CN111881450A - Virus detection method, device, system, equipment and medium for terminal file - Google Patents

Virus detection method, device, system, equipment and medium for terminal file Download PDF

Info

Publication number
CN111881450A
CN111881450A CN202010773306.6A CN202010773306A CN111881450A CN 111881450 A CN111881450 A CN 111881450A CN 202010773306 A CN202010773306 A CN 202010773306A CN 111881450 A CN111881450 A CN 111881450A
Authority
CN
China
Prior art keywords
terminal
detection
information
file
virus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010773306.6A
Other languages
Chinese (zh)
Other versions
CN111881450B (en
Inventor
刘锋
顾立明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sangfor Technologies Co Ltd
Original Assignee
Sangfor Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sangfor Technologies Co Ltd filed Critical Sangfor Technologies Co Ltd
Priority to CN202010773306.6A priority Critical patent/CN111881450B/en
Publication of CN111881450A publication Critical patent/CN111881450A/en
Application granted granted Critical
Publication of CN111881450B publication Critical patent/CN111881450B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the application discloses a virus detection method, a device, a system, equipment and a medium of a terminal file, wherein the terminal uploads collected project information to a management center; and transmitting the information of the items to be detected to a management center under the condition of receiving the batch detection tasks. The management center selects a target terminal for executing virus detection on the item information to be detected according to the pre-stored item information contained in each terminal; and issuing corresponding detection tasks to each target terminal. The management center transmits a virus file detection result to the terminal according to the detection result uploaded by each target terminal; and the terminal carries out local detection on the file with the cooperative failure and takes the local detection result and the virus file detection result as the detection result of the batch detection task. The management center distributes the detection tasks to the target terminals, and each target terminal can be responsible for detecting part of project information, so that resources occupied by virus detection on the terminals are reduced, and the virus detection efficiency is improved.

