CN108280347A - A kind of method and device of virus scan - Google Patents
A kind of method and device of virus scan Download PDFInfo
- Publication number
- CN108280347A CN108280347A CN201711423977.4A CN201711423977A CN108280347A CN 108280347 A CN108280347 A CN 108280347A CN 201711423977 A CN201711423977 A CN 201711423977A CN 108280347 A CN108280347 A CN 108280347A
- Authority
- CN
- China
- Prior art keywords
- file destination
- virus
- local
- file
- library
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/568—Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
Abstract
Embodiment of the invention discloses that a kind of method and device of virus scan, this method is after receiving the target instruction target word information for carrying out virus scan to file destination, judge whether local virus library upgrades, if desired upgrade, after then upgrading to local virus library, the local killing of operation is scanned file destination, obtains whether file destination takes viruliferous targeted scans result.After this method receives file destination, upgrading whether is needed to judge local virus library, it realizes and timely updates to local virus library file, overcome the hysteresis quality to local virus library document upgrading, to reduce the false dismissal probability to taking viruliferous file.
Description
Technical field
The present embodiments relate to technical field of network security, more particularly, to a kind of method and device of virus scan.
Background technology
Virus scan is referred to by running whether the application program of virus scan carries viral progress to specified file
The method of scanning and processing.During identifying whether file carries virus, local virus library is called, according to local virus library
In Virus Sample be identified to whether this document carries virus, and then repaired or deleted to taking viruliferous file
Operation.
However, existing local virus library file was upgraded manually by staff or at preset time point
Automatically upgrade, can just local virus library file be upgraded by being only manually operated or reach after the time point, to nothing
Method realizes timely updating for local virus library file.
During realizing the embodiment of the present invention, inventor has found the existing method for carrying out checking and killing virus to file
In, due to the hysteresis quality of local virus library document upgrading, lead to the missing inspection to taking viruliferous file.
Invention content
The technical problem to be solved by the present invention is to how solve in the existing method for carrying out checking and killing virus to file, by
In the hysteresis quality of local virus library document upgrading, the problem of leading to the missing inspection to taking viruliferous file.
For the above technical problem, the embodiment provides a kind of methods of virus scan, including:
Obtain the command information that virus scan is carried out to file destination;
Judge whether to upgrade the local virus library according to newest target viral library and local virus library, if so, by institute
It states local virus library and upgrades to the target viral library;
The local killing of operation carries out virus scan to the file destination, obtain the file destination whether take it is viruliferous
Targeted scans result;
Wherein, the local virus library is the virus base that the operation local killing is called.
Optionally, the local killing of the operation carries out virus scan to the file destination, and obtaining the file destination is
It is no to take viruliferous targeted scans as a result, including:
The local killing of operation carries out virus scan to the file destination, obtain the file destination whether take it is viruliferous
First scanning result;
It runs cloud killing and virus scan is carried out to the file destination, obtain whether the file destination takes viruliferous the
Two scanning results;
If first scanning result is the file destination carrying virus or second scanning result is the target
File carries virus, then the targeted scans result is that the file destination carries virus;
If first scanning result is the file destination, not carry virus and second scanning result be the mesh
Mark file does not carry virus, then the targeted scans result is that the file destination does not carry virus.
Optionally, the local killing of the operation carries out virus scan to the file destination, and obtaining the file destination is
It is no to take viruliferous first scanning result, including:
It runs heuristic killing and virus scan is carried out to the file destination, obtain whether the file destination carries PE diseases
The third scanning result of poison, and/or, operation QEX scripts killing carries out virus scan to the file destination, obtains the target
Whether file carries the 4th scanning result of non-PE viruses;
If the third scanning result is the file destination carrying PE viruses or the 4th scanning result is the mesh
It marks file and carries non-PE viruses, then first scanning result is that the file destination carries virus;
If the third scanning result is the file destination, not carry PE viruses and the 4th scanning result be described
File destination does not carry non-PE viruses, then first scanning result is that the file destination does not carry virus;
Wherein, the local killing is the heuristic killing or the QEX scripts killing.
Optionally, described to be judged whether to upgrade the local virus according to newest target viral library and local virus library
Library, including:
The first version number in the target viral library and the second edition number of the local virus library are obtained, if described
First version number and the second edition number differ, then judge to upgrade the local virus library.
Optionally, further include:
If the targeted scans result, which is the file destination, carries virus, judge whether the file destination can be repaired
For secure file;
It is the safety text by the file destination reparation if the file destination can be repaired as the secure file
Part;
If the file destination cannot be repaired as the secure file, sends out the file destination and take viruliferous prompt
Information.
