JP2006178560A - Program for preventing infection of mail virus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To early detect mail virus to prevent the infection or diffusion of the mail virus. <P>SOLUTION: The program makes a client 3 connected to a network execute processing for preventing the infection of mail virus. The program forms a header character string for authentication that an e-mail is normally formed by the client 3. The header character string is assigned to the e-mail normally formed by the client 3. A client agent 31 detects illicit mails based on whether the header character string is assigned to e-mails to be transmitted or not. Upon detecting an illicit mail, the transmission of this mail is stopped, and the effect is reported to a management server 2. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a technique for preventing infection of a computer with a mail virus or its spread.

  In recent years, with the spread of the Internet, electronic mail has been widely used by businesses and individuals. In order to simplify the creation of an e-mail, a technique for reducing the burden on the user by creating an e-mail in a standard format depending on the recipient of the e-mail and its contents has been disclosed (for example, patent documents) 1).

While e-mail has been widely used as a simple communication means, the problem of mail viruses is becoming serious. A mail virus is generally transmitted in the form of an electronic mail. When the received computer is infected with the mail virus, the virus causes damage such as destruction of data inside the computer. Thus, a technique capable of detecting a mail virus and preventing the spread of the mail virus in order to reduce damage is disclosed (for example, Patent Document 2). According to such technology, data transferred over the network is monitored, and when a virus is detected, the system administrator or the sender of data (email) is automatically notified of the virus detection. If a virus is detected, immediate action can be taken to prevent the spread of the virus.
Japanese Unexamined Patent Publication No. 2000-20421 (abstract, FIG. 5, paragraphs 0019 and 0020) Japanese Patent Laid-Open No. 11-134190 (abstract, FIG. 1, paragraph 0005)

  Some mail viruses read the mail address registered in the address book of the user who has received the mail virus, and further send the virus to the mail address. When infected with such a virus, the victim who receives the virus becomes a perpetrator, and the damage increases at a stretch.

  For example, in a company, it is normal for mail addresses inside and outside the company to be managed in an address book. When one computer is infected with such a mail virus, a large number of computers inside and outside the company are infected at once. Infections can happen. Computers have become indispensable for business activities in recent years, and the fact that a large number of computers cannot be used at a time due to infection with such mail viruses has a great influence on business activities and the like. Under such circumstances, a method for detecting an email virus at an early stage before the computer is infected with a virus and effectively preventing the infection is desired.

  An object of the present invention is to detect a mail virus at an early stage and prevent infection or spread of the mail virus.

  In order to solve the above-mentioned problems, the present invention is a program for causing a computer connected to a network to execute processing for preventing infection by a mail virus, and an e-mail is normally created by the computer. Whether or not the authentication information is added to an email that is normally created by the computer, and whether or not the authentication information is given to the email to be sent Based on the above, it is configured to execute processing for detecting unauthorized mail.

  Since authentication information is given for emails that are legitimately created on a computer connected to a certain network, the legitimately created emails and unauthorized emails (for example, mail viruses) Can be distinguished.

  The authentication information may be given to the e-mail when the mailer creates a new e-mail, replies, or transfers a program. Since authentication information is given to an e-mail in response to an operation by the user, it is possible to read the address book data without the user's operation and distinguish it from a mail virus transmitted to the address.

  The authentication information is composed of a random character string and may be newly created each time an e-mail is sent. Furthermore, the character string constituting the authentication information may be encrypted and added to the header of the email. In such a program, different authentication information is used for each e-mail, so that it is possible to improve safety when sending or transferring the e-mail.

  In addition, in the process of detecting an unauthorized mail, if the authentication information is given to the email, it is determined that the email is a legitimately created email, and the email is sent to the destination. If the authentication information is not given to the e-mail, it may be determined as a mail virus and the e-mail may not be transmitted to the destination. By preventing transmission of mail without authentication information, virus infection can be effectively prevented.

  The present invention is not limited to the above program. Client devices, server devices, systems, methods, and the like that execute the above programs are also included in the present invention.