Description

Virus detection method, device, system, equipment and medium for terminal file
Technical Field
The present application relates to the field of computer security technologies, and in particular, to a method, an apparatus, a system, a device, and a computer-readable storage medium for detecting a virus of a terminal file.
Background
A Computer Virus (Computer Virus) is a set of Computer instructions or program code that a compiler inserts into a Computer program to destroy Computer functions or data, to affect Computer use, and to replicate itself. Computer viruses have unique replication capabilities that can spread rapidly and are often difficult to eradicate. They can attach themselves to various types of files and when files are copied or transferred from one user to another they are spread along with the files.
Currently, terminal file virus killing is detected based on a local virus library. Different terminals in the same enterprise are provided with the same operating system and the same software, which are high-probability events, and when different terminals execute virus killing, a plurality of files are always the same. However, the current scheme for virus detection based on the local virus library is based on a single machine, and terminals in the same network cannot perform cooperative work, so that the whole network has many unnecessary repeated detections.
And the data volume of local virus library, feature library and the like is very large, and the storage space of users is excessively occupied. When the terminal uses virus library, feature library, and other virus killing detection files, a large amount of Central Processing Unit (CPU) resources and memory resources of the host are consumed, resulting in bad user experience such as blocking.
Therefore, how to reduce the resources occupied by virus detection and improve the virus detection efficiency is a problem to be solved by the technical personnel in the field.
Disclosure of Invention
Embodiments of the present application provide a method, an apparatus, a system, a device, and a computer-readable storage medium for virus detection of a terminal file, which can reduce resources occupied by virus detection and improve virus detection efficiency.
In order to solve the above technical problem, an embodiment of the present application provides a virus detection method for a terminal file, which is applicable to a management center, and the method includes:
receiving item information to be detected uploaded by a terminal;
selecting at least one target terminal for executing virus detection on the item information to be detected according to pre-stored item information contained in each terminal;
issuing corresponding detection tasks to each target terminal; the detection task comprises all or part of the information in the item information to be detected;
and transmitting a virus file detection result to the terminal according to the detection result uploaded by each target terminal.
Optionally, the selecting, according to item information included in each terminal stored in advance, at least one target terminal for performing virus detection on the item information to be detected includes:
and screening out a terminal having coincidence information with the item information to be detected from the item information contained in each terminal stored in advance as a target terminal.
Optionally, the issuing of the corresponding detection task to each target terminal includes:
and when only one first target terminal is coincident with the first item information in the to-be-detected item information, issuing a detection task carrying the first item information to the first target terminal.
Optionally, when a plurality of second target terminals coincide with second item information in the item information to be detected, a detection task carrying the second item information is issued to the plurality of second target terminals.
Optionally, after the sending the detection task carrying the second item information to the plurality of second target terminals, the method further includes:
and when a response message of successful reception fed back by any one second target terminal is received, issuing a release instruction of the detection task to the remaining second target terminals.
Optionally, the transmitting the virus file detection result to the terminal according to the detection result uploaded by each target terminal includes:
screening item information infected by viruses from the detection results uploaded by the target terminals;
summarizing the item information infected by the virus and the third item information as a virus file detection result and sending the virus file detection result to the terminal so as to facilitate the terminal to locally detect the third item information; and the third item information is the item information which is not matched with the target terminal in the item information to be detected.
Optionally, the method further comprises:
receiving a repair request uploaded by a first terminal; the repair request carries information of a project to be repaired;
searching a second terminal matched with the item information to be repaired from the pre-stored item information contained in each terminal; and issuing a file acquisition instruction carrying the project information to be repaired to the second terminal;
and forwarding the file uploaded by the second terminal to the first terminal.
Optionally, before forwarding the file uploaded by the terminal matched with the to-be-repaired item information to the terminal, the method further includes:
when a file uploaded by the second terminal is received, carrying out safety verification on the file according to a preset verification code;
and when the file passes the security verification, executing the step of forwarding the file uploaded by the second terminal to the first terminal.
Optionally, before the transmitting the virus file detection result to the terminal according to the detection result uploaded by each target terminal, the method further includes:
correcting the detection result uploaded by each target terminal by using a correction library, and storing the corrected detection result; the correction library comprises item information with changed detection results and the corresponding latest detection results;
correspondingly, the transmitting the virus file detection result to the terminal according to the detection result uploaded by each target terminal includes:
and transmitting the virus file detection result to the terminal according to the corrected detection result.
Optionally, after the storing the corrected detection result, the method further includes:
and deleting the detection result with unknown virus detection result in the corrected detection result under the condition of receiving a virus library upgrading instruction transmitted by the terminal.
Optionally, the method further comprises:
taking terminals with the same item information as a first detection terminal group, and displaying prompt information of virus detection when the situation that the change of the cooperative item information of any one detection terminal in the first detection terminal group is different from the change of the cooperative item information of other detection terminals is detected; and the collaborative project information is the same project information among all the detection terminals in the first detection terminal group.
Optionally, terminals with the same operating system and the same software version are used as a second detection terminal group, and when it is detected that any one detection terminal in the second detection terminal group has different item information from other detection terminals, prompt information for virus detection is displayed.
Optionally, for a storage process of the item information included in each terminal, the method includes:
receiving project information uploaded by each terminal; the project information comprises operating system information, software information and conventional file information;
classifying and storing all the operating system information according to the version and directory structure of the operating system; the operating system information under each category has corresponding terminal identification information;
classifying and storing all the software information according to software types and software versions; wherein, the software information under each category has the corresponding terminal identification information;
classifying and storing all the conventional file information according to the directory and the file name; the conventional file information under each category has corresponding terminal identification information.
The embodiment of the application also provides a virus detection device of the terminal file, which is suitable for a management center and comprises a receiving unit, a selecting unit, a sending unit and a transmitting unit;
the receiving unit is used for receiving the information of the item to be detected uploaded by the terminal;
the selection unit is used for selecting at least one target terminal for executing virus detection on the item information to be detected according to the pre-stored item information contained in each terminal;
the issuing unit is used for issuing corresponding detection tasks to each target terminal; the detection task comprises all or part of the information in the item information to be detected;
and the transmission unit is used for transmitting the virus file detection result to the terminal according to the detection result uploaded by each target terminal.
Optionally, the selecting unit is specifically configured to screen out, from item information included in each terminal stored in advance, a terminal having coincidence information with the item information to be detected as a target terminal.
Optionally, the issuing unit is specifically configured to issue a detection task carrying the first item information to the first target terminal when there is only one first target terminal that coincides with the first item information in the item information to be detected.
Optionally, the issuing unit is specifically configured to issue a detection task carrying the second item information to a plurality of second target terminals when there are a plurality of second target terminals that coincide with the second item information in the item information to be detected.
Optionally, a release unit is further included;
and the release unit is used for issuing a release instruction of the detection task to the remaining second target terminals under the condition of receiving the response message of successful reception fed back by any one second target terminal.
Optionally, the transmission unit includes a screening subunit and a summarizing subunit;
the screening subunit is used for screening item information infected by the virus from the detection results uploaded by the target terminals;
the summarizing subunit is configured to summarize the item information infected by the virus and the third item information, and issue the summarized item information and the third item information as a virus file detection result to the terminal, so that the terminal performs local detection on the third item information; and the third item information is the item information which is not matched with the target terminal in the item information to be detected.
Optionally, the system further comprises a searching unit and a forwarding unit;
the receiving unit is further used for receiving a repair request uploaded by the first terminal; the repair request carries information of a project to be repaired;
the searching unit is used for searching a second terminal matched with the item information to be repaired from the pre-stored item information contained in each terminal;
the issuing unit is further used for issuing a file acquisition instruction carrying the information of the project to be repaired to the second terminal;
and the forwarding unit is used for forwarding the file uploaded by the second terminal to the first terminal.
Optionally, the system further comprises a verification unit;
the verification unit is used for performing safety verification on the file according to a preset verification code under the condition of receiving the file uploaded by the second terminal; and triggering the forwarding unit under the condition that the file passes the security verification.