Second aspect, the embodiment provides a kind of devices of virus scan, including:
Receiving module, for receiving the command information for carrying out virus scan to file destination;
Upgraded module upgrades local virus library for judging whether according to newest target viral library and local virus library,
If so, the local virus library is upgraded to the target viral library;
Scan module carries out virus scan to the file destination for running local killing, obtains the file destination
Whether viruliferous targeted scans result is taken;
Wherein, the local virus library is the virus base that the operation local killing is called.
Optionally, the scan module is additionally operable to run local killing to file destination progress virus scan, obtains
Whether the file destination takes viruliferous first scanning result;It runs cloud killing and virus scan is carried out to the file destination,
Obtain whether the file destination takes viruliferous second scanning result;It is taken if first scanning result is the file destination
Band virus or second scanning result are that the file destination carries virus, then the targeted scans result is target text
Part carries virus;If first scanning result is the file destination, not carry virus and second scanning result be described
File destination does not carry virus, then the targeted scans result is that the file destination does not carry virus.
Optionally, the scan module is additionally operable to run heuristic killing to file destination progress virus scan, obtains
The third scanning result of PE viruses whether is carried to the file destination, and/or, operation QEX scripts killing is to target text
Part carries out virus scan, obtains the 4th the scanning result whether file destination carries non-PE viruses;If the third scanning
As a result it is that the file destination carries non-PE viruses to carry PE viruses or the 4th scanning result for the file destination, then institute
It is that the file destination carries virus to state the first scanning result;If the third scanning result, which is the file destination, does not carry PE
Viral and described 4th scanning result is that the file destination does not carry non-PE viruses, then first scanning result is the mesh
Mark file does not carry virus;Wherein, the local killing is the heuristic killing or the QEX scripts killing.
Optionally, the upgraded module is additionally operable to obtain the first version number in the target viral library and the local disease
The second edition number in malicious library judges if the first version number and the second edition number differ described in upgrading
Local virus library.
Optionally, further include repair module, if the repair module is target text for the targeted scans result
Part carries virus, then judges whether the file destination can be repaired as secure file;If it is described that the file destination, which can be repaired,
The file destination reparation is then the secure file by secure file;If the file destination cannot be repaired as the safety
The file destination reparation is then the secure file, sends out the file destination and take viruliferous prompt message by file.
The third aspect, the embodiments of the present invention also provide a kind of electronic equipment, including:
At least one processor, at least one processor, communication interface and bus;Wherein,
The processor, memory, communication interface complete mutual communication by the bus;
Between communication equipment of the communication interface for the communication equipment or terminal of the electronic equipment and server
Information is transmitted;
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to refer to
Enable the method being able to carry out described in any of the above item.
Fourth aspect, it is described non-temporary the embodiments of the present invention also provide a kind of non-transient computer readable storage medium
State computer-readable recording medium storage computer instruction, the computer instruction make the computer execute any of the above item institute
The method stated.
The embodiment provides a kind of method and device of virus scan, this method is being received to file destination
After the target instruction target word information for carrying out virus scan, judges whether local virus library upgrades, if desired upgrade, then to local
After virus base is upgraded, runs local killing and file destination is scanned, obtain whether file destination takes viruliferous mesh
Mark scanning result.After this method receives file destination, i.e., whether needs upgrading to judge local virus library, realize pair
Local virus library file timely updates, and overcomes the hysteresis quality to local virus library document upgrading, to reduce to carrying
The false dismissal probability of the file of virus.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Some bright embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is the flow diagram of the method for virus scan provided by one embodiment of the present invention;
Fig. 2 is that the virus base and file scan of local killing in the proxy server that another embodiment of the present invention provides draw
Hold up the process schematic of upgrading;
Fig. 3 is the structure diagram of the device for the virus scan that another embodiment of the present invention provides;
Fig. 4 is the structure diagram for the electronic equipment that another embodiment of the present invention provides.
Specific implementation mode
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
The every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
Fig. 1 is a kind of flow diagram of the method for virus scan provided in this embodiment, and referring to Fig. 1, this method includes:
101:Obtain the command information that virus scan is carried out to file destination;
102:Judged whether to upgrade local virus library according to newest target viral library and local virus library, if so, by institute
It states local virus library and upgrades to the target viral library;
103:The local killing of operation carries out virus scan to the file destination, obtains whether the file destination carries disease
The targeted scans result of poison;
Wherein, the local virus library is the virus base that the operation local killing is called.
