WO2013010394A1 - Internet virus detection method, apparatus thereof and system thereof - Google Patents

Internet virus detection method, apparatus thereof and system thereof Download PDF

Info

Publication number
WO2013010394A1
WO2013010394A1 PCT/CN2012/074607 CN2012074607W WO2013010394A1 WO 2013010394 A1 WO2013010394 A1 WO 2013010394A1 CN 2012074607 W CN2012074607 W CN 2012074607W WO 2013010394 A1 WO2013010394 A1 WO 2013010394A1
Authority
WO
WIPO (PCT)
Prior art keywords
url
virus
server
downloadable
resource
Prior art date
Application number
PCT/CN2012/074607
Other languages
French (fr)
Chinese (zh)
Inventor
蒋敏
丁成林
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2013010394A1 publication Critical patent/WO2013010394A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Definitions

  • the present invention relates to virus detection technology, and more particularly to an Internet virus detection method, apparatus and system. Background technique
  • users usually install anti-virus software on their own network terminals, and perform virus checking and anti-virus operations on the downloaded files by running the anti-virus software installed on the terminal to prevent the network terminal from being infected with viruses.
  • viruses due to the untimely update of the virus database of the anti-virus software, some viruses may not be quarantined or deleted, which may cause the network terminal to be infected with the virus.
  • the main object of the present invention is to provide an Internet virus detection method, apparatus, and system, which can enable a network terminal to know whether a resource to be downloaded contains a virus without installing anti-virus software, thereby preventing the network terminal from being infected with a virus.
  • the technical solution of the present invention is achieved as follows:
  • the invention provides a method for detecting an internet virus, the method comprising:
  • the server performs virus detection on the downloadable resource corresponding to the uniform resource locator URL; and records the result information of the virus detection;
  • the method further includes: the server determining whether the resource corresponding to the URL is a downloadable resource, and performing virus detection when the resource is downloadable.
  • the server performs virus detection on the downloadable resource corresponding to the URL, and is: the server downloads the downloadable resource corresponding to the URL, and performs virus detection on the downloadable resource.
  • the method further includes:
  • the method further includes:
  • the server determines whether the resource corresponding to the URL is a downloadable resource, and the monthly server determines whether the resource corresponding to the URL is a downloadable resource according to the extension of the URL or the header information of the transmission protocol response.
  • the result information includes: a URL and a resource corresponding to the URL whether the virus is included.
  • the result information further includes: a time for performing virus detection, a name and a version of the antivirus software used for virus detection, a name of the detected virus, a size of the downloadable resource, One or more of the message digests of the downloadable resource.
  • the present invention also provides an Internet virus detection system, the system comprising a server and a network terminal, wherein
  • the server is configured to perform virus detection on the downloadable resource corresponding to the webpage address URL, and record the result information of the virus detection; and send the result information corresponding to the URL to the network terminal according to the URL virus query request of the network terminal;
  • the network terminal is configured to send a URL virus query request to the server, and receive result information corresponding to the URL sent by the server.
  • the present invention further provides a server, where the server is configured to perform virus detection on the downloadable resource corresponding to the URL, and record the result information of the virus detection; and send the result corresponding to the URL according to the URL virus query request of the network terminal. Information to the network terminal.
  • the present invention further provides a network terminal, where the network terminal is configured to send a URL virus query request to the server, and receive a result message corresponding to the URL sent by the server, which is known by the server.
  • the downloadable resource corresponding to the Uniform I Universal Resource Locator (URL) is used for virus detection, and the result information of the virus detection is recorded; and the result information corresponding to the URL is sent to the network terminal according to the URL virus query request of the network terminal.
  • the network terminal can be configured to detect whether the resource to be downloaded contains a virus by installing an anti-virus software, and the network terminal is prevented from being infected with the virus.
  • FIG. 1 is a schematic diagram showing an implementation flow of an Internet virus detecting method according to the present invention
  • FIG. 2 is a schematic flowchart of an implementation process of an Internet virus detecting method according to an embodiment of the present invention. detailed description