Optionally, a correction unit is further included;
the correction unit is used for correcting the detection result uploaded by each target terminal by using a correction library and storing the corrected detection result; the correction library comprises item information with changed detection results and the corresponding latest detection results;
correspondingly, the transmission unit is specifically configured to transmit the virus file detection result to the terminal according to the corrected detection result.
Optionally, a deleting unit is further included;
and the deleting unit is used for deleting the detection result with unknown virus detection result in the corrected detection result under the condition of receiving the virus library upgrading instruction transmitted by the terminal.
Optionally, a prompt unit is further included;
the prompting unit is used for taking terminals with the same item information as a first detection terminal group, and displaying the prompting information of virus detection when the situation that the change of the cooperative item information of any one detection terminal in the first detection terminal group is different from the change of the cooperative item information of other detection terminals is detected; and the collaborative project information is the same project information among all the detection terminals in the first detection terminal group.
Optionally, a prompt unit is further included;
and the prompting unit is used for taking the terminals with the same operating system and the same software version as a second detection terminal group, and displaying the prompting information of virus detection when detecting that any one detection terminal in the second detection terminal group has different item information from other detection terminals.
Optionally, the apparatus includes a first classification unit, a second classification unit, and a third classification unit for a storage process of the item information included in each terminal;
the receiving unit is also used for receiving the project information uploaded by each terminal; the project information comprises operating system information, software information and conventional file information;
the first classification unit is used for classifying and storing all the operating system information according to the version and directory structure of the operating system; the operating system information under each category has corresponding terminal identification information;
the second classification unit is used for classifying and storing all the software information according to software types and software versions; wherein, the software information under each category has the corresponding terminal identification information;
the third classification unit is used for classifying and storing all the conventional file information according to a directory and a file name; the conventional file information under each category has corresponding terminal identification information.
The embodiment of the application also provides a virus detection method for the terminal file, which is suitable for the terminal and comprises the following steps:
uploading the collected project information to a management center;
transmitting the information of the items to be detected to the management center under the condition of receiving the batch detection tasks, so that the management center can issue the detection tasks to the target terminals according to the information of the items to be detected and transmit the detection results of the virus files to the terminals according to the detection results uploaded by each target terminal;
and according to the virus file detection result fed back by the management center, locally detecting the file which fails in cooperation, and taking the local detection result and the virus file detection result as the detection result of the batch detection task.
Optionally, after the uploading the collected information of each item to the management center, the method further includes:
and uploading the changed content to the management center under the condition that the change of the item information is detected, so that the management center updates the item information corresponding to the terminal.
The embodiment of the application also provides a virus detection device of the terminal file, which is suitable for the terminal and comprises an acquisition unit, a transmission unit and a detection unit;
the acquisition unit is used for uploading the acquired project information to the management center;
the transmission unit is used for transmitting the information of the items to be detected to the management center under the condition of receiving the batch detection tasks, so that the management center can issue the detection tasks to the target terminals according to the information of the items to be detected and transmit the detection results of the virus files to the terminals according to the detection results uploaded by each target terminal;
and the detection unit is used for locally detecting the file which fails in cooperation according to the virus file detection result fed back by the management center, and taking the local detection result and the virus file detection result as the detection result of the batch detection task.
Optionally, the system further comprises an uploading unit;
and the uploading unit is used for uploading the change content to the management center under the condition that the change of the project information is detected, so that the management center updates the project information corresponding to the terminal.
The embodiment of the application also provides a virus detection system of the terminal file, which comprises a management center and a plurality of terminals;
the management center is used for receiving the information of the item to be detected uploaded by the terminal; selecting at least one target terminal for executing virus detection on the item information to be detected according to pre-stored item information contained in each terminal; issuing corresponding detection tasks to each target terminal; the detection task comprises all or part of the information in the item information to be detected; transmitting a virus file detection result to the terminal according to the detection result uploaded by each target terminal;
the terminal is used for uploading the collected project information to the management center; transmitting the information of the items to be detected to the management center under the condition of receiving the batch detection tasks; and according to the virus file detection result fed back by the management center, locally detecting the file which fails in cooperation, and taking the local detection result and the virus file detection result as the detection result of the batch detection task.
An embodiment of the present application further provides a virus detection device for a terminal file, including:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of the virus detection method for the terminal file as described in any one of the above.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method for detecting a virus of a terminal file according to any one of the above-mentioned embodiments are implemented.
According to the technical scheme, the terminal can upload the collected project information to the management center; and transmitting the information of the items to be detected to a management center under the condition of receiving the batch detection tasks. The management center receives the information of the item to be detected uploaded by the terminal; selecting at least one target terminal for executing virus detection on the item information to be detected according to pre-stored item information contained in each terminal; issuing corresponding detection tasks to each target terminal; the detection task comprises all or part of information in the item information to be detected. By distributing the item information to be detected on the terminal to the target terminals with the same item information, a plurality of target terminals can share the detection task, and the processing efficiency of virus detection is effectively improved. The management center transmits a virus file detection result to the terminal according to the detection result uploaded by each target terminal; and the terminal carries out local detection on the file which fails in cooperation according to the virus file detection result fed back by the management center, and the local detection result and the virus file detection result are used as the detection result of the batch detection task. Compared with the traditional mode that a single terminal carries out virus detection on all project information to be detected, the method and the system distribute the detection tasks to the multiple target terminals through the management center, each target terminal can be responsible for detecting part of project information, resources occupied by virus detection on the terminals are reduced, and virus detection efficiency is effectively improved.
Drawings
In order to more clearly illustrate the embodiments of the present application, the drawings needed for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
Fig. 1 is a schematic view of a scenario of virus detection of a terminal file according to an embodiment of the present application;
fig. 2 is a signaling diagram of a method for detecting viruses in a terminal file according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a virus detection apparatus for a terminal file suitable for a management center according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a virus detection apparatus for a terminal file suitable for a terminal according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of a virus detection system for a terminal file according to an embodiment of the present disclosure;
fig. 6 is a schematic diagram of a hardware structure of a virus detection device for a terminal file according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the present application.
In order that those skilled in the art will better understand the disclosure, the following detailed description will be given with reference to the accompanying drawings.
Computer viruses have great harm to the terminal, and the file is damaged after the terminal is attacked by the viruses, so that the normal operation of a terminal system is influenced, and the like. At present, terminal file virus killing is detected based on a local virus library, and terminals in the same enterprise are often provided with the same operating system, the same software and the like, so that a large number of same files are often arranged among different terminals in the same enterprise. Conventionally, each terminal relies on a local virus repository for virus detection of its own files. For the same file of a plurality of terminals, each terminal needs to perform virus detection of the file once, so that the whole network has many unnecessary repeated detections. And for batch detection of files, a large amount of CPU resources, memory resources and the like of a host computer are consumed, and bad user experience such as blocking is easily caused.
Therefore, the embodiment of the application provides a method, a device, a system, a device and a computer readable storage medium for virus detection of a terminal file, a management center can realize monitoring management of a plurality of terminals, when a certain terminal needs to perform batch detection on files, the management center can distribute item information to be detected to other terminals with the same item information, and a plurality of other terminals share detection tasks, so that the processing efficiency of virus detection is improved.