It should be noted that method provided in this embodiment is executed by server or terminal (for example, mobile phone or computer),
For example, being executed by proxy server (such as Nginx).
File destination can be the file to be transmitted for needing to be transferred to miscellaneous equipment (for example, terminal or server),
Can also be the file to be detected being stored in current server or terminal, the present embodiment is without limitation.For example,
After server or terminal receive the file destination, the command information that virus scan is carried out to file destination is actively generated, or
Person receives the command information that virus scan is carried out to file destination.It will be appreciated that the method for executing the present embodiment is agency
Server, in general, it is mesh to be transmitted that proxy server, which is received by the file destination of terminal or the transmission of other servers,
Mark file.And file destination to be detected is usually the file being stored in current server or terminal.
Target viral library is last updated virus base, can obtain mesh from the server being specially updated to virus base
Mark virus base.It, can be by comparing target viral library and local viral version number when judging whether to upgrade local virus library
It determines, or directly determines that the present embodiment does not do this specifically by comparing the Virus Sample in target viral library and local virus
Limitation.In addition, upgrade to the target viral library according to by the local virus library, including:The target viral library is downloaded, it will
The local virus library replaces with the target viral library.
The embodiment provides a kind of method of virus scan, this method is being received to file destination progress disease
After the target instruction target word information of poison scanning, judges whether local virus library upgrades, if desired upgrade, then to local virus library
After being upgraded, runs local killing and file destination is scanned, obtain whether file destination takes viruliferous targeted scans
As a result.After this method receives file destination, i.e., whether needs upgrading to judge local virus library, realize to local disease
Malicious library file timely updates, and overcomes the hysteresis quality to local virus library document upgrading, viruliferous to taking to reduce
The false dismissal probability of file.
Further, on the basis of the above embodiments, the local killing of the operation carries out disease to the file destination
Poison scanning, obtains whether the file destination takes viruliferous targeted scans as a result, including:
The local killing of operation carries out virus scan to the file destination, obtain the file destination whether take it is viruliferous
First scanning result;
It runs cloud killing and virus scan is carried out to the file destination, obtain whether the file destination takes viruliferous the
Two scanning results;
If first scanning result is the file destination carrying virus or second scanning result is the target
File carries virus, then the targeted scans result is that the file destination carries virus;
If first scanning result is the file destination, not carry virus and second scanning result be the mesh
Mark file does not carry virus, then the targeted scans result is that the file destination does not carry virus.
It should be noted that can first carry out local killing in method provided in this embodiment executes cloud killing again, also may be used
Local killing is executed again to first carry out cloud killing, and the present embodiment does not do concrete restriction to the sequencing of the execution of the two.
Further, the operation cloud killing carries out virus scan to the file destination, and obtaining the file destination is
It is no to take viruliferous second scanning result, including:
Calculate corresponding to the file destination MD5 values or SHA1 values, by the MD5 values or the SHA1 values be sent to
The corresponding server of the cloud killing, if it is target text to receive to the feedback result of the file destination into killing of racking
Part carries virus, then second scanning result is that the file destination carries virus, if the feedback result received is
The file destination does not carry virus, then second scanning result is that the file destination does not carry virus.
Wherein, to file destination into rack killing when, the corresponding MD5 values of the file destination are calculated by MD5 algorithms, or
The corresponding SHA1 values of the file destination are calculated by Secure Hash Algorithm, the MD5 values or SHA1 values are then sent to execution should
The corresponding server of cloud killing.Whether there are the MD5 values or SHA1 values in the corresponding virus base of whois lookup cloud killing, if
Have, then sending file destination to the proxy server takes viruliferous feedback result, otherwise, target is sent to the proxy server
File does not take viruliferous feedback result.
The embodiment provides a kind of method of virus scan, this method both carried out local look into file destination
It kills, and file destination is detected to whether file destination carries virus by the combination of the two, is reduced into killing of racking
To the probability for the viral flase drop and missing inspection that file destination carries.
Further, it on the basis of the various embodiments described above, runs heuristic killing and disease is carried out to the file destination
Poison scanning, obtains the third the scanning result whether file destination carries PE viruses, and/or, operation QEX scripts killing is to institute
It states file destination and carries out virus scan, obtain the 4th the scanning result whether file destination carries non-PE viruses;
If the third scanning result is the file destination carrying PE viruses or the 4th scanning result is the mesh
It marks file and carries non-PE viruses, then first scanning result is that the file destination carries virus;
If the third scanning result is the file destination, not carry PE viruses and the 4th scanning result be described
File destination does not carry non-PE viruses, then first scanning result is that the file destination does not carry virus;
Wherein, the local killing is the heuristic killing or the QEX scripts killing.