  According to the present invention, since it is determined based on the authentication information that the mail is properly created in a computer connected to the network, the mail virus and the mail virus that are automatically transmitted to a plurality of destinations are properly registered. It becomes easy to distinguish the created mail before it is sent outside the computer. For this reason, it is possible to prevent an unauthorized e-mail from being transmitted due to a mail virus, and to effectively prevent the spread of a mail virus.

DESCRIPTION OF EXEMPLARY EMBODIMENTS Hereinafter, preferred embodiments of the invention will be described in detail with reference to the drawings.
FIG. 1 is a block diagram of the entire system according to the present invention. A system 1 according to the present invention includes a management server 2 and a client 3 and is connected to an SMTP (Simple Mail Transfer Protocol) server 5.

  The management server 2 manages the statuses of a plurality of clients 3 connected to its own device, and notifies the administrator 6 of the system 1 as necessary. The client 3 includes a client agent 31. When the client agent 31 of the client 3 determines that the electronic mail (hereinafter simply referred to as mail) to be transmitted from the client 3 is a legitimate mail, the client agent 31 transmits the mail to the SMTP server 5. If it is determined that the mail is not a legitimate mail, the mail is discarded because it is an illegal mail such as a mail virus. As shown in FIG. 1, the mail client directory 35 of the computer of the client 3 stores data necessary for detecting a mail virus applied by the client agent 31. This will be described later.

  In the illegal mail detection method according to the present embodiment, the management server 2 manages the client 3 belonging to the system 1 and causes the client 3 to create and transmit mail by a predetermined method. The client 3 belonging to the system 1 creates a mail by a method instructed by the management server 2. The mail transmitted from the client 3 is transmitted to the SMTP server 5 after confirming that the client agent 31 of the client 3 is not an unauthorized mail. When the client agent 31 detects unauthorized mail, the client 3 notifies the management server 2 to that effect. The management server 2 notifies the administrator 6 that an unauthorized mail is about to be transmitted by the client 3 as necessary.

  In addition, according to the method for detecting illegal mails according to the present invention, all the mails that are not determined to be legitimate mails created by the user are uniformly detected as illegal mails. Therefore, the detected illegal mail is expressed as a mail virus.

  FIG. 2 is a block diagram of the management server 2 according to the present embodiment. The management server 2 includes a management server unit 21, a configuration management database 22, a mail header policy 23, mail client add-on software 24, and a notification unit 25.

  The management server unit 21 manages the system 1 (that is, the client 3) using the management tool 26 regarding the mail transmission / reception of the system 1. The configuration management database 22 stores data necessary for the management server unit 21 to manage the system 1. The mail header policy 23 is policy information to be applied to each client 3 and is stored in a predetermined memory area. The mail client add-on software 24 is an add-on software program for mail virus detection distributed to each of the clients 3, and makes various decisions based on data in the configuration management database 22. For example, when a mail virus is detected in the system 1, the notification unit 25 notifies the administrator 6 to that effect. As shown in FIG. 2, the management tool 26 used by the management server unit 21 may use an application or the like outside the management server 2, or may have a program or the like inside the management server 2. .

  FIG. 3 is a block diagram of the client 3. The client 3 includes a client agent 31, a mail header character string 32, a mail header policy 33, a mail client 34, and a mail client directory 35.

  The client agent 31 executes a process for detecting a mail virus based on a character string attached to a mail such as a mail header. The authentication header character string (mail header character string) 32 is a mail header character string used for detecting a mail virus or a part thereof, and is held in a predetermined memory area. The mail header policy 33 is policy information received from the management server 2. The mail client (mailer) 34 creates and transmits / receives mail.

  The mail client directory 35 includes mail client add-on software (hereinafter simply referred to as add-on software) 36 and an applicable mail header 37. The add-on software 36 is software received from the management server 2, and thereby processing such as adding authentication information for authenticating that the mail created by the mail client 34 is a legitimate mail is executed. The The applied mail header 37 is a header for giving to the mail to be created. The header is applied so that the mail client 34 uses the character string stored in the authentication header character string 32.