Referring to a scene schematic diagram of virus detection of a terminal file shown in fig. 1, a management center may monitor and manage n terminals, and in an initial state, each terminal may upload all item information included in itself to the management center, so that the management center may know the distribution of items on each terminal. When the terminal 1 receives the batch detection tasks, the terminal 1 can transmit the item information to be detected to the management center, at this time, the management center can select the terminal capable of implementing virus detection of the item information to be detected according to the pre-stored item information contained in each terminal, and assuming that 3 terminals, namely the terminal 2, the terminal 3 and the terminal n, have item information coincident with the item information to be detected, at this time, the management center can respectively issue corresponding detection tasks to the terminal 2, the terminal 3 and the terminal n, and after each terminal executes the detection tasks, the obtained detection results can be uploaded to the management center. The management center can transmit the virus file detection result to the terminal according to the detection result uploaded by each target terminal. The project information to be detected is scattered to different terminals for detection, and the virus detection efficiency is effectively improved. And the management center can realize the maintenance of all detection results, and can effectively avoid unnecessary repeated detection.
Next, a method for detecting viruses of a terminal file provided in an embodiment of the present application is described in detail. Fig. 2 is a signaling diagram of a method for detecting viruses in a terminal file according to an embodiment of the present application, where the method includes:
s201: and the terminal uploads the acquired information of each project to the management center.
In the initial state, each terminal transmits all the project information contained in itself to the management center.
Project information may include operating system information, software information, and regular file information.
The operating system information may include version, installation directory, patch installation condition, operating system verification information, and the like of the operating system. The operating system verification information may include operating system file relative path, content, signatures, versions, and the like.
The software information may include version of software installed on the terminal, an installation directory, and software verification information. The software verification information may include relative paths, content, signatures, versions, etc. of the software files.
The regular file information may be information of the remaining files except for operating system information and software information.
S202: and transmitting the information of the items to be detected to a management center under the condition that the terminal receives the batch detection tasks.
When the terminal receives the batch detection task, the terminal needs to perform virus detection on a large number of files, and in order to improve the processing efficiency of the virus detection, the terminal can transmit the project information of all files needing to be detected to the management center as the project information to be detected.
S203: the management center receives the item information to be detected uploaded by the terminal; and selecting at least one target terminal for executing virus detection on the item information to be detected according to the pre-stored item information contained in each terminal.
In practical application, the management center collects the item information uploaded by each terminal and then stores the item information in a classified manner. The management center can know which items are stored in each terminal respectively according to the stored item information.
As will be appreciated in conjunction with the above description, project information may include operating system information, software information, and conventional file information. Therefore, after receiving the item information uploaded by each terminal, the management center can store the item information in a classified manner according to the type to which the item information belongs.
Taking the os information as an example, the management center may store all os information in a classified manner according to the version and directory structure of the os. In order to facilitate the management center to identify which terminals the operating system information under each category corresponds to, the operating system information under each category is provided with corresponding terminal identification information. Each terminal has a terminal identification information unique thereto.
Taking the software information as an example, the management center can store all the software information in a classified manner according to the software type and the software version; the software information under each category has corresponding terminal identification information.
Taking the conventional file information as an example, the management center can store all the conventional file information in a classified manner according to the directory and the file name; the conventional file information under each category has corresponding terminal identification information.
The project information to be detected often includes a plurality of project information, and in practical application, the management center can screen out a terminal having coincidence information with the project information to be detected from the project information included in each terminal stored in advance as a target terminal.
The number of target terminals is often multiple, and since the operation flows executed by the target terminals are similar, only one target terminal is taken as an example in the signaling diagram shown in fig. 2.
It should be noted that, in order to facilitate distinguishing from a terminal that transmits item information to be detected to a management center, in the embodiment of the present application, a terminal selected to perform a detection task may be referred to as a target terminal.
S204: and the management center issues corresponding detection tasks to each target terminal.
In consideration of the difference between the project information of each target terminal and the project information to be detected, the detection tasks issued by the management center to different target terminals are different, that is, each detection task may include all or part of the information in the project information to be detected.
In practical application, when only one first target terminal is coincident with the first item information in the item information to be detected, a detection task carrying the first item information is issued to the first target terminal. When a plurality of second target terminals are overlapped with the second item information in the item information to be detected, a detection task carrying the second item information can be issued from any one of the plurality of second target terminals.
In view of the fact that the management center does not know the current operating state of each terminal, in the embodiment of the present application, when there are a plurality of second target terminals that coincide with the second item information in the item information to be detected, the detection task carrying the second item information may be simultaneously issued to the plurality of second target terminals.
After the second target terminal receives the detection task, the second target terminal feeds back a response message to the management center according to the processing capacity of the second target terminal, and when the management center receives the response message of successful reception fed back by any one second target terminal, the second target terminal can execute the detection task.
It should be noted that the above-mentioned "first" and "second" are not limited in sequence, and are only used for distinguishing different target terminals.
S205: and the management center transmits the virus file detection result to the terminal according to the detection result uploaded by each target terminal.
And each target terminal uploads a detection result obtained by executing the detection task to the management center. The detection results may include three types of detection results, i.e., a file is infected by a virus, a file is not infected by a virus, and a virus detection result is unknown.
After the management center collects the detection results uploaded by the target terminal, the management center can know which files corresponding to the project information are infected by the virus, which files corresponding to the project information are not infected by the virus, and which files corresponding to the project information are unknown as virus detection results.
In practical application, third item information which is not matched with the target terminal in the item information to be detected may occur, and a file corresponding to the third item information may be regarded as a file which fails in collaboration.
The management center can screen out item information infected by the virus from the detection results uploaded by each target terminal; and summarizing the item information infected by the virus and the third item information as a virus file detection result and issuing the virus file detection result to the terminal so as to facilitate the terminal to locally detect the third item information.
It should be noted that the above-mentioned "first", "second" and "third" are not limited in sequence, and are only for distinguishing different item information.
S206: and the terminal carries out local detection on the file which fails in cooperation according to the virus file detection result fed back by the management center, and the local detection result and the virus file detection result are used as the detection result of the batch detection task.
And the file corresponding to the project information which is not matched with the target terminal is the file which fails in cooperation. For the file with the collaborative failure, the terminal can rely on the local virus library to realize the virus detection of the file with the collaborative failure, so as to obtain the local detection result of the file. And the terminal can know which files are attacked by the virus according to the local detection result and the virus file detection result.
According to the technical scheme, the terminal can upload the collected project information to the management center; and transmitting the information of the items to be detected to a management center under the condition of receiving the batch detection tasks. The management center receives the information of the item to be detected uploaded by the terminal; selecting at least one target terminal for executing virus detection on the item information to be detected according to pre-stored item information contained in each terminal; issuing corresponding detection tasks to each target terminal; the detection task comprises all or part of information in the item information to be detected. By distributing the item information to be detected on the terminal to the target terminals with the same item information, a plurality of target terminals can share the detection task, and the processing efficiency of virus detection is effectively improved. The management center transmits a virus file detection result to the terminal according to the detection result uploaded by each target terminal; and the terminal carries out local detection on the file which fails in cooperation according to the virus file detection result fed back by the management center, and the local detection result and the virus file detection result are used as the detection result of the batch detection task. Compared with the traditional mode that a single terminal carries out virus detection on all project information to be detected, the method and the system distribute the detection tasks to the multiple target terminals through the management center, each target terminal can be responsible for detecting part of project information, resources occupied by virus detection on the terminals are reduced, and virus detection efficiency is effectively improved.
In practical applications, the item information of the terminal is not fixed information, and in order to ensure consistency between the item information maintained by the management center and the actual item information of the terminal, the terminal may upload the change content to the management center when the item information of the terminal changes, so that the management center updates the item information corresponding to the terminal.