It should be noted that heuristic killing is mainly used for scanning and processing to PE viruses, QEX script killings are mainly used
In scanning and processing to non-PE viruses.
In the present embodiment, when only running heuristic killing, if the third scanning result carries for the file destination
PE viruses, then first scanning result is that the file destination carries virus;If the third scanning result is the target
File does not carry PE viruses, then first scanning result is that the file destination does not carry virus.
When only running QEX script killings, non-PE viruses are carried if the 4th scanning result is the file destination,
First scanning result is that the file destination carries virus;It is not carried if the 4th scanning result is the file destination
Non- PE viruses, then first scanning result is that the file destination does not carry virus.
When not only running heuristic killing but also running QEX script killings, only when third scanning result is target text
Part does not carry PE viruses and the 4th scanning result when being that the file destination does not carry non-PE viruses, the first scanning knot
Fruit is that the file destination does not carry virus;Third scanning result is that the file destination carries PE viruses or the 4th scanning
As a result it is that the file destination carries non-PE viruses, then the file destination carries virus.
The embodiment provides a kind of method of virus scan, this method is for local server or terminal
On more specifically heuristic killing and QEX script killings, in file destination whether carrying virus carry out specifically
Inspection.
Further, described to be judged according to target viral library and local virus library on the basis of the various embodiments described above
Whether local virus library is upgraded, including:
The first version number in the target viral library and the second edition number of the local virus library are obtained, if described
First version number and the second edition number differ, then judge to upgrade the local virus library, if the first version
Number is identical with the second edition number, then does not upgrade to the local virus library;
It should be noted that except through first version number and second edition number to determine whether the local virus of upgrading
Outside library, it can also judge whether to upgrade local virus library by other methods, such as:
Corresponding first file in the target viral library and corresponding second file of the local virus library are obtained, if described
First file and second file differ, then judge to upgrade the local virus library, if first file and described
Two files are identical, then do not upgrade to the local virus library.
The embodiment provides a kind of methods of virus scan, and this method provides judge whether to upgrade virus base
Method, due to version number obtain it is convenient, by the comparison of version number can to whether upgrade virus base carry out it is fast
Speed judges.
Further, on the basis of the various embodiments described above, further include:
If the targeted scans result, which is the file destination, carries virus, judge whether the file destination can be repaired
For secure file;
It is the safety text by the file destination reparation if the file destination can be repaired as the secure file
Part;
If the file destination cannot be repaired as the secure file, sends out the file destination and take viruliferous prompt
Information.
Take whether viruliferous file destination can be repaired it should be noted that checking, and the reparation to file destination,
It can be realized by corresponding software, the present embodiment is not particularly limited this.For example, the software is to the virus in file destination
The position at place is checked, if the file header of the file destination is implanted by virus, judges that the file destination cannot be repaired.If
Virus implants in file destination, and deletes the operation for not influencing the file destination after the file destination, then judges the target
File can be repaired.If it is determined that the file destination can be repaired, then the file destination is repaired, the safety after being repaired
File.
When file destination cannot be repaired as secure file, which can send out prompt message, corresponding to obtain
Instruction of the staff on how to handle the file destination after, which is handled accordingly.First prompt
Information can be shown by preset screen, and relevant work people can also be sent to by way of mail the latter's short message
Member, the present embodiment are not particularly limited this.
The embodiment provides a kind of method of checking and killing virus, this method is detecting that it is viral that file destination carries
Afterwards, on the one hand, the file destination that can be repaired is repaired in time, on the other hand, when that can not be repaired to file destination,
It informs relevant staff in time, ensures that business is normally carried out in local server or terminal.
It will be appreciated that as the virus base and file scan engine that carry out local killing to file destination, the present embodiment
By taking proxy server as an example, the process of the virus base and file scan engine upgrade of local killing in proxy server is provided.
Fig. 2 is the process signal of the virus base of local killing and file scan engine upgrade in proxy server provided in this embodiment
Figure includes that file scan engine, virus base and engine update engine in the proxy server referring to Fig. 2.For example, agency's clothes
Device be engaged in after cloud server downloads upgrade file, local virus library file and upgrade file are compared, judges whether to need
Local virus library file is updated, and file destination is scanned by file scan engine, judge target text
Whether virus is carried in part.