4 to 6 are examples of data structures relating to the system 1, the client 3, its user, the administrator 6, and the like stored in the configuration management database 22 of the management server 2. FIG.
First, FIG. 4 is an example of a data structure showing information related to the user of the client 3. In FIG. 4, when the user is an employee in a company, for example, (a) is an employee master, (b) is an email information master, (c) is an affiliation master, (d) is a department master, (e) Indicates the data structure of the building master.

  The employee master in (a) stores information on employees of the company. The mail information master in (b) stores information such as mail addresses corresponding to employees. The affiliation master in (c) stores information related to the employee's affiliation, office code, and the like. The department master in (d) stores information such as a department name corresponding to the code of the department to which the department belongs. The building master in (e) stores information such as the building and area corresponding to the office code. By storing information such as (a) to (e) in FIG. 4 in the configuration management database 22, information about the user who uses the client 3 of the system 1 is managed in the management server 2.

  Next, FIG. 5 is an example of a data structure of a table that stores information related to the administrator 6. The manager master in FIG. 5 stores information such as the employee number of the manager 6 of the system 1 and the work in charge.

  Finally, FIG. 6 shows an example of the structure of a table for storing inventory information for computers (clients 3) under the system 1. As shown in FIG. 6, the inventory information includes information related to a user who uses the computer and an administrator 6, information related to a mailer used, and information related to the computer.

  In the management server 2 that holds the data shown in FIGS. 4 to 6 in the configuration management database 22, a method and means for detecting transmission / reception of mail viruses to the clients 3 under the system 1 based on the held data are provided for each client. 3 is specified. The client 3 detects a mail virus by a method or means designated by the management server 2. When the management server 2 receives a notification that a mail virus is about to be transmitted from a certain client 3, the management server 2 executes processing such as notifying the administrator 6 based on the data held.

  With reference to the flowcharts of FIG. 7 and FIG. 8, a process in which the management server 2 determines how the client 3 detects a mail virus based on data stored in the configuration management database 22 will be described.

  FIG. 7 is a flowchart of processing for storing the various management data described above in the configuration management database 22. In the process of storing the data in FIG. 7, first, employee information is registered in the configuration management database 22 using the management tool 26 in step S <b> 1. Here, the employee information refers to data shown in FIG. 4, for example. Next, in step S 2, administrator information is registered in the configuration management database 22 using the management tool 26. Here, the administrator information refers to data shown in FIG. 5, for example. Finally, in step S3, the policy is determined according to the input from the management tool 26. Here, the policy is control information defining an operation flag for instructing start or stop of mail virus detection processing according to the present embodiment, processing on the client 3 side when a mail virus is detected, and the like. .

  FIG. 8 is a flowchart of processing for determining add-on software used in the client 3 based on data stored in the configuration management database 22. First, in step S <b> 4, the management server 2 collects inventory information from the client agent 31. The inventory information is as described above with reference to FIG. In step S5, add-on software to be applied to the client 3 is selected based on the inventory information obtained from the client 3. The add-on software to be applied to each client 3 is selected based on the type of mailer or operating system, version, computer performance, etc. included in the corresponding inventory information. Finally, in step S6, the mail header policy and the selected add-on software are distributed to the client 3 based on the information indicated in the inventory information.

  Using the distributed mail header policy and add-on software, the client 3 detects a mail virus according to the present embodiment. Specifically, in the present embodiment, the client 3 creates a header character string that is authentication information for authenticating a legitimate mail based on the information received from the management server 2. FIG. 9 is a flowchart of processing for creating a character string to be added to the mail as a header in the client 3.

  In step S11, the mail header policy and add-on software are received from the management server 2. In step S12, a predetermined process executed in the client agent 31 is set based on the received mail header policy. Here, as described above with reference to FIG. 8, the predetermined processing is, for example, start / stop of mail virus detection, or discard / queue a mail detected as a virus when a mail virus is detected. It is processing such as inning.