As will be appreciated in conjunction with the above description, project information may include operating system information, software information, and conventional file information. Some specified files in the operating system information, the software information and the conventional file information are important factors influencing the execution of detection tasks by the terminal, and in the specific implementation, the terminal uploads the changed project information to the management center in real time under the condition that the change of the operating system, the change of the software or the change of the specified files is detected; and when the change of the non-specified file information is detected, uploading the non-specified file information changed within the period time to the management center.
The terminal uploads the changed project information to the management center, so that the project information maintained by the management center is consistent with the actual project information of each terminal, and the target terminal selected by the management center can smoothly execute the detection task.
The same file may exist on multiple terminals at the same time, and when a file on one terminal is attacked by a virus, the file stored on other terminals may not be attacked by the virus. For the convenience of distinguishing from other terminals, a terminal in which a file is attacked by a virus may be referred to as a first terminal. In practical application, after the first terminal detects that a certain file of the first terminal is attacked by a virus, a repair request carrying information of a project to be repaired can be uploaded to the management center. Correspondingly, after receiving the repair request uploaded by the terminal, the management center can search a second terminal matched with the project information to be repaired from the project information contained in each terminal stored in advance; and issuing a file acquisition instruction carrying the information of the project to be repaired to the second terminal.
After receiving the file acquisition instruction, the second terminal detects whether the file corresponding to the project information to be repaired is attacked by the virus, and uploads the file to the management center when the file corresponding to the project information to be repaired is not attacked by the virus, and at this time, the management center can forward the file uploaded by the second terminal to the first terminal.
In practical application, when a terminal matched with the project information to be repaired cannot be searched from the project information contained in each terminal stored in advance, or a file on the terminal matched with the project information to be repaired is also attacked by a virus, the management center can feed back a self-repairing instruction to the first terminal, and at the moment, the first terminal can automatically repair the file attacked by the virus according to a traditional file repairing mode.
In order to ensure the security of the acquired file, the management center receives the file uploaded by the second terminal, and can perform security check on the file according to a preset check code; and when the file passes the security verification, executing the step of forwarding the file uploaded by the second terminal to the first terminal. In practical application, check codes in the same form can be preset on a management center and a terminal respectively, the check codes can be carried in information uploaded to the management center by the terminal, and the management center verifies that the check codes uploaded by the terminal are consistent with the check codes stored by the management center, so that the identity of the terminal is reliable.
In the embodiment of the application, the terminal uploads the repair request to the management center, so that the management center can acquire the file which is not invaded by the virus from other terminals, the file which is invaded by the virus on the terminal is replaced, the file repair purpose is achieved, and the file repair effect and the repair efficiency are improved.
It is considered that the accuracy of virus detection will be higher and higher with the continuous improvement of virus detection means. Therefore, in practical applications, it may happen that a file is not attacked by a virus as a result of detection in the previous virus detection method, and then the same file is detected again after the subsequent virus detection method is improved, and the detected result may become that the file is attacked by the virus.
In order to ensure the accuracy of the detection result, in the embodiment of the present application, a correction library may be maintained in the management center, where the correction library may include item information of the changed detection result and the latest detection result corresponding to the item information.
The management center can use the correction library to correct the detection result uploaded by each target terminal and store the corrected detection result before transmitting the virus file detection result to the terminal according to the detection result uploaded by each target terminal. Correspondingly, the management center can transmit the virus file detection result to the terminal according to the corrected detection result.
The detection result on the terminal is corrected by depending on the correction library, so that the accuracy of the detection result of the virus file can be effectively improved, and the condition of misjudgment of the terminal is reduced.
The management center stores the detection results uploaded by all the terminals. In practical application, with the upgrade of the local virus library on the terminal, the terminal cannot detect whether the file is attacked by the virus before, with the upgrade of the local virus library, the terminal can accurately detect whether the file is attacked by the virus, and the detection result maintained by the management center at this moment is still the detection result uploaded before the terminal.
Therefore, the accuracy and the usability of the detection result stored by the management center are ensured. After the terminal upgrades the virus library, a virus library upgrade instruction can be transmitted to the management center, and correspondingly, under the condition that the management center receives the virus library upgrade instruction transmitted by the terminal, the detection result with unknown virus detection result in the corrected detection result can be deleted.
After the virus library is upgraded, the terminal has no reference value depending on the detection result with unknown virus detection result obtained by the virus library before upgrading, and the real-time effectiveness of each detection result maintained by the management center can be ensured by deleting the detection result with unknown virus detection result stored in the management center.
In the embodiment of the application, the management center can realize the cooperative analysis of the unknown viruses depending on the correlation among the files recorded by the terminals.
In practical application, the management center may use terminals having the same item information as the first detection terminal group, and when it is detected that the change of the cooperation item information of any one detection terminal in the first detection terminal group is different from the change of the cooperation item information of other detection terminals, it indicates that the detection terminal having the different change of the cooperation item information of other detection terminals is most likely to be attacked by a virus and cause the change of the cooperation item information to be different, and at this time, the management center may display prompt information for virus detection.
The collaborative project information refers to the same project information among all the detection terminals in the first detection terminal group.
The management center may also use terminals having the same operating system and the same software version as the second detection terminal group. Files maintained by terminals with the same operating system and the same software version are often the same, and when the management center detects that any one detection terminal in the second detection terminal group has different item information from other detection terminals, the newly-appearing item information is most likely to be information generated by virus invasion, and at the moment, the management center can display prompt information of virus detection.
By analyzing the correlation of the project information between the terminals, the abnormal change of the project information on the terminals can be effectively identified, so that the virus invasion warning is realized, and particularly, a good early warning effect can be realized on the detection of unknown viruses.
Fig. 3 is a schematic structural diagram of a virus detection apparatus for a terminal file according to an embodiment of the present application, which is suitable for a management center, and the apparatus includes a receiving unit 31, a selecting unit 32, a sending unit 33, and a transmitting unit 34;
the receiving unit 31 is configured to receive the item information to be detected uploaded by the terminal;
a selecting unit 32, configured to select at least one target terminal for performing virus detection on item information to be detected according to item information included in each terminal stored in advance;
the issuing unit 33 is used for issuing corresponding detection tasks to each target terminal; the detection task comprises all or part of information in the item information to be detected;
and the transmission unit 34 is configured to transmit the virus file detection result to the terminal according to the detection result uploaded by each target terminal.
Optionally, the selecting unit is specifically configured to screen out, from the pre-stored item information included in each terminal, a terminal having coincidence information with the item information to be detected as the target terminal.
Optionally, the issuing unit is specifically configured to issue the detection task carrying the first item information to the first target terminal when there is only one first target terminal that coincides with the first item information in the item information to be detected.
Optionally, the issuing unit is specifically configured to issue the detection task carrying the second item information to a plurality of second target terminals when there are a plurality of second target terminals that coincide with the second item information in the item information to be detected.
Optionally, a release unit is further included;
and the release unit is used for issuing a release instruction of the detection task to the remaining second target terminals under the condition of receiving the response message of successful reception fed back by any one second target terminal.
Optionally, the transmission unit comprises a screening subunit and a summarizing subunit;
the screening subunit is used for screening the item information infected by the virus from the detection results uploaded by each target terminal;
the summary subunit is used for summarizing the item information infected by the virus and the third item information as a virus file detection result and issuing the summary information to the terminal so as to facilitate the terminal to locally detect the third item information; and the third item information is the item information which is not matched with the target terminal in the item information to be detected.
Optionally, the system further comprises a searching unit and a forwarding unit;
the receiving unit is also used for receiving a repair request uploaded by the first terminal; the repair request carries information of a project to be repaired;
the searching unit is used for searching a second terminal matched with the item information to be repaired from the pre-stored item information contained in each terminal;
the issuing unit is also used for issuing a file acquisition instruction carrying the project information to be repaired to the second terminal;
and the forwarding unit is used for forwarding the file uploaded by the second terminal to the first terminal.
Optionally, the system further comprises a verification unit;