Wherein, virus base and engine update engine are used to be updated virus base, scanning engine according to update rule.It is logical
Cross user's update module can set virus base and engine update engine obtain new virus base either the time of engine or touch
Clockwork spring part.Engine, virus base more new demand servicing are used to provide new engine or virus to virus base and engine update engine, so that
After virus base and engine update engine obtain new engine or virus, virus base to proxy server and engine carry out more
Newly.
Fig. 3 shows a kind of structure diagram of the device for virus scan that the embodiment of the present invention provides, referring to Fig. 3, originally
The device for the virus scan that embodiment provides includes receiving module 301, upgraded module 302 and scan module 303, wherein
Receiving module 301, for receiving the command information for carrying out virus scan to file destination;
Upgraded module 302, for judging whether to upgrade local virus according to newest target viral library and local virus library
Library, if so, the local virus library is upgraded to the target viral library;
Scan module 303 carries out virus scan for running local killing to the file destination, obtains the target text
Whether part takes viruliferous targeted scans result;
Wherein, the local virus library is the virus base that the operation local killing is called.
The method for the virus scan that the device of virus scan provided in this embodiment is provided suitable for above-described embodiment,
This is repeated no more.
The embodiment provides a kind of device of virus scan, this method is being received to file destination progress disease
After the target instruction target word information of poison scanning, judges whether local virus library upgrades, if desired upgrade, then to local virus library
After being upgraded, runs local killing and file destination is scanned, obtain whether file destination takes viruliferous targeted scans
As a result.After the device receives file destination, i.e., whether needs upgrading to judge local virus library, realize to local disease
Malicious library file timely updates, and overcomes the hysteresis quality to local virus library document upgrading, viruliferous to taking to reduce
The false dismissal probability of file.
The third aspect, Fig. 4 are the structure diagrams for showing electronic equipment provided in this embodiment.
With reference to Fig. 4, the electronic equipment includes:Processor (processor) 401, memory (memory) 402, communication
Interface (Communications Interface) 403 and bus 404;
Wherein,
The processor 401, memory 402, communication interface 403 complete mutual communication by the bus 404;
Between communication equipment of the communication interface 403 for the communication equipment or terminal of the electronic equipment and server
Information transmission;
The processor 401 is used to call the program instruction in the memory 402, to execute above-mentioned each method embodiment
The method provided, such as including:Obtain the command information that virus scan is carried out to file destination;According to newest target viral
Library and local virus library judge whether to upgrade the local virus library, if so, the local virus library is upgraded to the target
Virus base;The local killing of operation carries out virus scan to the file destination, obtain the file destination whether take it is viruliferous
Targeted scans result;Wherein, the local virus library is the virus base that the operation local killing is called.
Fourth aspect, the present embodiment provides a kind of non-transient computer readable storage medium, the non-transient computer can
It reads storage medium and stores computer instruction, the computer instruction makes the above-mentioned each method embodiment of the computer execution be provided
Method, such as including:Obtain the command information that virus scan is carried out to file destination;According to newest target viral library and this
Ground virus base judges whether to upgrade the local virus library, if so, the local virus library is upgraded to the target viral library;
The local killing of operation carries out virus scan to the file destination, obtains whether the file destination takes viruliferous targeted scans
As a result;Wherein, the local virus library is the virus base that the operation local killing is called.
The present embodiment discloses a kind of computer program product, and the computer program product includes being stored in non-transient calculating
Computer program on machine readable storage medium storing program for executing, the computer program include program instruction, when described program instruction is calculated
When machine executes, computer is able to carry out the method that above-mentioned each method embodiment is provided, it may for example comprise:It obtains to file destination
Carry out the command information of virus scan;Judged whether to upgrade the local disease according to newest target viral library and local virus library
Malicious library, if so, the local virus library is upgraded to the target viral library;The local killing of operation carries out the file destination
Virus scan, obtains whether the file destination takes viruliferous targeted scans result;Wherein, the local virus library is operation
The virus base that the local killing is called.
One of ordinary skill in the art will appreciate that:Realize that all or part of step of above method embodiment can pass through
The relevant hardware of program instruction is completed, and program above-mentioned can be stored in a computer read/write memory medium, the program
When being executed, step including the steps of the foregoing method embodiments is executed;And storage medium above-mentioned includes:ROM, RAM, magnetic disc or light
The various media that can store program code such as disk.