  In step S13, the client agent 31 creates a random character string for creating the authentication header character string 32 embedded in the mail header, and in step S14, the created character string is encrypted. In step S15, a header character string to be added to the mail is generated using the encrypted character string. Finally, in step S16, the header character string generated by the mail client 34 is applied to the add-on software 36 so that it can be used when creating a mail, and the process ends.

  With the processing in FIG. 9, the character string for use in the mail header is made available to the mail client 34. The add-on software 36 distributed from the management server 2 gives the generated character string to the mail header when a mail registration command of the mail client 34 is executed by a user registered in advance. FIG. 10 is a flowchart of processing for registering a user password in the add-on software 36.

  First, in step S17, the mail client 34 is activated, and execution of a process for registering a password is requested by a user command or the like. In step S18, a password registration dialog is displayed on a display means such as a monitor. The user inputs a password obtained by notification from the management server 2 or the like at a predetermined location of the dialog. In step S19, the password is registered in the add-on software 36 of the client 3 by the user clicking the OK button in the password registration dialog. With this password, the add-on software 36 determines that a predetermined user is using the mail client 34, and permits the mail header character string generated in the process of FIG. 9 to be added to the mail.

  Using the password set in the series of processes shown in FIG. 10, it is determined whether or not a legitimate user is going to execute a process such as creating a mail. The means for confirming that the user registered in the management server 2 is going to use the add-on software 36 is not limited to a password. For example, it may be confirmed by fingerprint authentication or vein authentication using a device other than the computer having the mail client 34 of the client 3.

  When the mail client 34 is executed by a predetermined user after the processing in FIG. 10 is completed, for example, when a mail is newly created by the user, the mail header character string described above is added to a predetermined part of the mail header. Added. FIG. 11 is a flowchart of a process for assigning the generated mail header character string to the mail.

  First, in step S20, when the user of the client 3 clicks a mail generation button or the like, a process of creating a mail is executed. Here, the creation of a mail includes a process of creating a new mail and a process of replying to or forwarding a received mail. In step S21, a dialog box for inputting a password is displayed on a monitor or the like. When the user assigned the client 3 inputs the password registered in advance in the process of FIG. 10 and the add-on software 36 recognizes that the operation of the mail client 34 is performed by a legitimate user, The process after step S22 is performed. If it is determined that the request is not a mail creation request by a predetermined user, such as when the password is not appropriate, the process proceeds to step S23 without performing the process of step S22.

  In the process of step S22, a mail template is created by assigning the character string of the mail header generated and applied to the add-on software 36 to the predetermined position of the header by the process of FIG. In step S23, specific contents of the mail such as the mail message and destination are arbitrarily created by the user, and the process ends.

  When the process of step S20 is executed by the add-on software 36 operating in cooperation with the mailer, it is determined that the mail has been properly created. When the mail virus creates a mail, the process of step S20 is not executed. For this reason, it is possible to distinguish a mail whose header character string is not given at a predetermined position in the mail header from a mail that is normally created by determining that there is a possibility of a mail virus.

  FIG. 12 is an example of a screen display of the client 3 at the time of executing the process of step S20. When any one of the new mail issue button 41, the reply mail issue button 42, and the forward mail issue button 43 is pressed, it is determined that the operation in step S20 in FIG. 11 is performed, and the processing after step S21 in FIG. Executed. By registering a password in advance by pressing the password registration button 44, it can be determined in step S21 whether or not it is a mail creation request by a legitimate user.

  FIG. 13A shows an example of a general mail header. In the process of FIG. 11, by being recognized as a mail creation process by a legitimate user, in the process of step S <b> 22, for example, as shown in FIG. 13B, “7BOtQQlWlSnw. A string is added. In the case of a mail created by a mail virus, a header as shown in FIG. 13A without a header character string is created. In this way, a legitimately created mail and a mail virus can be distinguished by the added header character string.