the verification unit is used for carrying out safety verification on the file according to a preset verification code under the condition of receiving the file uploaded by the second terminal; and when the file passes the security verification, triggering the forwarding unit.
Optionally, a correction unit is further included;
the correction unit is used for correcting the detection result uploaded by each target terminal by using the correction library and storing the corrected detection result; the correction library comprises item information with changed detection results and the corresponding latest detection results;
correspondingly, the transmission unit is specifically configured to transmit the virus file detection result to the terminal according to the corrected detection result.
Optionally, a deleting unit is further included;
and the deleting unit is used for deleting the detection result with unknown virus detection result in the corrected detection result under the condition of receiving the virus library upgrading instruction transmitted by the terminal.
Optionally, a prompt unit is further included;
the prompting unit is used for taking the terminals with the same item information as a first detection terminal group, and displaying the prompting information of virus detection when the situation that the change of the cooperative item information of any one detection terminal in the first detection terminal group is different from the change of the cooperative item information of other detection terminals is detected; the collaborative project information is the same project information among all the detection terminals in the first detection terminal group.
Optionally, a prompt unit is further included;
and the prompting unit is used for taking the terminals with the same operating system and the same software version as a second detection terminal group, and displaying the prompting information of virus detection when any one detection terminal in the second detection terminal group is detected to have different item information from other detection terminals.
Optionally, the apparatus includes a first classification unit, a second classification unit, and a third classification unit for a storage process of item information included in each terminal;
the receiving unit is also used for receiving the project information uploaded by each terminal; the project information comprises operating system information, software information and conventional file information;
the first classification unit is used for classifying and storing all the operating system information according to the version and the directory structure of the operating system; the operating system information under each category has corresponding terminal identification information;
the second classification unit is used for classifying and storing all software information according to software types and software versions; wherein, the software information under each category has the corresponding terminal identification information;
the third classification unit is used for classifying and storing all the conventional file information according to the directory and the file name; the conventional file information under each category has corresponding terminal identification information.
The description of the features in the embodiment corresponding to fig. 3 may refer to the related description of the embodiment corresponding to fig. 2, and is not repeated here.
According to the technical scheme, the management center receives the information of the item to be detected uploaded by the terminal; selecting at least one target terminal for executing virus detection on the item information to be detected according to pre-stored item information contained in each terminal; issuing corresponding detection tasks to each target terminal; the detection task comprises all or part of information in the item information to be detected. By distributing the item information to be detected on the terminal to the target terminals with the same item information, a plurality of target terminals can share the detection task, and the processing efficiency of virus detection is effectively improved. The management center transmits a virus file detection result to the terminal according to the detection result uploaded by each target terminal; and the terminal carries out local detection on the file which fails in cooperation according to the virus file detection result fed back by the management center, and the local detection result and the virus file detection result are used as the detection result of the batch detection task. Compared with the traditional mode that a single terminal carries out virus detection on all project information to be detected, the method and the system distribute the detection tasks to the multiple target terminals through the management center, each target terminal can be responsible for detecting part of project information, resources occupied by virus detection on the terminals are reduced, and virus detection efficiency is effectively improved.
Fig. 4 is a schematic structural diagram of a virus detection apparatus for a terminal file according to an embodiment of the present application, which is suitable for a terminal, and includes an acquisition unit 41, a transmission unit 42, and a detection unit 43;
the acquisition unit 41 is used for uploading acquired project information to the management center;
the transmission unit 42 is configured to transmit the item information to be detected to the management center when the batch detection tasks are received, so that the management center issues the detection tasks to the target terminals according to the item information to be detected, and transmits the virus file detection results to the terminals according to the detection results uploaded by each target terminal;
and the detection unit 43 is configured to perform local detection on the file which fails in the cooperation according to the virus file detection result fed back by the management center, and use the local detection result and the virus file detection result as the detection result of the batch detection task.
Optionally, the system further comprises an uploading unit;
and the uploading unit is used for uploading the change content to the management center under the condition of detecting that the item information is changed so as to enable the management center to update the item information corresponding to the terminal.
The description of the features in the embodiment corresponding to fig. 4 can refer to the related description of the embodiment corresponding to fig. 2, and is not repeated here.
According to the technical scheme, the terminal can upload the collected project information to the management center; when receiving the batch detection tasks, transmitting the information of the items to be detected to a management center so that the management center can receive the information of the items to be detected uploaded by the terminal; selecting at least one target terminal for executing virus detection on the item information to be detected according to pre-stored item information contained in each terminal; issuing corresponding detection tasks to each target terminal; the detection task comprises all or part of information in the item information to be detected. By distributing the item information to be detected on the terminal to the target terminals with the same item information, a plurality of target terminals can share the detection task, and the processing efficiency of virus detection is effectively improved. And the terminal carries out local detection on the file which fails in cooperation according to the virus file detection result fed back by the management center, and the local detection result and the virus file detection result are used as the detection result of the batch detection task. Compared with the traditional mode that a single terminal carries out virus detection on all project information to be detected, the method and the system distribute the detection tasks to the multiple target terminals through the management center, each target terminal can be responsible for detecting part of project information, resources occupied by virus detection on the terminals are reduced, and virus detection efficiency is effectively improved.
Fig. 5 is a schematic structural diagram of a virus detection system 50 for a terminal file according to an embodiment of the present application, including a management center 51 and a plurality of terminals 52;
the management center 51 is used for receiving the information of the items to be detected uploaded by the terminal 52; selecting at least one target terminal for executing virus detection on the item information to be detected according to the pre-stored item information contained in each terminal; issuing corresponding detection tasks to each target terminal; the detection task comprises all or part of information in the item information to be detected; transmitting a virus file detection result to the terminal 52 according to the detection result uploaded by each target terminal;
the terminal 52 is used for uploading the collected project information to the management center 51; when receiving the batch detection task, transmitting the information of the item to be detected to the management center 51; and according to the virus file detection result fed back by the management center 51, locally detecting the file which fails in cooperation, and taking the local detection result and the virus file detection result as the detection results of the batch detection tasks.
The description of the features in the embodiment corresponding to fig. 5 may refer to the related description of the embodiment corresponding to fig. 2, and is not repeated here.
According to the technical scheme, the terminal can upload the collected project information to the management center; and transmitting the information of the items to be detected to a management center under the condition of receiving the batch detection tasks. The management center receives the information of the item to be detected uploaded by the terminal; selecting at least one target terminal for executing virus detection on the item information to be detected according to pre-stored item information contained in each terminal; issuing corresponding detection tasks to each target terminal; the detection task comprises all or part of information in the item information to be detected. By distributing the item information to be detected on the terminal to the target terminals with the same item information, a plurality of target terminals can share the detection task, and the processing efficiency of virus detection is effectively improved. The management center transmits a virus file detection result to the terminal according to the detection result uploaded by each target terminal; and the terminal carries out local detection on the file which fails in cooperation according to the virus file detection result fed back by the management center, and the local detection result and the virus file detection result are used as the detection result of the batch detection task. Compared with the traditional mode that a single terminal carries out virus detection on all project information to be detected, the method and the system distribute the detection tasks to the multiple target terminals through the management center, each target terminal can be responsible for detecting part of project information, resources occupied by virus detection on the terminals are reduced, and virus detection efficiency is effectively improved.
Fig. 6 is a schematic diagram of a hardware structure of a virus detection device 60 for a terminal file according to an embodiment of the present application, where the hardware structure includes:
a memory 61 for storing a computer program;
a processor 62 for executing a computer program to implement the steps of the virus detection method for a terminal file as described in any of the above embodiments.
The embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method for detecting a virus of a terminal file according to any of the above embodiments are implemented.
The method, the apparatus, the system, the device and the computer readable storage medium for detecting viruses of a terminal file provided by the embodiments of the present application are described in detail above. The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.