  • the invention provides a method for detecting an internet virus.
  • the method includes: Step 101: The server performs virus detection on the downloadable resource corresponding to the URL. Specifically, the server detects each URL on the Internet, and when the resource corresponding to the detected URL is a downloadable resource, the server downloads the downloadable resource corresponding to the URL, and performs virus detection on the downloadable resource;
  • the URL is also referred to as a web page address.
  • Step 102 Record result information of the virus detection.
  • the result information includes: the URL and the resource corresponding to the URL contain a virus; and may further include: a time for performing virus detection, a name and a version of the antivirus software used for virus detection, a name of the detected virus, and a downloadable One or more of the size of the resource, the message digest of the downloadable resource.
  • the summary of the downloadable resource may be an MD5 (Message-Digest Algorithm 5) 4 message.
  • Step 103 Send the result information corresponding to the URL to the network terminal according to the URL virus query request of the network terminal.
  • the user can know whether the downloadable resource to be downloaded contains a virus according to the content in the result information. If the result information indicates that the resource corresponding to the URL contains a virus, the user can abandon downloading the resource corresponding to the URL, thereby avoiding infection. .
  • the present invention provides an Internet virus detection system, including a server and a network terminal;
  • the server is configured to perform virus detection on the downloadable resource corresponding to the URL, and record the result information of the virus detection; and send the result information corresponding to the URL to the network terminal according to the URL virus query request of the network terminal;
  • the network terminal is configured to send a URL virus query request to the server, and receive result information corresponding to the URL sent by the server.
  • Step 201 The server determines whether the resource corresponding to the URL is a downloadable resource, and if yes, Then step 202 is performed; otherwise, step 207 is performed.
  • the server uses the network crawler technology to detect each URL on the Internet, and determines whether the resource corresponding to the URL is a downloadable resource according to the header information of the transmission protocol response; or the resource corresponding to the URL may be determined according to the extension of the URL. Download resources.
  • the header information of the transmission protocol response indicates the type of the transmission content, and it is known whether the transmission content is a downloadable resource according to the type of the transmission content.
  • the response header information of the Hyper Text Transfer Protocol (HTTP) includes image/gif, and the image/gif indicates that the transmission content is a Gif format image, and the image resource corresponding to the detected URL is a downloadable resource.
  • the HTTP response header information includes text/html, and the text/html indicates that the transmission content is a html format page, and the page resource corresponding to the URL is a non-downloadable resource.
  • the header information of the transmission protocol response does not indicate the type of the transmission content, it may be determined according to the extension of the URL whether the resource corresponding to the URL is a downloadable resource.
  • the URL is http://www.xxx.com/path/abc.mp3 , where .mp3 is the extension of the URL, and the extension indicates that the resource corresponding to the URL is a downloadable resource.
  • extensions such as .exe, .pdf, .doc, .xls, .MP3, and . apk all indicate that the resource corresponding to the URL to which they belong is a downloadable resource.
  • Step 202 Determine whether the downloadable resource has been tested for viruses. If yes, execute step 203; otherwise, perform step 204.
  • Step 203 Determine whether the time interval between the detection date of the virus detection and the current time exceeds a set period, and if yes, perform step 204; otherwise, perform step 207.
  • Step 204 The server downloads the downloadable resource corresponding to the URL, and performs virus detection on the downloadable resource.
  • Step 205 Record result information of the virus detection.
  • Step 206 Send result information corresponding to the URL to the network terminal according to the URL virus query request of the network terminal.
  • Step 207 ending the current processing flow.
  • the server can parse the website corresponding to the URL through the URL, and according to the result of the virus detection recorded in step 205, the security status of the download resources of each website can be known.
  • the user can log in to the server to check the security status of the download resources of each website, so that the user can select the website to download the required resources according to the security situation.
  • the administrators of each website can also log in to the server to check the security status of the download resources of their websites, so as to strengthen the website management.