  FIG. 14 is a flowchart of the processing of the client 3 when sending mail. First, in step S24, the user of the client 3 inputs a mail transmission command. In the present embodiment, the client 3 does not send the mail directly, and executes the processes after step S25.

  In step S25, it is determined whether or not an operation flag that is one of the mail header policies is set to ON. If it is off, the process is terminated assuming that the method for detecting a mail virus according to the present embodiment is not executed. If it is on, the process proceeds to step S26. In step S26, the client agent 31 adds a header character string to a predetermined portion of the mail header, and the added header character string is the authentication header character string 32 generated in the process of FIG. Is determined to match.

  If a header character string that matches the authentication header character string 32 is added to a predetermined part of the mail header in step S26, the mail is created by a legitimate user through the process of step S20. Assuming that the received e-mail is received, the processing from step S27 is performed. In step S27, the mail is transmitted to the SMTP server 5. In step S28, the client agent 31 executes the processing from step S13 to step S15 in FIG. 9, and generates a new header character string to be attached to the next created mail. In step S29, the newly generated header character string is applied to the mail client 34, and the process ends. Here, the processing in step S28 and step S29 is processing for preparing a header character string to be added to the next mail to be created.

  On the other hand, when the header character string is not attached to the mail, or when the attached header character string does not match the authentication header character string 32 generated by the client agent 31, the mail is properly created. It is determined that there is a possibility that it is not an email, that is, an email virus, and the processing after step S30 is performed. In step S30, transmission of the mail is rejected, and in step S31, a notification is issued to warn the management server 2 that a virus has entered. In step S32, the mail header policy distributed in advance from the management server 2 is referenced to determine whether or not to discard the mail. If it is specified by the mail header policy that the mail is to be discarded as an operation when a mail virus is detected, the process proceeds to step S33, where the mail is discarded, and the process ends. If it is specified by the mail header policy that the mail is queued, the process proceeds to step S34, the mail is not transmitted, and the process is terminated.

  As described above, in order to send a mail from the client 3 to another terminal or the like by the process shown in FIG. 14, the mail is a legitimately created mail before being sent to the destination. The client agent 31 determines that there is no mail virus. When a mail to be transmitted is recognized as a mail virus, predetermined measures are taken based on the mail header policy.

  When a mail virus is detected in the client 3, the client 3 notifies the management server 2. The management server 2 that has received the notification performs the processing shown in FIG. 15 and FIG.

  FIG. 15 is a flowchart of the processing operation when the management server unit 21 is notified of the entry of a virus. First, in step S41, the client agent 31 receives a notification about virus intrusion. In step S42, necessary information is read by referring to the inventory information from the IP address and host name of the client 3 notified to the management server 2. In step S43, the administrator information is referenced, the notification unit 25 is requested to notify the administrator 6 of the virus intrusion, and the process ends. Upon receiving the request, the notification unit 25 executes the process of FIG.

  FIG. 16 is a flowchart of the notification processing operation to the administrator 6 in the notification unit 25. First, in step S44, a request for notifying the administrator 6 of a virus intrusion is received from the management server unit 21. In step S45, the management server unit 21 notifies the e-mail address of the administrator 6 based on the information read in step S43 of FIG. 15, and ends the process. As a result, it is possible to quickly respond to invasion of mail viruses.

  As described above, according to the mail virus detection method according to the present embodiment, a randomly generated character string is added to the end of the header in the mail created by the predetermined client 3. When a mail is about to be sent from the client 3, the header is referred to, a character string as authentication information is added to the header, and the added header character string matches the randomly generated character string Sent only for confirmed emails. For this reason, even if a virus 3 is infected with a client 3, even if an email virus is sent to the registered email address by reading the address book data of that client 3, a correctly created email Therefore, it is possible to detect the virus infection in the system at an early stage and effectively prevent the spread.