Claims (20)

1. A virus detection method for a terminal file is characterized by being applicable to a management center, and the method comprises the following steps:
receiving item information to be detected uploaded by a terminal;
selecting at least one target terminal for executing virus detection on the item information to be detected according to pre-stored item information contained in each terminal;
issuing corresponding detection tasks to each target terminal; the detection task comprises all or part of the information in the item information to be detected;
and transmitting a virus file detection result to the terminal according to the detection result uploaded by each target terminal.
2. The method for detecting viruses of terminal files according to claim 1, wherein the selecting at least one target terminal for performing virus detection on the item information to be detected according to the pre-stored item information included in each terminal comprises:
and screening out a terminal having coincidence information with the item information to be detected from the item information contained in each terminal stored in advance as a target terminal.
3. The method for detecting viruses in a terminal file according to claim 2, wherein the issuing of the corresponding detection task to each of the target terminals includes:
and when only one first target terminal is coincident with the first item information in the to-be-detected item information, issuing a detection task carrying the first item information to the first target terminal.
4. The method for detecting viruses in a terminal file according to claim 2, wherein the issuing of the corresponding detection task to each of the target terminals includes:
and when a plurality of second target terminals are superposed with second item information in the to-be-detected item information, issuing detection tasks carrying the second item information to the plurality of second target terminals.
5. The method for detecting viruses of terminal files according to claim 4, further comprising, after the sending the detection task carrying the second item information to the plurality of second target terminals:
and when a response message of successful reception fed back by any one second target terminal is received, issuing a release instruction of the detection task to the remaining second target terminals.
6. The method according to claim 1, wherein the transmitting the virus file detection result to the terminal according to the detection result uploaded by each target terminal comprises:
screening item information infected by viruses from the detection results uploaded by the target terminals;
summarizing the item information infected by the virus and the third item information as a virus file detection result and sending the virus file detection result to the terminal so as to facilitate the terminal to locally detect the third item information; and the third item information is the item information which is not matched with the target terminal in the item information to be detected.
7. The method for detecting viruses in a terminal file according to claim 1, further comprising:
receiving a repair request uploaded by a first terminal; the repair request carries information of a project to be repaired;
searching a second terminal matched with the item information to be repaired from the pre-stored item information contained in each terminal; and issuing a file acquisition instruction carrying the project information to be repaired to the second terminal;
and forwarding the file uploaded by the second terminal to the first terminal.
8. The method for detecting viruses of terminal files according to claim 7, wherein before forwarding the file uploaded by the terminal matched with the information of the item to be repaired to the terminal, the method further comprises:
when a file uploaded by the second terminal is received, carrying out safety verification on the file according to a preset verification code;
and when the file passes the security verification, executing the step of forwarding the file uploaded by the second terminal to the first terminal.
9. The method according to claim 1, wherein before transmitting the virus file detection result to the terminal according to the detection result uploaded by each target terminal, the method further comprises:
correcting the detection result uploaded by each target terminal by using a correction library, and storing the corrected detection result; the correction library comprises item information with changed detection results and the corresponding latest detection results;
correspondingly, the transmitting the virus file detection result to the terminal according to the detection result uploaded by each target terminal includes:
and transmitting the virus file detection result to the terminal according to the corrected detection result.
10. The method for detecting viruses in a terminal file according to claim 9, further comprising, after storing the corrected detection result:
and deleting the detection result with unknown virus detection result in the corrected detection result under the condition of receiving a virus library upgrading instruction transmitted by the terminal.
11. The method for detecting viruses in a terminal file according to claim 1, further comprising:
taking terminals with the same item information as a first detection terminal group, and displaying prompt information of virus detection when the situation that the change of the cooperative item information of any one detection terminal in the first detection terminal group is different from the change of the cooperative item information of other detection terminals is detected; and the collaborative project information is the same project information among all the detection terminals in the first detection terminal group.
12. The method for detecting viruses in a terminal file according to claim 1, further comprising:
and taking terminals with the same operating system and the same software version as a second detection terminal group, and displaying prompt information of virus detection when any detection terminal in the second detection terminal group is detected to have different item information from other detection terminals.
13. The method for detecting viruses of terminal files according to any one of claims 1 to 12, wherein the method comprises, for a storage procedure of project information included in each terminal:
receiving project information uploaded by each terminal; the project information comprises operating system information, software information and conventional file information;
classifying and storing all the operating system information according to the version and directory structure of the operating system; the operating system information under each category has corresponding terminal identification information;
classifying and storing all the software information according to software types and software versions; wherein, the software information under each category has the corresponding terminal identification information;
classifying and storing all the conventional file information according to the directory and the file name; the conventional file information under each category has corresponding terminal identification information.
14. The virus detection device of the terminal file is characterized by being suitable for a management center and comprising a receiving unit, a selecting unit, a sending unit and a transmitting unit;
the receiving unit is used for receiving the information of the item to be detected uploaded by the terminal;
the selection unit is used for selecting at least one target terminal for executing virus detection on the item information to be detected according to the pre-stored item information contained in each terminal;
the issuing unit is used for issuing corresponding detection tasks to each target terminal; the detection task comprises all or part of the information in the item information to be detected;
and the transmission unit is used for transmitting the virus file detection result to the terminal according to the detection result uploaded by each target terminal.
15. A virus detection method for a terminal file is characterized by being applicable to a terminal, and the method comprises the following steps:
uploading the collected project information to a management center;
transmitting the information of the items to be detected to the management center under the condition of receiving the batch detection tasks, so that the management center can issue the detection tasks to the target terminals according to the information of the items to be detected and transmit the detection results of the virus files to the terminals according to the detection results uploaded by each target terminal;
and according to the virus file detection result fed back by the management center, locally detecting the file which fails in cooperation, and taking the local detection result and the virus file detection result as the detection result of the batch detection task.
16. The method for detecting viruses of terminal files according to claim 15, wherein after uploading the collected information of each item to a management center, the method further comprises:
and uploading the changed content to the management center under the condition that the change of the item information is detected, so that the management center updates the item information corresponding to the terminal.
17. The virus detection device for the terminal file is characterized by being applicable to a terminal and comprising an acquisition unit, a transmission unit and a detection unit;
the acquisition unit is used for uploading the acquired project information to the management center;
the transmission unit is used for transmitting the information of the items to be detected to the management center under the condition of receiving the batch detection tasks, so that the management center can issue the detection tasks to the target terminals according to the information of the items to be detected and transmit the detection results of the virus files to the terminals according to the detection results uploaded by each target terminal;
and the detection unit is used for locally detecting the file which fails in cooperation according to the virus file detection result fed back by the management center, and taking the local detection result and the virus file detection result as the detection result of the batch detection task.
18. A virus detection system of a terminal file is characterized by comprising a management center and a plurality of terminals;
the management center is used for receiving the information of the item to be detected uploaded by the terminal; selecting at least one target terminal for executing virus detection on the item information to be detected according to pre-stored item information contained in each terminal; issuing corresponding detection tasks to each target terminal; the detection task comprises all or part of the information in the item information to be detected; transmitting a virus file detection result to the terminal according to the detection result uploaded by each target terminal;
the terminal is used for uploading the collected project information to the management center; transmitting the information of the items to be detected to the management center under the condition of receiving the batch detection tasks; and according to the virus file detection result fed back by the management center, locally detecting the file which fails in cooperation, and taking the local detection result and the virus file detection result as the detection result of the batch detection task.
19. A virus detection apparatus for a terminal file, comprising:
a memory for storing a computer program;
a processor for executing the computer program for carrying out the steps of the method for virus detection of a terminal file according to any one of claims 1 to 13 and/or claims 15 to 16.
20. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the method for virus detection of a terminal file according to any one of claims 1 to 13 and/or claims 15 to 16.
CN202010773306.6A 2020-08-04 2020-08-04 Virus detection method, device, system, equipment and medium for terminal file Active CN111881450B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010773306.6A CN111881450B (en) 2020-08-04 2020-08-04 Virus detection method, device, system, equipment and medium for terminal file