Abstract

An internet virus detection method is provided, which comprises the following steps: carrying out a virus detection on the downloadable resources corresponding to the Uniform Resource Locator (URL) with a server; recording the result information of the virus detection; according to the URL virus query request of a network terminal, sending the result information corresponding to the URL to the network terminal. An internet virus detection apparatus and a system thereof are also provided, with which a network terminal does not need to install anti-virus software, can learn through the query whether the downloadable resources to be downloaded contain viruses, and thus avoids a virus infection of the network terminal.

Description

一种互联网病毒检测方法、 装置和系统 技术领域  Internet virus detection method, device and system
本发明涉及病毒检测技术, 尤其涉及一种互联网病毒检测方法、 装置 和系统。 背景技术  The present invention relates to virus detection technology, and more particularly to an Internet virus detection method, apparatus and system. Background technique
随着科技的发展以及人们生活水平的不断提升, 越来越多的用户通过 计算机或手机等网络终端访问互联网, 进行上网浏览或下载软件等操作。 但是, 互联网上有大量病毒, 下载并运行含有病毒的文件就会导致网络终 端感染病毒。  With the development of technology and the continuous improvement of people's living standards, more and more users access the Internet through network terminals such as computers or mobile phones, and browse or download software. However, there are a large number of viruses on the Internet, and downloading and running a file containing a virus can cause the network terminal to be infected with a virus.
目前, 用户通常会在自己的网络终端上安装杀毒软件, 通过运行终端 安装的杀毒软件对下载的文件进行查毒和杀毒操作, 以此来避免网络终端 感染病毒。 但是, 由于杀毒软件的病毒库更新不及时等原因, 仍可能导致 有些病毒未被隔离或删除, 进而导致网络终端感染病毒。  At present, users usually install anti-virus software on their own network terminals, and perform virus checking and anti-virus operations on the downloaded files by running the anti-virus software installed on the terminal to prevent the network terminal from being infected with viruses. However, due to the untimely update of the virus database of the anti-virus software, some viruses may not be quarantined or deleted, which may cause the network terminal to be infected with the virus.
特别是, 随着智能手机的普及, 人们经常通过智能手机上网下载游戏 或软件等文件。 但是, 智能手机的 CPU较慢且存储空间较少, 而杀毒软件 通常会占用很大的存储空间, 并且运行杀毒软件会占用大量的系统资源, 影响其他程序的正常运行, 所以大多数的智能手机没有安装杀毒软件, 这 就导致智能手机极易感染病毒。 发明内容  In particular, with the popularity of smartphones, people often download files such as games or software online via smartphones. However, the CPU of the smartphone is slower and has less storage space, and the anti-virus software usually takes up a lot of storage space, and running the anti-virus software consumes a lot of system resources, affecting the normal operation of other programs, so most smartphones No anti-virus software is installed, which makes the smartphone very susceptible to viruses. Summary of the invention
有鉴于此, 本发明的主要目的在于提供一种互联网病毒检测方法、 装 置和系统, 能够使网络终端无需安装杀毒软件, 就能获知要下载的资源是 否含有病毒, 从而避免网络终端感染病毒。 为达到上述目的, 本发明的技术方案是这样实现的: In view of this, the main object of the present invention is to provide an Internet virus detection method, apparatus, and system, which can enable a network terminal to know whether a resource to be downloaded contains a virus without installing anti-virus software, thereby preventing the network terminal from being infected with a virus. In order to achieve the above object, the technical solution of the present invention is achieved as follows:
本发明提供了一种互联网病毒的检测方法, 该方法包括:  The invention provides a method for detecting an internet virus, the method comprising:
服务器对统一资源定位符 URL对应的可下载资源进行病毒检测; 记录所述病毒检测的结果信息;  The server performs virus detection on the downloadable resource corresponding to the uniform resource locator URL; and records the result information of the virus detection;
根据网络终端的 URL病毒查询请求发送所述 URL对应的结果信息给 所述网络终端。  Sending result information corresponding to the URL to the network terminal according to a URL virus query request of the network terminal.
较佳的, 所述服务器对 URL对应的可下载资源进行病毒检测之前, 该 方法还包括: 服务器判断 URL对应的资源是否为可下载资源, 是可下载资 源时, 进行病毒检测。  Preferably, before the server performs virus detection on the downloadable resource corresponding to the URL, the method further includes: the server determining whether the resource corresponding to the URL is a downloadable resource, and performing virus detection when the resource is downloadable.