The embodiments such as electronic equipment described above are only schematical, illustrate as separating component wherein described
Unit may or may not be physically separated, and the component shown as unit may or may not be object
Manage unit, you can be located at a place, or may be distributed over multiple network units.It can select according to the actual needs
Some or all of module therein is selected to achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying wound
In the case of the labour for the property made, you can to understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It is realized by the mode of software plus required general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be expressed in the form of software products in other words, should
Computer software product can store in a computer-readable storage medium, such as ROM/RAM, magnetic disc, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
Finally it should be noted that:The above various embodiments is only to illustrate the technical solution of the embodiment of the present invention rather than right
It is limited;Although the embodiment of the present invention is described in detail with reference to foregoing embodiments, the ordinary skill of this field
Personnel should understand that:It still can be with technical scheme described in the above embodiments is modified, or to which part
Or all technical features carries out equivalent replacement;And these modifications or replacements, it does not separate the essence of the corresponding technical solution
The range of each embodiment technical solution of the embodiment of the present invention.
Claims (12)
1. a kind of method of virus scan, which is characterized in that including:
Obtain the command information that virus scan is carried out to file destination;
Judge whether to upgrade the local virus library according to newest target viral library and local virus library, if so, by described
Ground virus base upgrades to the target viral library;
The local killing of operation carries out virus scan to the file destination, obtains whether the file destination takes viruliferous target
Scanning result;
Wherein, the local virus library is the virus base that the operation local killing is called.
2. according to the method described in claim 1, it is characterized in that, operation local killing carries out disease to the file destination
Poison scanning, obtains whether the file destination takes viruliferous targeted scans as a result, including:
The local killing of operation carries out virus scan to the file destination, obtains whether the file destination takes viruliferous first
Scanning result;
It runs cloud killing and virus scan is carried out to the file destination, obtain the file destination and whether take viruliferous second sweeping
Retouch result;
If first scanning result is the file destination carrying virus or second scanning result is the file destination
Virus is carried, then the targeted scans result is that the file destination carries virus;
If first scanning result is the file destination, not carry virus and second scanning result be the target text
Part does not carry virus, then the targeted scans result is that the file destination does not carry virus.
3. according to the method described in claim 2, it is characterized in that, operation local killing carries out disease to the file destination
Poison scanning, obtains whether the file destination takes viruliferous first scanning result, including:
It runs heuristic killing and virus scan is carried out to the file destination, obtain whether the file destination carries PE viruses
Third scanning result, and/or, operation QEX scripts killing carries out virus scan to the file destination, obtains the file destination
Whether fourth scanning result of non-PE virus is carried;
If the third scanning result is the file destination carrying PE viruses or the 4th scanning result is the target text
Part carries non-PE viruses, then first scanning result is that the file destination carries virus;
If the third scanning result is the file destination, not carry PE viruses and the 4th scanning result be the target
File does not carry non-PE viruses, then first scanning result is that the file destination does not carry virus;
Wherein, the local killing is the heuristic killing or the QEX scripts killing.
4. according to the method described in claim 1, it is characterized in that, described according to newest target viral library and local virus library
Judge whether to upgrade the local virus library, including:
The first version number in the target viral library and the second edition number of the local virus library are obtained, if described first
Version number and the second edition number differ, then judge to upgrade the local virus library.
5. according to the method described in claim 1, it is characterized in that, further including:
If the targeted scans result, which is the file destination, carries virus, judge whether the file destination can be repaired as peace
Whole file;
It is the secure file by the file destination reparation if the file destination can be repaired as the secure file;
If the file destination cannot be repaired as the secure file, sends out the file destination and take viruliferous prompt letter
Breath.
6. a kind of device of virus scan, which is characterized in that including:
Receiving module, for receiving the command information for carrying out virus scan to file destination;
Upgraded module upgrades local virus library for judging whether according to newest target viral library and local virus library, if so,
The local virus library is upgraded into the target viral library;
Scan module carries out virus scan to the file destination for running local killing, whether obtains the file destination
Take viruliferous targeted scans result;
Wherein, the local virus library is the virus base that the operation local killing is called.
7. device according to claim 6, which is characterized in that the scan module is additionally operable to run local killing to described
File destination carries out virus scan, obtains whether the file destination takes viruliferous first scanning result;Run cloud killing pair
The file destination carries out virus scan, obtains whether the file destination takes viruliferous second scanning result;If described
One scanning result is the file destination carrying virus or second scanning result is that the file destination carries virus, then institute
It is that the file destination carries virus to state targeted scans result;If first scanning result, which is the file destination, does not carry disease
Malicious and described second scanning result is that the file destination does not carry virus, then the targeted scans result is the file destination
Do not carry virus.
8. device according to claim 7, which is characterized in that the scan module is additionally operable to run heuristic killing to institute
It states file destination and carries out virus scan, obtain the third the scanning result whether file destination carries PE viruses, and/or, fortune
Row QEX scripts killing carries out virus scan to the file destination, obtains whether the file destination carries non-PE virus the
Four scanning results;If the third scanning result is the file destination carrying PE viruses or the 4th scanning result is described
File destination carries non-PE viruses, then first scanning result is that the file destination carries virus;If the third scanning
As a result it is that the file destination does not carry non-PE viruses not carry PE viruses and the 4th scanning result for the file destination,
Then first scanning result is that the file destination does not carry virus;Wherein, the local killing is the heuristic killing
Or the QEX scripts killing.
9. device according to claim 6, which is characterized in that the upgraded module is additionally operable to obtain the target viral library
First version number and the local virus library second edition number, if the first version number and the second edition
Number differs, then judges to upgrade the local virus library.
10. device according to claim 6, which is characterized in that further include repair module, if the repair module is used for institute
It is that the file destination carries virus to state targeted scans result, then judges whether the file destination can be repaired as secure file;
It is the secure file by the file destination reparation if the file destination can be repaired as the secure file;If described
File destination cannot be repaired as the secure file, then be the secure file by the file destination reparation, send out the mesh
Mark file takes viruliferous prompt message.
11. a kind of electronic equipment, which is characterized in that including:
At least one processor, at least one processor, communication interface and bus;Wherein,
The processor, memory, communication interface complete mutual communication by the bus;
The communication interface is for the information between the communication equipment of the communication equipment or terminal of the electronic equipment and server
Transmission;
The memory is stored with the program instruction that can be executed by the processor, and the processor calls described program to instruct energy
It is enough to execute such as method described in any one of claim 1 to 5.
12. a kind of non-transient computer readable storage medium, which is characterized in that the non-transient computer readable storage medium is deposited
Computer instruction is stored up, the computer instruction makes the computer perform claim require 1 to 5 any one of them method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711423977.4A CN108280347A (en) | 2017-12-25 | 2017-12-25 | A kind of method and device of virus scan |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711423977.4A CN108280347A (en) | 2017-12-25 | 2017-12-25 | A kind of method and device of virus scan |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108280347A true CN108280347A (en) | 2018-07-13 |
Family
ID=62802288
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711423977.4A Pending CN108280347A (en) | 2017-12-25 | 2017-12-25 | A kind of method and device of virus scan |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108280347A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109657469A (en) * | 2018-12-07 | 2019-04-19 | 腾讯科技(深圳)有限公司 | A kind of script detection method and device |
| CN109829304A (en) * | 2018-12-29 | 2019-05-31 | 北京奇安信科技有限公司 | A kind of method for detecting virus and device |
| CN110826069A (en) * | 2019-11-05 | 2020-02-21 | 深信服科技股份有限公司 | Virus processing method, device, equipment and storage medium |
| CN111209149A (en) * | 2019-12-31 | 2020-05-29 | 苏州浪潮智能科技有限公司 | Server stability testing method and system |
| CN112380536A (en) * | 2020-11-13 | 2021-02-19 | 深信服科技股份有限公司 | Virus scanning method, system, device, electronic equipment and storage medium |
| CN112580036A (en) * | 2019-09-30 | 2021-03-30 | 奇安信安全技术(珠海)有限公司 | Optimization method and device for virus defense, storage medium and computer equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020520A (en) * | 2012-11-26 | 2013-04-03 | 北京奇虎科技有限公司 | Enterprise-based document security detection method and system |
| CN103577756A (en) * | 2013-11-05 | 2014-02-12 | 北京奇虎科技有限公司 | Virus detection method and device based on script type judgment |
| CN104281809A (en) * | 2014-09-30 | 2015-01-14 | 北京奇虎科技有限公司 | Method, device and system for searching and killing viruses |
| CN104424429A (en) * | 2013-08-22 | 2015-03-18 | 安一恒通(北京)科技有限公司 | Document behavior monitoring method and user equipment |
| CN104751058A (en) * | 2015-03-16 | 2015-07-01 | 联想(北京)有限公司 | File scan method and electronic equipment |
| CN105718800A (en) * | 2016-01-18 | 2016-06-29 | 北京金山安全管理系统技术有限公司 | Rapid virus scanning and killing method and apparatus |
| CN106682507A (en) * | 2016-05-19 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Virus library acquiring method and device, equipment, server and system |
-
2017
- 2017-12-25 CN CN201711423977.4A patent/CN108280347A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103020520A (en) * | 2012-11-26 | 2013-04-03 | 北京奇虎科技有限公司 | Enterprise-based document security detection method and system |
| CN104424429A (en) * | 2013-08-22 | 2015-03-18 | 安一恒通(北京)科技有限公司 | Document behavior monitoring method and user equipment |
| CN103577756A (en) * | 2013-11-05 | 2014-02-12 | 北京奇虎科技有限公司 | Virus detection method and device based on script type judgment |
| CN104281809A (en) * | 2014-09-30 | 2015-01-14 | 北京奇虎科技有限公司 | Method, device and system for searching and killing viruses |
| CN104751058A (en) * | 2015-03-16 | 2015-07-01 | 联想(北京)有限公司 | File scan method and electronic equipment |
| CN105718800A (en) * | 2016-01-18 | 2016-06-29 | 北京金山安全管理系统技术有限公司 | Rapid virus scanning and killing method and apparatus |
| CN106682507A (en) * | 2016-05-19 | 2017-05-17 | 腾讯科技(深圳)有限公司 | Virus library acquiring method and device, equipment, server and system |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109657469A (en) * | 2018-12-07 | 2019-04-19 | 腾讯科技(深圳)有限公司 | A kind of script detection method and device |
| CN109657469B (en) * | 2018-12-07 | 2023-02-24 | 腾讯科技(深圳)有限公司 | Script detection method and device |
| CN109829304A (en) * | 2018-12-29 | 2019-05-31 | 北京奇安信科技有限公司 | A kind of method for detecting virus and device |
| CN109829304B (en) * | 2018-12-29 | 2021-04-13 | 奇安信科技集团股份有限公司 | Virus detection method and device |
| CN112580036A (en) * | 2019-09-30 | 2021-03-30 | 奇安信安全技术(珠海)有限公司 | Optimization method and device for virus defense, storage medium and computer equipment |
| CN112580036B (en) * | 2019-09-30 | 2024-01-30 | 奇安信安全技术(珠海)有限公司 | Virus defense optimization method and device, storage medium and computer equipment |
| CN110826069A (en) * | 2019-11-05 | 2020-02-21 | 深信服科技股份有限公司 | Virus processing method, device, equipment and storage medium |
| CN110826069B (en) * | 2019-11-05 | 2022-09-30 | 深信服科技股份有限公司 | Virus processing method, device, equipment and storage medium |
| CN111209149A (en) * | 2019-12-31 | 2020-05-29 | 苏州浪潮智能科技有限公司 | Server stability testing method and system |
| CN111209149B (en) * | 2019-12-31 | 2022-11-18 | 苏州浪潮智能科技有限公司 | Server stability testing method and system |
| CN112380536A (en) * | 2020-11-13 | 2021-02-19 | 深信服科技股份有限公司 | Virus scanning method, system, device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108280347A (en) | A kind of method and device of virus scan | |
| CN107748668B (en) | Method and device for upgrading application program | |
| KR100599084B1 (en) | Method for protecting virus on mobile communication network | |
| US7290282B1 (en) | Reducing false positive computer virus detections | |
| CN107370747A (en) | A kind of method and device for preventing malicious file from propagating | |
| CN102222192B (en) | Optimizing anti-malicious software treatment by automatically correcting detection rules | |
| CN108334334B (en) | Method and system for managing dependent package version | |
| JP5492788B2 (en) | System and apparatus for automatic data anomaly correction in a computer network | |
| CN103679031B (en) | A kind of immune method and apparatus of file virus | |
| CN104917586B (en) | Transmit method of calibration, the apparatus and system of data | |
| JP6408395B2 (en) | Blacklist management method | |
| CN105183504B (en) | Process white list updating method based on software server | |
| CN108156003A (en) | A kind of application upgrade method and terminal, server, system | |
| CN104699499B (en) | A kind of heterogeneous terminals method for upgrading software | |
| CN109117172A (en) | A kind of method and device of the terminal versions number identification of target terminal | |
| CN106227541A (en) | A kind of program updates download process method and mobile terminal | |
| CN102915359B (en) | File management method and device | |
| CN104850791B (en) | The method and system of processing task | |
| CN114301659A (en) | Network attack early warning method, system, device and storage medium | |
| US20240007492A1 (en) | Identifying anomalous activities in a cloud computing environment | |
| US9928049B2 (en) | Identifying unmatched registry entries | |
| JP6926879B2 (en) | Verification device and verification method | |
| CN109829303A (en) | A kind of Intranet cloud checking and killing method, console and client based on system file | |
| CN104010078B (en) | Method and device for processing intercepted information through terminal | |
| CN110502900A (en) | A kind of detection method, terminal, server and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180713 |
|
| RJ01 | Rejection of invention patent application after publication |