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010773306.6A CN111881450B (en) 2020-08-04 2020-08-04 Virus detection method, device, system, equipment and medium for terminal file

Publications (2)

Publication Number Publication Date
CN111881450A true CN111881450A (en) 2020-11-03
CN111881450B CN111881450B (en) 2023-12-29

Family

ID=73211484

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010773306.6A Active CN111881450B (en) 2020-08-04 2020-08-04 Virus detection method, device, system, equipment and medium for terminal file

Country Status (1)

Country Link
CN (1) CN111881450B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116821910A (en) * 2023-08-30 2023-09-29 北京安天网络安全技术有限公司 Safety protection system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101068204A (en) * 2006-05-05 2007-11-07 美国博通公司 Intermediate network node of communication structure and its execution method
JP2008276580A (en) * 2007-04-27 2008-11-13 Kddi Corp Electronic system, electronic equipment, virus pattern management device, program, and recording medium
US20090300045A1 (en) * 2008-05-28 2009-12-03 Safe Channel Inc. Distributed security provisioning
US20110231934A1 (en) * 2008-11-25 2011-09-22 Agent Smith Pty Ltd Distributed Virus Detection
CN104680065A (en) * 2015-01-26 2015-06-03 安一恒通(北京)科技有限公司 Virus detection method, virus detection device and virus detection equipment
CN108429754A (en) * 2018-03-19 2018-08-21 深信服科技股份有限公司 A kind of high in the clouds Distributed Detection method, system and relevant apparatus
US20180268139A1 (en) * 2016-05-04 2018-09-20 Tencent Technology (Shenzhen) Company Limited Virus detection method, terminal and server
CN108898014A (en) * 2018-06-22 2018-11-27 珠海市君天电子科技有限公司 A kind of checking and killing virus method, server and electronic equipment
US20200045063A1 (en) * 2018-07-31 2020-02-06 Fortinet, Inc. Automated feature extraction and artificial intelligence (ai) based detection and classification of malware

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101068204A (en) * 2006-05-05 2007-11-07 美国博通公司 Intermediate network node of communication structure and its execution method
JP2008276580A (en) * 2007-04-27 2008-11-13 Kddi Corp Electronic system, electronic equipment, virus pattern management device, program, and recording medium
US20090300045A1 (en) * 2008-05-28 2009-12-03 Safe Channel Inc. Distributed security provisioning
US20110231934A1 (en) * 2008-11-25 2011-09-22 Agent Smith Pty Ltd Distributed Virus Detection
CN104680065A (en) * 2015-01-26 2015-06-03 安一恒通(北京)科技有限公司 Virus detection method, virus detection device and virus detection equipment
US20180268139A1 (en) * 2016-05-04 2018-09-20 Tencent Technology (Shenzhen) Company Limited Virus detection method, terminal and server
CN108429754A (en) * 2018-03-19 2018-08-21 深信服科技股份有限公司 A kind of high in the clouds Distributed Detection method, system and relevant apparatus
CN108898014A (en) * 2018-06-22 2018-11-27 珠海市君天电子科技有限公司 A kind of checking and killing virus method, server and electronic equipment
US20200045063A1 (en) * 2018-07-31 2020-02-06 Fortinet, Inc. Automated feature extraction and artificial intelligence (ai) based detection and classification of malware

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116821910A (en) * 2023-08-30 2023-09-29 北京安天网络安全技术有限公司 Safety protection system
CN116821910B (en) * 2023-08-30 2023-11-17 北京安天网络安全技术有限公司 Safety protection system

Also Published As

Publication number Publication date
CN111881450B (en) 2023-12-29

Similar Documents

Publication Publication Date Title
US9189357B2 (en) Generating machine state verification using number of installed package objects
US7421490B2 (en) Uniquely identifying a crashed application and its environment
US9652632B2 (en) Method and system for repairing file at user terminal
US8060782B2 (en) Root cause problem identification through event correlation
CN107688531B (en) Geo-database integration test method, device, computer equipment and storage medium
JP2018142372A (en) System and method for automated memory and thread execution anomaly detection in computer network
KR20150033711A (en) Run-time error repairing method, device and system
EP3236354A1 (en) System analysis and management
CN107533504A (en) Anomaly analysis for software distribution
US11086618B2 (en) Populating a software catalogue with related product information
EP3573285B1 (en) Iot data collection system, iot data collection method, management device, management program, agent device, and agent program
CN109324959B (en) Method for automatically transferring data, server and computer readable storage medium
CN111859399A (en) Vulnerability detection method and device based on oval
US20120072589A1 (en) Information Processing Apparatus and Method of Operating the Same
CN115292163A (en) Application program detection method and device and computer readable storage medium
CN111881450B (en) Virus detection method, device, system, equipment and medium for terminal file
US20110258165A1 (en) Automatic verification system for computer virus vaccine database and method thereof
WO2020143324A1 (en) Service program releasing method and apparatus, and computer device and storage medium
CN117499151A (en) Method and device for constructing network target range
CN112579330B (en) Processing method, device and equipment for abnormal data of operating system
CN110362416A (en) Page assembly loading method and device, electronic equipment, storage medium
CN115203697A (en) File detection method, device and equipment and readable storage medium
CN110909352B (en) Malicious process detection method under Linux server
CN113761015B (en) Log processing method, device, system and storage medium
KR102145403B1 (en) Method for application monitoring in smart devices by big data analysis of excption log

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant