device is Android system Android, characteristic information comprise following in any one or a few combination in any: the bag name of Android installation kit, version number, developer signs, the feature of Android assembly receiver, the feature of Android assembly service, the feature of Android assembly activity, the instruction in executable file or character string, the MD5 value of each file under Android installation kit catalogue; Wherein, described executable file comprises Dex file, and/or, ELF file; Described Dex file comprises classes.dex file, the file of expansion .jar by name, and, the file of Dex form.

When generating virus scan strategy, with reference to the Terminal Equipments characteristics information stored in control desk.Wherein, Virus Type to be scanned is comprised in described virus scan strategy; The associated description of associated virus scanning strategy, please refer to the detailed description of above-mentioned steps 101, the embodiment of the present invention, repeats no longer one by one at this.

202, control desk receives the scanning result daily record that described client reports.

Client is after receiving the virus scan strategy that control desk issues, scan based on the terminal device of this virus scan strategy to its place, and generate scanning result daily record, comprise the bag name, Virus Type etc. of the preset memory location of viral place terminal device corresponding to Virus Type, the corresponding virus of Virus Type in described scanning result daily record; Control desk receives the scanning result daily record that client sends, and preserves.

203, control desk issues delete instruction to described client.

Control desk is after the scanning result daily record receiving client transmission, scanning result daily record is resolved, obtain its preset memory location and Virus Type, and issue delete instruction to client, this delete instruction is used to indicate the virus that client background deletes described preset memory location storage.

Further, control desk sends after delete instruction to client, receives the virus that client sends and deletes daily record, and virus is deleted in daily record and comprised virus and delete successfully/failed information, the virus received is deleted daily record and is preserved, so that subsequent query by control desk.

Further, before issuing virus scan strategy to terminal device, first control desk generates virus scan strategy, and this virus scan strategy is used to indicate the virus of which kind of type of client scan, and virus scan strategy comprises the information such as bag name, Virus Type of the corresponding virus of Virus Type.The embodiment of the present invention does not limit the particular content comprised in virus scan strategy.

Further, after generation virus scan strategy, monitor Virus Type to be scanned and whether there is renewal; If monitor Virus Type to be scanned to there is renewal, then upgrade virus scan strategy; The virus database in client is upgraded based on the Virus Type described to be scanned after renewal, and to the notification message that client transmission virus database has upgraded.In the specific implementation, by the operation maintenance personnel of control desk to the renewal monitoring state of Virus Type, when operation maintenance personnel determines to there is new Virus Type, real-time update can be carried out to Virus Type in virus scan strategy, and by the renewal virus scan policy distribution after renewal to terminal device, to determine the safety of terminal device.

Further, as the realization to method shown in above-mentioned Fig. 1, another embodiment of the present invention additionally provides a kind of client.This device embodiment is corresponding with preceding method embodiment, for ease of reading, this device embodiment no longer repeats one by one to the detail content in preceding method embodiment, but should be clear and definite, and the device in the present embodiment corresponding can realize the full content in preceding method embodiment.

The embodiment of the present invention provides a kind of client, and as shown in Figure 3, this client comprises:

First receiving element 31, for receiving the virus scan strategy that control desk issues, comprises Virus Type to be scanned in described virus scan strategy;

Scanning element 32, scans for the terminal device of described virus scan strategy to client place received based on described first receiving element 31;

Determining unit 33, in the process that scans based on the terminal device of described virus scan strategy to client place in described scanning element 32, determines whether described terminal device exists the Virus Type consistent with described Virus Type to be scanned;

First reports unit 34, for determining that when described determining unit 33 described terminal device exists the Virus Type consistent with described Virus Type to be scanned, then reports scanning result daily record to described control desk; The preset memory location of viral place terminal device is comprised in described scanning result daily record;

Second receiving element 35, for reporting unit 34 to after described control desk reports scanning result daily record described first, receives the delete instruction that described control desk issues;

Delete cells 36, the virus that the Virus Type described to be scanned that described preset memory location stores by the described delete instruction for receiving based on described second receiving element 35 is corresponding is deleted, and described delete instruction is used to indicate backstage and deletes described virus.

Further, as shown in Figure 4, described client also comprises:

Second reports unit 37, after deleting for the virus that the Virus Type described to be scanned stored described preset memory location based on described delete instruction at described delete cells 36 is corresponding, report virus to delete daily record to described control desk, described virus is deleted in daily record and is comprised virus and delete successfully/failed information.

Further, as shown in Figure 4, when described preset memory location is application program installation kit, described delete cells 36 comprises:

First acquisition module 361, for obtaining described application program installation kit;

Removing module 362, deletes for the described application program installation kit obtained by described first acquisition module 361;

First determination module 363, for determining whether the described application program installation kit that described removing module 362 is deleted is deleted successfully;

Described second reports unit 37, also for when described delete cells 36 determines that described application program installation kit is deleted successfully, reports virus to delete successful daily record to described control desk;

Described second reports unit 37, also for when described second report unit 37 to determine described application program installation kit is deleted unsuccessfully, then report to described control desk the daily record that viral deletion is failed.

Further, as shown in Figure 4, when described preset memory location is application program, described delete cells 36 comprises:

Second acquisition module 364, for obtaining described application program;

Unload module 365, for unloading the described application program that described second acquisition module 364 obtains;

Second determination module 366, for determining whether the described application program that described Unload module 365 unloads unloads successfully;

Described second reports unit 37, also for when described delete cells 36 determines that described application program unloads successfully, reports virus to delete successful daily record to described control desk;

Described second reports unit 37, also for when described delete cells 36 determines described application program dismount failure, reports virus to delete failed daily record to described control desk.

Further, as shown in Figure 4, described client also comprises:

Resolution unit 38, for receive virus scan strategy that control desk issues at described first receiving element 31 after, resolves described virus scan strategy;

Acquiring unit 39, for carrying out in resolving individual in described resolution unit 38 to described virus scan strategy, obtains described Virus Type to be scanned;

Updating block 310, upgrades local virus database for the Virus Type described to be scanned obtained based on described acquiring unit 39.

Further, as shown in Figure 4, described scanning element 32 comprises:

First scan module 321, in response to the first sweep limit instruction, based on described first sweep limit instruction and described virus scan strategy, the terminal device to client place scans; Wherein, described first sweep limit instruction is used to indicate and carries out scan full hard disk to terminal device;

Second scan module 322, in response to the second sweep limit instruction, based on described second sweep limit instruction and described virus scan strategy, the terminal device to client place scans; Wherein, described second sweep limit instruction is used to indicate and carries out local rapid scanning to the preset critical file in terminal device.

Further, as the realization to method shown in above-mentioned Fig. 2, another embodiment of the present invention additionally provides a kind of control desk.This device embodiment is corresponding with preceding method embodiment, for ease of reading, this device embodiment no longer repeats one by one to the detail content in preceding method embodiment, but should be clear and definite, and the device in the present embodiment corresponding can realize the full content in preceding method embodiment.

A kind of control desk that the embodiment of the present invention provides, as shown in Figure 5, this control desk comprises:

First issues unit 51, for issuing virus scan strategy to terminal device, comprises Virus Type to be scanned in described virus scan strategy;

First receiving element 52, for issuing unit 51 to after described terminal device issues virus scan strategy described first, receives the scanning result daily record that described client reports; The preset memory location of viral place terminal device corresponding to described Virus Type to be scanned is comprised in described scanning result daily record;

Second issues unit 53, for receive scanning result daily record that described client reports at described first receiving element 52 after, issue delete instruction to described client, described delete instruction is used to indicate the virus that client background deletes described preset memory location storage.

Further, as shown in Figure 6, described control desk also comprises:

Second receiving element 54, for issuing unit 53 to after described client issues delete instruction described second, receiving the virus that described client sends and deleting daily record, and described virus is deleted in daily record and comprised virus and delete successfully/failed information.

Further, as shown in Figure 6, described control desk comprises:

Generation unit 55, for issuing before unit 51 issues virus scan strategy to terminal device described first, generates described virus scan strategy.

Further, as shown in Figure 6, described control desk also comprises:

Monitoring means 56, after generating described virus scan strategy at described generation unit 55, monitors described Virus Type to be scanned and whether there is renewal;

First updating block 57, during for monitoring described Virus Type to be scanned existence renewal when described monitoring means 56, upgrades described virus scan strategy;

Second updating block 58, for upgrading the virus database in described client based on the Virus Type described to be scanned after described first updating block 57 renewal;

Transmitting element 59, after upgrading the virus database in described client at described second updating block 58, sends to described client the notification message that described virus database upgraded.

Further, the embodiment of the present invention also provides a kind of system of remote virus-killing, as shown in Figure 7, described system comprises: client 71 as shown in Figure 3 or Figure 4 and control desk 72 as shown in Figure 5 or Figure 6.

The system of client provided by the invention, control desk and remote virus-killing, client, when carrying out security protection to terminal device, first, receives the virus scan strategy that control desk issues, comprises Virus Type to be scanned in this virus scan strategy; Secondly, whether consistent with Virus Type to be scanned client scans based on the terminal device of virus scan strategy to client place received, in scanning process, to determine in terminal device Virus Type; When determining to there is the Virus Type consistent with Virus Type to be scanned in terminal device, report scanning result daily record to described control desk; Wherein, the preset memory location of viral place terminal device is comprised in this scanning result daily record; Finally, client receives the delete instruction that control desk issues, and the virus that the Virus Type to be scanned that preset memory location stores based on this delete instruction by client is corresponding is deleted; Compared with prior art, the embodiment of the present invention to when to delete in terminal device viral, deletion be the virus that Virus Type that control desk is specified is corresponding, the safety of terminal device file can be guaranteed; In addition, when to delete in terminal device viral, virus is that " mourning in silence " deletes, and namely virus is deleted on the backstage of terminal device by client, can not affect operation and the response speed of terminal device; In addition, after virus is deleted, data content virus run empties, and improve the process that virus uses, the internal memory that releasing virus takies, certain procedures can improve operation and the response speed of terminal device.

Further, the embodiment of the present invention also provides another embodiment, wherein, the enterprise management system that client (program managing and control system) is intelligent terminal (as: mobile terminal), it is enterprise-oriented mobile terminal administration platform, its server end (control desk) is deployed in corporate intranet, and client is arranged on the mobile terminal that need be managed.

Server end (control desk) is the unified console based on web, is responsible for the management of client, the application program issuing corporate intranet and management, distributing policy etc.

Client is for the strategy that performs server end and issue and mobile office.

The function of client is mainly manifested in the following aspects:

A. work alone district

The anti-mechanism of divulging a secret of client-based data, client establishes the district that works alone on mobile terminals, and all enterprise's application and data are stored in shielded workspace.Accordingly, the memory headroom outside workspace is called individual district, and all individual applications and data are stored in individual district, and individual application cannot access business data, thus avoids business data by individual application unauthorized access, access.Workspace in mobile terminal and individual Qu Ke switch.

B. workspace is provided with the application such as E-mail address, calendar, contact person, note, browser and application market.

Can check, send and receive e-mail in E-mail address.

Calendar can check the appointment that exchange is synchronous, newly-built, editor's calendar appointment.

Can newly-built or importing contact person in contact person.The contact person of workspace and message registration and individual district completely isolated, the message registration occurred in workspace can be set and whether be presented at individual district.

Note and the individual district of workspace are completely isolated.

Browser provides web page access function.

By the application program that application market Download Server end pushes.

Present the following aspects of menu of server end (control desk):

A. enterprise's application library

Server end establishes a private space, and for storing the application program of uploading onto the server in end, be called enterprise's application library, enterprise's application library is for generating application market.Server end can extract the information such as the logo of application program automatically, facilitates the management of keeper, and application program can be handed down to client.

B. security strategy is issued

The kind of client area screen locking password, complexity and replacement cycle etc. are set.

Arrange after client exceeds Offtime, can not access client workspace.

Forbid workspace screenshotss, forbid copying from workspace, paste, shear content to individual district; Camera based on geographic position is forbidden.

Periodic detection client whether by root or escape from prison, and sets corresponding disposal route.

C. administrative client

When client exists security threat, remove the data of client, comprise mailbox, the file of storage, relevant security strategy and configuration file etc., but do not affect the data in individual district.

When the mobile terminal at client place is lost, send lock command, the workspace of locking client, to protect the data of workspace.

When user forgets the screen locking password of workspace or in particular cases keeper needs access client, send unlock command, remove the screen locking password of workspace.

When user forgets that the screen locking password of workspace or keeper need involuntary conversion workspace screen locking password, send new screen locking password.

When the mail of client does not upgrade for a long time, send synchronous commands for mail, make client synchronization mail.Because the frequency of client synchronization mail is not identical, when keeper sends emergency mail, mail synchronization function can be utilized, guarantee that a client gets the mail in time.

Utilize the locating information that client is collected, location, position is carried out to client, facilitate keeper to understand the position of client.

When the mobile terminal at client place is lost, send and start ring order, client is given the alarm.

Batch PUSH message or url are to client.PUSH message has two kinds of forms: PUSH message and sending out notice, and message is only presented in the message widget of workspace desktop, and notice will show content of announcement by bullet window when user enters workspace.

The embodiment of the invention discloses:

A kind of method of A1, remote virus-killing, comprising:

A2, method according to A1, after the virus that the Virus Type described to be scanned stored described preset memory location based on described delete instruction is corresponding is deleted, described method also comprises:

Report virus to delete daily record to described control desk, described virus is deleted in daily record and is comprised virus and delete successfully/failed information.

A3, method according to A2, when described preset memory location is application program installation kit, the virus that the Virus Type described to be scanned stored described preset memory location based on described delete instruction is corresponding is deleted and is comprised:

Obtain described application program installation kit, and described application program installation kit is deleted;

Determine whether described application program installation kit is deleted successfully;

Report virus to delete daily record to described control desk to comprise:

If determine, described application program installation kit is deleted successfully, then report virus to delete successful daily record to described control desk;

If determine, described application program installation kit is deleted unsuccessfully, then report virus to delete failed daily record to described control desk.

A4, method according to A2, when described preset memory location is application program, the virus that the Virus Type described to be scanned stored described preset memory location based on described delete instruction is corresponding is deleted and is comprised:

Obtain described application program, and unload described application program;

Determine whether described application program unloads successfully;

Report virus to delete daily record to described control desk to comprise:

If determine, described application program unloads successfully, then report virus to delete successful daily record to described control desk;

If determine described application program dismount failure, then virus is reported to delete failed daily record to described control desk.

A5, method according to any one of A1-A4, after client receives the virus scan strategy that control desk issues, described method also comprises:

Described virus scan strategy is resolved, obtains described Virus Type to be scanned;

Based on described Virus Type to be scanned, local virus database is upgraded.

A6, method according to A5, comprise based on the terminal device of described virus scan strategy to client place:

In response to the first sweep limit instruction, based on described first sweep limit instruction and described virus scan strategy, the terminal device to client place scans; Wherein, described first sweep limit instruction is used to indicate and carries out scan full hard disk to terminal device;

In response to the second sweep limit instruction, based on described second sweep limit instruction and described virus scan strategy, the terminal device to client place scans; Wherein, described second sweep limit instruction is used to indicate and carries out local rapid scanning to the preset critical file in terminal device.

A kind of method of B7, remote virus-killing, comprising:

Receive the scanning result daily record that described client reports; The preset memory location of viral place terminal device corresponding to described Virus Type to be scanned is comprised in described scanning result daily record;

B8, method according to B7, after issuing delete instruction to described client, described method also comprises:

Receive the virus that described client sends and delete daily record, described virus is deleted in daily record and is comprised virus and delete successfully/failed information.

B9, method according to B8, before control desk issues virus scan strategy to terminal device, described method also comprises:

Generate described virus scan strategy.

B10, method according to B9, after the described virus scan strategy of generation, described method also comprises:

Monitor described Virus Type to be scanned and whether there is renewal;

If monitor described Virus Type to be scanned to there is renewal, then upgrade described virus scan strategy;

Upgrade virus database in described client based on the Virus Type described to be scanned after upgrading, and send to described client the notification message that described virus database upgraded.

C11, a kind of client, comprising:

C12, client according to C11, described client also comprises:

Second reports unit, after deleting for the virus that the Virus Type described to be scanned stored described preset memory location based on described delete instruction at described delete cells is corresponding, report virus to delete daily record to described control desk, described virus is deleted in daily record and is comprised virus and delete successfully/failed information.

C13, client according to C12, when described preset memory location is application program installation kit, described delete cells comprises:

First acquisition module, for obtaining described application program installation kit;

Removing module, deletes for the described application program installation kit obtained by described first acquisition module;

First determination module, for determining whether the described application program installation kit that described removing module is deleted is deleted successfully;

Described second reports unit, time also for determining that described application program installation kit is deleted successfully when described delete cells, reports virus to delete successful daily record to described control desk;

Described second reports unit, also for when described second report unit to determine described application program installation kit is deleted unsuccessfully, then report to described control desk the daily record that viral deletion is failed.

C14, client according to C12, when described preset memory location is application program, described delete cells comprises:

Second acquisition module, for obtaining described application program;

Unload module, for unloading the described application program that described second acquisition module obtains;

Second determination module, for determining whether the described application program that described Unload module unloads unloads successfully;

Described second reports unit, also for when described delete cells determines that described application program unloads successfully, reports virus to delete successful daily record to described control desk;

Described second reports unit, also for when described delete cells determines described application program dismount failure, reports virus to delete failed daily record to described control desk.

C15, client according to any one of C11-C14, described client also comprises:

Resolution unit, after receiving the virus scan strategy that issues of control desk at described first receiving element, resolves described virus scan strategy;

Acquiring unit, for carrying out in resolving individual in described resolution unit to described virus scan strategy, obtains described Virus Type to be scanned;

Updating block, upgrades local virus database for the Virus Type described to be scanned obtained based on described acquiring unit.

C16, client according to C15, described scanning element comprises:

First scan module, in response to the first sweep limit instruction, based on described first sweep limit instruction and described virus scan strategy, the terminal device to client place scans; Wherein, described first sweep limit instruction is used to indicate and carries out scan full hard disk to terminal device;

Second scan module, in response to the second sweep limit instruction, based on described second sweep limit instruction and described virus scan strategy, the terminal device to client place scans; Wherein, described second sweep limit instruction is used to indicate and carries out local rapid scanning to the preset critical file in terminal device.

D17, a kind of control desk, comprising:

First receiving element, for issuing unit to after described terminal device issues virus scan strategy described first, receives the scanning result daily record that described client reports; The preset memory location of viral place terminal device corresponding to Virus Type is comprised in described scanning result daily record;

D18, control desk according to D17, described control desk also comprises:

Second receiving element, for issuing unit to after described client issues delete instruction described second, receiving the virus that described client sends and deleting daily record, and described virus is deleted in daily record and comprised virus and delete successfully/failed information.

D19, control desk according to D18, described control desk comprises:

Generation unit, for issuing before unit issues virus scan strategy to terminal device described first, generates described virus scan strategy.

D20, control desk according to D19, described control desk also comprises:

Monitoring means, after generating described virus scan strategy at described generation unit, monitors described Virus Type to be scanned and whether there is renewal;

First updating block, during for monitoring described Virus Type to be scanned existence renewal when described monitoring means, upgrades described virus scan strategy;

Second updating block, for upgrading the virus database in described client based on the Virus Type described to be scanned after described first updating block renewal;

Transmitting element, after upgrading the virus database in described client at described second updating block, sends to described client the notification message that described virus database upgraded.

The system of E21, a kind of remote virus-killing, described system comprises: the client according to any one of C11-C16 and the control desk according to any one of D17 to D20.

In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part described in detail, can see the associated description of other embodiments.

Be understandable that, the correlated characteristic in said method and device can reference mutually.In addition, " first ", " second " in above-described embodiment etc. are for distinguishing each embodiment, and do not represent the quality of each embodiment.

Those skilled in the art can be well understood to, and for convenience and simplicity of description, the system of foregoing description, the specific works process of device and unit, with reference to the corresponding process in preceding method embodiment, can not repeat them here.

Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with display at this algorithm provided.Various general-purpose system also can with use based on together with this teaching.According to description above, the structure constructed required by this type systematic is apparent.In addition, the present invention is not also for any certain programmed language.It should be understood that and various programming language can be utilized to realize content of the present invention described here, and the description done language-specific is above to disclose preferred forms of the present invention.

In instructions provided herein, describe a large amount of detail.But can understand, embodiments of the invention can be put into practice when not having these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.

Similarly, be to be understood that, in order to simplify the disclosure and to help to understand in each inventive aspect one or more, in the description above to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes.But, the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires feature more more than the feature clearly recorded in each claim.Or rather, as claims below reflect, all features of disclosed single embodiment before inventive aspect is to be less than.Therefore, the claims following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.

Those skilled in the art are appreciated that and adaptively can change the module in the equipment in embodiment and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and multiple submodule or subelement or sub-component can be put them in addition.Except at least some in such feature and/or process or unit be mutually repel except, any combination can be adopted to combine all processes of all features disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) and so disclosed any method or equipment or unit.Unless expressly stated otherwise, each feature disclosed in this instructions (comprising adjoint claim, summary and accompanying drawing) can by providing identical, alternative features that is equivalent or similar object replaces.

In addition, those skilled in the art can understand, although embodiments more described herein to comprise in other embodiment some included feature instead of further feature, the combination of the feature of different embodiment means and to be within scope of the present invention and to form different embodiments.Such as, in the following claims, the one of any of embodiment required for protection can use with arbitrary array mode.

All parts embodiment of the present invention with hardware implementing, or can realize with the software module run on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that the some or all functions of the some or all parts in the denomination of invention (as determined the device of website internal chaining grade) that microprocessor or digital signal processor (DSP) can be used in practice to realize according to the embodiment of the present invention.The present invention can also be embodied as part or all equipment for performing method as described herein or device program (such as, computer program and computer program).Realizing program of the present invention and can store on a computer-readable medium like this, or the form of one or more signal can be had.Such signal can be downloaded from internet website and obtain, or provides on carrier signal, or provides with any other form.

The present invention will be described instead of limit the invention to it should be noted above-described embodiment, and those skilled in the art can design alternative embodiment when not departing from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and does not arrange element in the claims or step.Word "a" or "an" before being positioned at element is not got rid of and be there is multiple such element.The present invention can by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In the unit claim listing some devices, several in these devices can be carry out imbody by same hardware branch.Word first, second and third-class use do not represent any order.Can be title by these word explanations.

Claims

1. a method for remote virus-killing, is characterized in that, comprising:

2. method according to claim 1, is characterized in that, after the virus that the Virus Type described to be scanned stored described preset memory location based on described delete instruction is corresponding is deleted, described method also comprises:

3. method according to claim 2, is characterized in that, when described preset memory location is application program installation kit, virus deletion corresponding for the Virus Type described to be scanned of described preset memory location storage is comprised based on described delete instruction:

Report virus to delete daily record to described control desk to comprise:

4. method according to claim 2, is characterized in that, when described preset memory location is application program, virus deletion corresponding for the Virus Type described to be scanned of described preset memory location storage is comprised based on described delete instruction:

Obtain described application program, and unload described application program;

Determine whether described application program unloads successfully;

Report virus to delete daily record to described control desk to comprise:

5. the method according to any one of claim 1-4, is characterized in that, after the virus scan strategy that client reception control desk issues, described method also comprises:

Based on described Virus Type to be scanned, local virus database is upgraded.

6. method according to claim 5, is characterized in that, comprises based on the terminal device of described virus scan strategy to client place:

7. a method for remote virus-killing, is characterized in that, comprising:

8. a client, is characterized in that, comprising:

9. a control desk, is characterized in that, comprising:

10. a system for remote virus-killing, is characterized in that, described system comprises: client as claimed in claim 8 and control desk as claimed in claim 9.