较佳的, 所述服务器对 URL对应的可下载资源进行病毒检测, 为: 月良 务器下载所述 URL对应的可下载资源,并对所述可下载资源进行病毒检测。  Preferably, the server performs virus detection on the downloadable resource corresponding to the URL, and is: the server downloads the downloadable resource corresponding to the URL, and performs virus detection on the downloadable resource.
较佳的, 所述下载所述可下载资源之前, 该方法还包括:  Preferably, before the downloading the downloadable resource, the method further includes:
判断所述可下载资源是否进行过病毒检测, 未进行过病毒检测时, 下 载所述可下载资源。  Determining whether the downloadable resource has been tested for viruses, and when the virus detection has not been performed, downloading the downloadable resource.
较佳的, 所述判断所述可下载资源是否进行过病毒检测之后, 该方法 还包括:  Preferably, after the determining whether the downloadable resource has been tested for viruses, the method further includes:
判断所述病毒检测的检测日期与当前时间的时间间隔是否超过设定的 期限, 超过设定的期限时, 则对所述可下载资源进行病毒检测。  It is determined whether the time interval between the detection date and the current time of the virus detection exceeds a set period, and when the set period is exceeded, virus detection is performed on the downloadable resource.
较佳的, 所述服务器判断 URL对应的资源是否为可下载资源, 为, 月良 务器根据 URL的扩展名或传输协议应答的头信息, 判断 URL对应的资源 是否为可下载资源。  Preferably, the server determines whether the resource corresponding to the URL is a downloadable resource, and the monthly server determines whether the resource corresponding to the URL is a downloadable resource according to the extension of the URL or the header information of the transmission protocol response.
较佳的, 所述结果信息包括: URL和所述 URL对应的资源是否含有病 毒。  Preferably, the result information includes: a URL and a resource corresponding to the URL whether the virus is included.
较佳的, 所述结果信息还包括: 进行病毒检测的时间、 进行病毒检测 所用杀毒软件的名称及版本、 检测出的病毒的名称、 可下载资源的大小、 可下载资源的报文摘要中的一种或几种。 Preferably, the result information further includes: a time for performing virus detection, a name and a version of the antivirus software used for virus detection, a name of the detected virus, a size of the downloadable resource, One or more of the message digests of the downloadable resource.
本发明还提供了一种互联网病毒的检测系统, 所述系统包括服务器和 网络终端, 其中,  The present invention also provides an Internet virus detection system, the system comprising a server and a network terminal, wherein
所述服务器, 用于对网页地址 URL对应的可下载资源进行病毒检测, 记录所述病毒检测的结果信息; 根据网络终端的 URL病毒查询请求发送所 述 URL对应的结果信息给网络终端;  The server is configured to perform virus detection on the downloadable resource corresponding to the webpage address URL, and record the result information of the virus detection; and send the result information corresponding to the URL to the network terminal according to the URL virus query request of the network terminal;
所述网络终端, 用于向所述服务器发送 URL病毒查询请求, 并接收所 述服务器发送的所述 URL对应的结果信息。  The network terminal is configured to send a URL virus query request to the server, and receive result information corresponding to the URL sent by the server.
本发明还提供了一种服务器, 所述服务器, 用于对 URL对应的可下载 资源进行病毒检测, 记录所述病毒检测的结果信息; 根据网络终端的 URL 病毒查询请求发送所述 URL对应的结果信息给网络终端。  The present invention further provides a server, where the server is configured to perform virus detection on the downloadable resource corresponding to the URL, and record the result information of the virus detection; and send the result corresponding to the URL according to the URL virus query request of the network terminal. Information to the network terminal.
本发明还提供了一种网络终端, 所述网络终端, 用于向所述服务器发 送 URL病毒查询请求, 并接收所述服务器发送的所述 URL对应的结果信 由上可知, 本发明通过服务器对统一资源定位符 (URL, Uniform I Universal Resource Locator )对应的可下载资源进行病毒检测 , 并记录病毒 检测的结果信息; 根据网络终端的 URL病毒查询请求发送所述 URL对应 的结果信息给网络终端。 如此, 能够使网络终端无需安装杀毒软件, 通过 查询即可得知要下载的资源是否含有病毒, 避免网络终端感染病毒。 附图说明  The present invention further provides a network terminal, where the network terminal is configured to send a URL virus query request to the server, and receive a result message corresponding to the URL sent by the server, which is known by the server. The downloadable resource corresponding to the Uniform I Universal Resource Locator (URL) is used for virus detection, and the result information of the virus detection is recorded; and the result information corresponding to the URL is sent to the network terminal according to the URL virus query request of the network terminal. In this way, the network terminal can be configured to detect whether the resource to be downloaded contains a virus by installing an anti-virus software, and the network terminal is prevented from being infected with the virus. DRAWINGS