  In the above embodiment, the authentication header character string for authenticating that the mail is a legitimately created mail is generated in the client, but is not limited thereto. For example, an authentication header character string may be generated at a predetermined timing on the management server side and transmitted to the client. Hereinafter, a method for detecting a mail virus when an authentication header character string, which is authentication information, is generated in the management server will be described.

  FIG. 17 is a block diagram of a management server 2A according to another embodiment. Compared with FIG. 2, it differs in that a mail header character string (authentication header character string) 27 is further provided. The mail header character string 27 is information for authenticating that the mail created in the client 3 is not a mail virus but a legitimate mail, and is stored in a predetermined area of the memory. The mail header character string 27 is transmitted to a predetermined client 3. Note that the block diagram of the client 3 has substantially the same configuration as that of the above-described embodiment, and therefore description thereof is omitted here. Hereinafter, processing different from the procedure described with reference to FIGS. 2 to 16 will be described with reference to flowcharts.

FIG. 18 is a flowchart of a process for generating a mail header character string and distributing it to the client 3 in the management server 2A.
First, in step S51, a random character string for generating the mail header character string 27 is created. In step S52, the generated random character string is encrypted, and in step S53, a mail header character string is generated from the encrypted character string. Finally, in step S54, the generated mail header character string 27, mail header policy and add-on software are distributed to the client 3 based on the inventory information.

  In step S54, the distribution destination of the mail header character string 27 and the like is selected by the predetermined client 3 in the management server unit 21 based on, for example, the type of mailer or operating system, version, computer performance, etc. in the inventory information. Is done.

  FIG. 19 is a flowchart of processing in the client 3 for applying the received mail header character string 27 in its own apparatus. First, in step S61, the client agent 31 receives the mail header policy, the add-on software 36, and the mail header character string 27. In step S62, the mail header character string 27 in the received information is applied so that it can be used by the mail client add-on software 36, and the process ends.

  FIG. 20 is a flowchart of processing before the mail transmission of the client 3 according to the present embodiment. Similarly to the processing of the above-described embodiment shown in FIG. 14, when a mail transmission command is input to the client 3 by the user, when the mail virus detection according to this embodiment is set to be executed, the header check is performed. Etc. As a result of checking the header in the processing of FIG. 20, the processing from step S70 to step S74 in the case where it is determined that the mail to be transmitted is not a legitimately created mail by the user is the same as the processing in FIG. Since it corresponds to S30 to step S34, and the same processing is executed, the description is omitted here.

  If it is determined in step S65 that the mail to be sent is a legitimately created mail, the mail is sent to the SMTP server 5 in step S66, and then added to the mail when the next mail is created. A mail header character string that is authentication information is received from the management server 2A.

  First, in step S67, the client agent 31 requests the management server 2A to distribute an authentication header character string. Next, in step S68, the client agent 31 receives a new authentication header character string from the management server 2A. Finally, in step S69, the client agent 31 sends the received authentication header character string to the mail client 34. Apply and finish the process.

  As described above, the mail header character string that is the authentication information is generated in the management server 2A, and sent from the management server 2A to the client 3 every time the client 3 sends mail. It is possible to realize a detection method.

(Appendix 1)
A program for causing a computer connected to a network to execute processing for preventing infection by an email virus,
Creating authentication information to authenticate that the email was legitimately created by the computer;
Giving the authentication information to an email created legitimately by the computer;
A program for executing an illegal mail detection process based on whether or not the authentication information is given to an electronic mail to be transmitted.

(Appendix 2)
The program according to claim 1, wherein the authentication information is given to the electronic mail based on a predetermined operation on a mailer installed on the computer by a user of the computer.

(Appendix 3)
The program according to claim 1, wherein the authentication information is given to the e-mail when the mailer executes a program for newly creating, replying to, or transferring the e-mail.

(Appendix 4)
The program according to appendix 1, wherein the authentication information is composed of a random character string and is newly created every time an e-mail is transmitted.

(Appendix 5)
The program according to appendix 4, wherein the character string constituting the authentication information is encrypted and added to a header of an e-mail.

(Appendix 6)
In the process of detecting unauthorized mail, if the authentication information is given to an email, it is determined that the email is a legitimately created email, and the email is sent to the destination. The program according to appendix 1, wherein if the authentication information is not given, a process for determining that the virus is a mail virus and not transmitting the electronic mail to a transmission destination is further executed.

(Appendix 7)
The program according to appendix 6, further comprising executing a process of notifying the management server that a mail virus has been recognized when the authentication information is not attached to an electronic mail.

(Appendix 8)
A virus infection prevention program that prevents infection with email viruses,
A creation means for creating authentication information for authenticating that the e-mail has been properly created;
An operation unit that operates in cooperation with a mailer that creates an e-mail, and granting unit that grants the authentication information normally created by the creating unit to the e-mail created by the mailer;
Detecting means for detecting an unauthorized e-mail depending on whether or not the authentication information created by the creating means is attached to an e-mail to be sent by the mailer;
A program that makes a computer realize.

(Appendix 9)
A virus infection prevention program that prevents infection with email viruses,
A creation means for creating authentication information for authenticating that the e-mail has been properly created;
An operation unit that operates in cooperation with a mailer that creates an e-mail, and granting unit that grants the authentication information normally created by the creating unit to the e-mail created by the mailer;
Detecting means for detecting fraudulent e-mail by comparing the authentication information given to the e-mail to be sent by the mailer with the authentication information created by the creating means;
A program that makes a computer realize.

It is a block diagram of the whole system concerning this invention. It is a block diagram of the management server which concerns on 1st Embodiment. It is a block diagram of a client concerning a 1st embodiment. It is an example of the data structure which showed the information regarding the user of a client. It is an example of the data structure of the table which stores the information regarding an administrator. It is an example of the data structure of inventory information. It is a flowchart of the process which stores the data to a configuration management database. It is a flowchart of the process which determines the add-on software used in a client. It is a flowchart of the process which produces the character string for giving to a mail as a header in a client. It is a flowchart of the process which registers a user's password into add-on software. It is a flowchart of the process which provides the character string of the produced | generated mail header to a mail. It is an example of the screen display of a client. It is an example of the header of mail. It is a flowchart of the process of the client before transmitting mail based on 1st Embodiment. It is a flowchart about a processing operation when a virus intrusion is notified in the management server. It is a flowchart about the notification process operation | movement to an administrator in a management server. It is a block diagram of the management server which concerns on 2nd Embodiment. It is a flowchart of the process about the production | generation and delivery of a mail header character string in the management server based on 2nd Embodiment. It is a flowchart of the process which applies the received mail header character string in the client based on 2nd Embodiment. It is a flowchart about the process before mail transmission of the client based on 2nd Embodiment.

Explanation of symbols

1 System 2 Management Server 3 Client 5 SMTP Server 6 Administrator 31 Client Agent 32 Authentication Header String 33 Mail Header Policy 34 Mail Client 35 Mail Client Directory 36 Mail Client Add-on Software 37 Applicable Mail Header

Claims (5)

A program for causing a computer connected to a network to execute processing for preventing infection by an email virus,
Creating authentication information to authenticate that the email was legitimately created by the computer;
Giving the authentication information to an email created legitimately by the computer;
A program for executing an illegal mail detection process based on whether or not the authentication information is given to an electronic mail to be transmitted. The program according to claim 1, wherein the authentication information is given to the e-mail based on a predetermined operation on a mailer installed on the computer by a user of the computer. 3. The program according to claim 2, wherein the authentication information is given to the e-mail when the mailer executes a program for newly creating, replying to, or transferring the e-mail. . The program according to claim 1, wherein the authentication information is composed of a random character string and is newly created every time an electronic mail is transmitted. In the process of detecting unauthorized mail, if the authentication information is given to an email, it is determined that the email is a legitimately created email, and the email is sent to the destination. 2. The program according to claim 1, further comprising executing a process of determining that the virus is a mail virus and not transmitting the electronic mail to a transmission destination when authentication information is not attached.