图 1为本发明互联网病毒检测方法的实现流程示意图;  1 is a schematic diagram showing an implementation flow of an Internet virus detecting method according to the present invention;
图 2为本发明互联网病毒检测方法一实施例的实现流程示意图。 具体实施方式  FIG. 2 is a schematic flowchart of an implementation process of an Internet virus detecting method according to an embodiment of the present invention. detailed description
本发明提供了一种互联网病毒的检测方法, 如图 1所示, 该方法包括: 步驟 101 , 服务器对 URL对应的可下载资源进行病毒检测。 具体为: 服务器检测互联网上的每个 URL, 当检测到的 URL对应的资 源为可下载资源时, 服务器下载所述 URL对应的可下载资源, 并对所述可 下载资源进行病毒检测; 其中, 所述 URL也称网页地址。 The invention provides a method for detecting an internet virus. As shown in FIG. 1, the method includes: Step 101: The server performs virus detection on the downloadable resource corresponding to the URL. Specifically, the server detects each URL on the Internet, and when the resource corresponding to the detected URL is a downloadable resource, the server downloads the downloadable resource corresponding to the URL, and performs virus detection on the downloadable resource; The URL is also referred to as a web page address.
步驟 102, 记录所述病毒检测的结果信息。  Step 102: Record result information of the virus detection.
这里,所述结果信息包括: URL和所述 URL对应的资源是否含有病毒; 还可以包括: 进行病毒检测的时间、 进行病毒检测所用杀毒软件的名称及 版本、 检测出的病毒的名称、 可下载资源的大小、 可下载资源的报文摘要 中的一种或几种。 其中, 所述可下载资源的 4艮文摘要可以是 MD5 ( Message-Digest Algorithm 5 ) 4离要才艮文。  Here, the result information includes: the URL and the resource corresponding to the URL contain a virus; and may further include: a time for performing virus detection, a name and a version of the antivirus software used for virus detection, a name of the detected virus, and a downloadable One or more of the size of the resource, the message digest of the downloadable resource. The summary of the downloadable resource may be an MD5 (Message-Digest Algorithm 5) 4 message.
步驟 103 ,根据网络终端的 URL病毒查询请求发送所述 URL对应的结 果信息给网络终端。  Step 103: Send the result information corresponding to the URL to the network terminal according to the URL virus query request of the network terminal.
相应的, 用户根据结果信息中的内容就可以知道要下载的可下载资源 是否含有病毒, 如果结果信息表明所述 URL对应的资源含有病毒, 用户可 以放弃下载述 URL对应的资源 , 从而避免感染病毒。  Correspondingly, the user can know whether the downloadable resource to be downloaded contains a virus according to the content in the result information. If the result information indicates that the resource corresponding to the URL contains a virus, the user can abandon downloading the resource corresponding to the URL, thereby avoiding infection. .
为实现上述方法, 本发明提供了一种互联网病毒的检测系统, 包括服 务器和网络终端; 其中,  In order to implement the above method, the present invention provides an Internet virus detection system, including a server and a network terminal;
所述服务器, 用于对 URL对应的可下载资源进行病毒检测, 记录所述 病毒检测的结果信息; 根据网络终端的 URL病毒查询请求发送所述 URL 对应的结果信息给网络终端;  The server is configured to perform virus detection on the downloadable resource corresponding to the URL, and record the result information of the virus detection; and send the result information corresponding to the URL to the network terminal according to the URL virus query request of the network terminal;
所述网络终端, 用于向所述服务器发送 URL病毒查询请求, 并接收所 述服务器发送的所述 URL对应的结果信息。  The network terminal is configured to send a URL virus query request to the server, and receive result information corresponding to the URL sent by the server.
下面对本发明的一实施例进行详细的介绍。  An embodiment of the present invention will be described in detail below.
如图 2所示, 本实施例互联网病毒检测方法的实现流程包括以下步驟: 步驟 201 , 服务器判断 URL对应的资源是否为可下载资源, 如果是, 则执行步驟 202; 否则, 执行步驟 207。 As shown in FIG. 2, the implementation process of the Internet virus detection method in this embodiment includes the following steps: Step 201: The server determines whether the resource corresponding to the URL is a downloadable resource, and if yes, Then step 202 is performed; otherwise, step 207 is performed.
具体为, 服务器利用网络爬虫技术检测互联网上的每个 URL, 并根据 传输协议应答的头信息判断 URL对应的资源是否为可下载资源; 也可以根 据 URL的扩展名判断 URL对应的资源是否为可下载资源。  Specifically, the server uses the network crawler technology to detect each URL on the Internet, and determines whether the resource corresponding to the URL is a downloadable resource according to the header information of the transmission protocol response; or the resource corresponding to the URL may be determined according to the extension of the URL. Download resources.
通常, 传输协议应答的头信息会指明传输内容的类型, 根据传输内容 的类型可知所述传输内容是否为可下载资源。 例如, 超文本传输协议 ( HTTP, Hyper Text Transfer Protocol ) 的应答头信息包括 image/gif, 所述 image/gif表示传输内容为 Gif格式的图片, 检测的 URL对应的图片资源为 可下载资源。 再如, HTTP的应答头信息包括 text/html, 所述 text/html表 示传输内容为 html格式的页面,所述 URL对应的页面资源为不可下载资源。  Generally, the header information of the transmission protocol response indicates the type of the transmission content, and it is known whether the transmission content is a downloadable resource according to the type of the transmission content. For example, the response header information of the Hyper Text Transfer Protocol (HTTP) includes image/gif, and the image/gif indicates that the transmission content is a Gif format image, and the image resource corresponding to the detected URL is a downloadable resource. For example, the HTTP response header information includes text/html, and the text/html indicates that the transmission content is a html format page, and the page resource corresponding to the URL is a non-downloadable resource.
当传输协议应答的头信息没有指明传输内容的类型时, 可以根据 URL 的扩展名判断 URL 对应的资源是否为可下载资源。 例如, URL 为 http://www.xxx.com/path/abc.mp3 , 其中, .mp3就是该 URL的扩展名, 该扩 展名 表 示 所 述 URL 对 应 的 资 源 为 可 下 载 资 源 。 通 常, .exe、 .pdf、 .doc, .xls、 .MP3和. apk等扩展名均表示其所属的 URL对 应的资源为可下载资源。  When the header information of the transmission protocol response does not indicate the type of the transmission content, it may be determined according to the extension of the URL whether the resource corresponding to the URL is a downloadable resource. For example, the URL is http://www.xxx.com/path/abc.mp3 , where .mp3 is the extension of the URL, and the extension indicates that the resource corresponding to the URL is a downloadable resource. In general, extensions such as .exe, .pdf, .doc, .xls, .MP3, and . apk all indicate that the resource corresponding to the URL to which they belong is a downloadable resource.
步驟 202, 判断所述可下载资源是否进行过病毒检测, 如果是, 则执行 步驟 203; 否则, 执行步驟 204。  Step 202: Determine whether the downloadable resource has been tested for viruses. If yes, execute step 203; otherwise, perform step 204.
步驟 203 ,判断所述病毒检测的检测日期与当前时间的时间间隔是否超 过设定的期限, 如果是, 则执行步驟 204; 否则, 执行步驟 207  Step 203: Determine whether the time interval between the detection date of the virus detection and the current time exceeds a set period, and if yes, perform step 204; otherwise, perform step 207.
步驟 204, 服务器下载所述 URL对应的可下载资源, 并对所述可下载 资源进行病毒检测。  Step 204: The server downloads the downloadable resource corresponding to the URL, and performs virus detection on the downloadable resource.
步驟 205 , 记录病毒检测的结果信息。  Step 205: Record result information of the virus detection.
步驟 206 ,根据网络终端的 URL病毒查询请求发送所述 URL对应的结 果信息给网络终端。 步驟 207, 结束当前处理流程。 Step 206: Send result information corresponding to the URL to the network terminal according to the URL virus query request of the network terminal. Step 207, ending the current processing flow.
此外, 服务器可以通过 URL解析出该 URL对应的网站, 再根据步驟 205 中记录的病毒检测的结果信息, 即可得知各网站的下载资源的安全情 况。  In addition, the server can parse the website corresponding to the URL through the URL, and according to the result of the virus detection recorded in step 205, the security status of the download resources of each website can be known.
用户可以通过登录该服务器查询各网站的下载资源的安全情况, 这样, 用户可以根据安全情况选择网站下载所需资源。 同时, 各网站的管理人员 也可以通过登录该服务器查询自身网站的下载资源的安全情况, 以便有针 对性加强网站管理。  The user can log in to the server to check the security status of the download resources of each website, so that the user can select the website to download the required resources according to the security situation. At the same time, the administrators of each website can also log in to the server to check the security status of the download resources of their websites, so as to strengthen the website management.
以上所述仅为本发明的较佳实施例而已, 并非用于限定本发明的保护 范围。  The above is only the preferred embodiment of the present invention and is not intended to limit the scope of the present invention.

Claims

权利要求书 Claim
1、 一种互联网病毒的检测方法, 其特征在于, 该方法包括:  A method for detecting an Internet virus, characterized in that the method comprises:
服务器对统一资源定位符 URL对应的可下载资源进行病毒检测; 记录所述病毒检测的结果信息;  The server performs virus detection on the downloadable resource corresponding to the uniform resource locator URL; and records the result information of the virus detection;
根据网络终端的 URL病毒查询请求发送所述 URL对应的结果信息给 所述网络终端。  Sending result information corresponding to the URL to the network terminal according to a URL virus query request of the network terminal.
2、 根据权利要求 1所述的方法, 其特征在于, 所述服务器对 URL对 应的可下载资源进行病毒检测之前, 该方法还包括: 服务器判断 URL对应 的资源是否为可下载资源, 是可下载资源时, 进行病毒检测。  The method according to claim 1, wherein before the server performs virus detection on the downloadable resource corresponding to the URL, the method further includes: the server determining whether the resource corresponding to the URL is a downloadable resource, and is downloadable When the resource is used, virus detection is performed.
3、 根据权利要求 2所述的方法, 其特征在于, 所述服务器对 URL对 应的可下载资源进行病毒检测, 为:  The method according to claim 2, wherein the server performs virus detection on the downloadable resource corresponding to the URL, which is:
服务器下载所述 URL对应的可下载资源, 并对所述可下载资源进行病 毒检测。  The server downloads the downloadable resource corresponding to the URL, and performs virus detection on the downloadable resource.
4、 根据权利要求 3所述的方法, 其特征在于, 所述下载所述可下载资 源之前, 该方法还包括:  The method according to claim 3, wherein before the downloading the downloadable resource, the method further comprises:
判断所述可下载资源是否进行过病毒检测, 未进行过病毒检测时, 下 载所述可下载资源。  Determining whether the downloadable resource has been tested for viruses, and when the virus detection has not been performed, downloading the downloadable resource.
5、 根据权利要求 4所述的方法, 其特征在于, 所述判断所述可下载资 源是否进行过病毒检测之后, 该方法还包括:  The method according to claim 4, wherein, after the determining whether the downloadable resource has been subjected to virus detection, the method further comprises:
判断所述病毒检测的检测日期与当前时间的时间间隔是否超过设定的 期限, 超过设定的期限时, 则对所述可下载资源进行病毒检测。  It is determined whether the time interval between the detection date and the current time of the virus detection exceeds a set period, and when the set period is exceeded, virus detection is performed on the downloadable resource.
6、 根据权利要求 2 所述的方法, 其特征在于, 所述服务器判断 URL 对应的资源是否为可下载资源, 为,  The method according to claim 2, wherein the server determines whether the resource corresponding to the URL is a downloadable resource,
服务器根据 URL的扩展名或传输协议应答的头信息, 判断 URL对应 的资源是否为可下载资源。 The server determines whether the resource corresponding to the URL is a downloadable resource according to the extension of the URL or the header information of the transmission protocol response.
7、根据权利要求 1所述的方法,其特征在于,所述结果信息包括: URL 和所述 URL对应的资源是否含有病毒。 The method according to claim 1, wherein the result information comprises: a URL and a resource corresponding to the URL whether a virus is included.
8、 根据权利要求 7所述的方法, 其特征在于, 所述结果信息还包括: 进行病毒检测的时间、 进行病毒检测所用杀毒软件的名称及版本、 检测出 的病毒的名称、 可下载资源的大小、 可下载资源的报文摘要中的一种或几 种。  The method according to claim 7, wherein the result information further comprises: a time for performing virus detection, a name and a version of the antivirus software used for virus detection, a name of the detected virus, and a downloadable resource. One or more of the message digests of size and downloadable resources.
9、 一种互联网病毒的检测系统, 其特征在于, 所述系统包括服务器和 网络终端, 其中,  A system for detecting an Internet virus, the system comprising a server and a network terminal, wherein
所述服务器, 用于对网页地址 URL对应的可下载资源进行病毒检测, 记录所述病毒检测的结果信息; 根据网络终端的 URL病毒查询请求发送所 述 URL对应的结果信息给网络终端;  The server is configured to perform virus detection on the downloadable resource corresponding to the webpage address URL, and record the result information of the virus detection; and send the result information corresponding to the URL to the network terminal according to the URL virus query request of the network terminal;
所述网络终端, 用于向所述服务器发送 URL病毒查询请求, 并接收所 述服务器发送的所述 URL对应的结果信息。  The network terminal is configured to send a URL virus query request to the server, and receive result information corresponding to the URL sent by the server.
10、 一种服务器, 其特征在于,  10. A server, characterized in that
所述服务器, 用于对 URL对应的可下载资源进行病毒检测, 记录所述 病毒检测的结果信息; 根据网络终端的 URL病毒查询请求发送所述 URL 对应的结果信息给网络终端。  The server is configured to perform virus detection on the downloadable resource corresponding to the URL, and record the result information of the virus detection; and send the result information corresponding to the URL to the network terminal according to the URL virus query request of the network terminal.
11、 一种网络终端, 其特征在于,  11. A network terminal, characterized in that
所述网络终端, 用于向所述服务器发送 URL病毒查询请求, 并接收所 述服务器发送的所述 URL对应的结果信息。  The network terminal is configured to send a URL virus query request to the server, and receive result information corresponding to the URL sent by the server.
PCT/CN2012/074607 2011-07-20 2012-04-24 Internet virus detection method, apparatus thereof and system thereof WO2013010394A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2011102034899A CN102255915A (en) 2011-07-20 2011-07-20 Internet virus detection method, apparatus thereof and system thereof
CN201110203489.9 2011-07-20

Publications (1)

Publication Number Publication Date
WO2013010394A1 true WO2013010394A1 (en) 2013-01-24

Family

ID=44982911

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/074607 WO2013010394A1 (en) 2011-07-20 2012-04-24 Internet virus detection method, apparatus thereof and system thereof

Country Status (2)

Country Link
CN (1) CN102255915A (en)
WO (1) WO2013010394A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104966020A (en) * 2014-07-24 2015-10-07 哈尔滨安天科技股份有限公司 Eigenvector-based anti-virus detection method and system

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102255915A (en) * 2011-07-20 2011-11-23 中兴通讯股份有限公司 Internet virus detection method, apparatus thereof and system thereof
CN103701759A (en) * 2012-09-27 2014-04-02 西门子公司 Method and device for detecting malicious website
CN104239790B (en) * 2013-06-09 2019-11-19 腾讯科技(深圳)有限公司 Treatment method of virus and device
CN104243424B (en) * 2013-06-19 2018-04-06 腾讯科技(深圳)有限公司 Data download method, device and system
CN103685258B (en) * 2013-12-06 2018-09-04 北京奇安信科技有限公司 A kind of method and apparatus of quick scans web sites loophole
RU2617654C2 (en) * 2015-09-30 2017-04-25 Акционерное общество "Лаборатория Касперского" System and method of formation of anti-virus records used to detect malicious files on user's computer
CN107358037A (en) * 2017-06-30 2017-11-17 罗颖莉 A kind of video electronic medical record system with internet detection part
CN113821796A (en) * 2020-06-18 2021-12-21 深信服科技股份有限公司 File virus checking and killing method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150583A (en) * 2007-10-23 2008-03-26 华为技术有限公司 Anti-virus method and device for terminal device
CN101308533A (en) * 2008-06-30 2008-11-19 华为技术有限公司 Method, apparatus and system for virus checking and killing
US7945955B2 (en) * 2006-12-18 2011-05-17 Quick Heal Technologies Private Limited Virus detection in mobile devices having insufficient resources to execute virus detection software
CN102255915A (en) * 2011-07-20 2011-11-23 中兴通讯股份有限公司 Internet virus detection method, apparatus thereof and system thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7945955B2 (en) * 2006-12-18 2011-05-17 Quick Heal Technologies Private Limited Virus detection in mobile devices having insufficient resources to execute virus detection software
CN101150583A (en) * 2007-10-23 2008-03-26 华为技术有限公司 Anti-virus method and device for terminal device
CN101308533A (en) * 2008-06-30 2008-11-19 华为技术有限公司 Method, apparatus and system for virus checking and killing
CN102255915A (en) * 2011-07-20 2011-11-23 中兴通讯股份有限公司 Internet virus detection method, apparatus thereof and system thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104966020A (en) * 2014-07-24 2015-10-07 哈尔滨安天科技股份有限公司 Eigenvector-based anti-virus detection method and system

Also Published As

Publication number Publication date
CN102255915A (en) 2011-11-23

Similar Documents

Publication Publication Date Title
WO2013010394A1 (en) Internet virus detection method, apparatus thereof and system thereof
US10021129B2 (en) Systems and methods for malware detection and scanning
US8726387B2 (en) Detecting a trojan horse
US10382479B2 (en) Malware detection using internal and/or external malware detection operations
US8850584B2 (en) Systems and methods for malware detection
EP3011437B1 (en) Scanning files for inappropriate content during synchronization
US20140096246A1 (en) Protecting users from undesirable content
WO2013181982A1 (en) Method, device and system for identifying abnormality of network behavior of program
WO2015081900A1 (en) Method, device, and system for cloud-security-based blocking of advertisement programs
WO2013044757A1 (en) Method, device and system for detecting security of download link
EP2755157B1 (en) Detecting undesirable content
JP5920169B2 (en) Unauthorized connection detection method, network monitoring apparatus and program
WO2012113272A1 (en) Method, system and device for improving security of terminal when surfing internet
RU2677361C1 (en) Method and system of decentralized identification of malware programs
EP3991389B1 (en) File upload control for client-side applications in proxy solutions
CN112703496B (en) Content policy based notification to application users regarding malicious browser plug-ins
JP5752642B2 (en) Monitoring device and monitoring method
WO2012034537A1 (en) Online application system and method for implementing same
JP5478390B2 (en) Log extraction system and program
US8978139B1 (en) Method and apparatus for detecting malicious software activity based on an internet resource information database
US8141153B1 (en) Method and apparatus for detecting executable software in an alternate data stream
US9154520B1 (en) Systems and methods for notifying users of endpoint devices about blocked downloads
WO2013143714A1 (en) Controlling anti-virus software updates
JP6955527B2 (en) Information processing equipment, information processing methods, and information processing programs
JP5478381B2 (en) Application determination system and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12814728

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12814728

Country of ref document: EP

Kind code of ref document: A1