CN106203102B - A kind of checking and killing virus method and device of the whole network terminal - Google Patents
A kind of checking and killing virus method and device of the whole network terminal Download PDFInfo
- Publication number
- CN106203102B CN106203102B CN201510226429.7A CN201510226429A CN106203102B CN 106203102 B CN106203102 B CN 106203102B CN 201510226429 A CN201510226429 A CN 201510226429A CN 106203102 B CN106203102 B CN 106203102B
- Authority
- CN
- China
- Prior art keywords
- file
- score value
- identification
- virus
- sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 241000700605 Viruses Species 0.000 title claims abstract description 94
- 238000000034 method Methods 0.000 title claims abstract description 36
- 238000012797 qualification Methods 0.000 claims abstract description 29
- 230000002155 anti-virotic effect Effects 0.000 claims abstract description 21
- 239000000463 material Substances 0.000 claims description 26
- 230000003068 static effect Effects 0.000 claims description 20
- 208000015181 infectious disease Diseases 0.000 claims description 15
- 230000003612 virological effect Effects 0.000 claims description 10
- 231100001261 hazardous Toxicity 0.000 claims description 9
- 230000002159 abnormal effect Effects 0.000 claims description 5
- 239000008186 active pharmaceutical agent Substances 0.000 claims description 5
- 229910002056 binary alloy Inorganic materials 0.000 claims description 5
- 230000006837 decompression Effects 0.000 claims description 5
- 238000000605 extraction Methods 0.000 claims description 5
- 238000012544 monitoring process Methods 0.000 claims description 5
- 239000007924 injection Substances 0.000 claims description 4
- 238000002347 injection Methods 0.000 claims description 4
- 238000012986 modification Methods 0.000 claims description 4
- 230000004048 modification Effects 0.000 claims description 4
- 239000010421 standard material Substances 0.000 claims description 4
- 238000001914 filtration Methods 0.000 claims 1
- 239000002699 waste material Substances 0.000 abstract description 3
- 238000001514 detection method Methods 0.000 description 3
- 201000010099 disease Diseases 0.000 description 2
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 2
- 235000013399 edible fruits Nutrition 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000004744 fabric Substances 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
A kind of checking and killing virus method and device of the whole network terminal.Method is used for the Cloud Server of network side, comprising: calls the cloud killing engine end of scan equipment based on anti-virus signature database;If scanning doubtful file, it is identified, and according to qualification result, judges whether the doubtful file is virus document;If so, will determine that result is sent to the terminal device, and the virus characteristic of the virus document is published in the anti-virus signature database.Terminal side no longer needs to be carried out the killing of virus using the cloud killing engine on network side with virus base is set up, saved the waste of space resources in the present invention;And utilize the virus base of virus characteristic real-time update, the safety for the equipment being further ensured that.
Description
Technical field
The invention belongs to technical field of network security, more particularly, to the checking and killing virus method and dress of a kind of the whole network terminal
It sets.
Background technique
With the development of computer technology, computer virus is also increasingly affecting the data safety of computer user or is making
With experience.Many computers are mounted with antivirus software (or antivirus software, firewall etc.) to resist computer virus thus.Mesh
Preceding antivirus software mostly uses condition code to know otherwise to detect virus, confirms Current Scan by the condition code of detection virus
File in comprising virus.Therefore the virus document that the author of some computer viruses writes in order to avoid oneself is by antivirus software
It detected, it will usually which virus document is added to hide the signature detection of antivirus software, thus shadow in some invalid instructions
The effect of antivirus software defending computer virus is rung.
Current detection method is the virus base that itself is updated by terminal from network side, is carried out using the virus base of itself
The scanning and killing of data, this mode is there are occupied space resource is big, the problem of virus base updates not in time.
Summary of the invention
An object of the present invention is to provide a kind of checking and killing virus method of the whole network terminal, to solve to occupy in the prior art
The problem of space resources is big, and virus base updates not in time.
In some illustrative embodiments, the checking and killing virus method of the whole network terminal, for the Cloud Server of network side,
It include: that the cloud killing engine based on anti-virus signature database is called to scan the terminal device;If scanning doubtful file, identify
The doubtful file, and according to qualification result, judge whether the doubtful file is virus document;If so, will determine result
It is sent to the terminal device, and the virus characteristic of the virus document is published in the anti-virus signature database.
Preferably, the identification doubtful file judges whether the doubtful file is viral text according to qualification result
Part specifically includes: successively carrying out following identification to the doubtful file, determines the doubtful file according to the qualification result
Final score value;Auxiliary identification, multi engine identification, static identification and dynamic are identified;By the final score value and preset disease
Malicious threshold value is compared, and according to comparison result, determines that the doubtful file is virus document or non-viral file.
Preferably, the auxiliary identification, specifically includes: the type of the identification doubtful file, and according to the doubtful text
The type of part pre-processes it, determines whether the digital signature of file after pretreatment is effective, and/or, if contain
Infection type code;If it is determined that result is digital signature in vain or contains infection type code, then the doubtful file is determined as institute
State virus document;Otherwise, subsequent identification is carried out to the doubtful file.
Preferably, in the type of the identification doubtful file, and the type according to the doubtful file carries out it
Pretreatment, comprising: if compressed file, then successively decompress, all subfiles after obtaining decompression;If shell adding file, then according to
Secondary shelling, the original document after obtaining shelling.
Preferably, the multi engine identification, specifically includes: deployment covers document engine, filtered for auxiliary identification
File is scanned, and is allocated the first sub- score value according to scanning result;In conjunction with acquisition the described first sub- score value with it is described
The qualification result of static state identification and dynamic identification, determines the final score value.
Preferably, the static identification, specifically includes: extraction document attribute material, in self-teaching type material database into
The matching of row material, determines whether material is abnormal, determines the second sub- score value according to judgement result;In conjunction with second son point of acquisition
The qualification result of value and multi engine identification and dynamic identification, determines the final score value.
Preferably, in the self-teaching type material database include standard material at least one: system API, importing
Derived table, key compositional character string, file icon, fileversion number, file compiler type, PE file section table, binary system point
Block, instruction jump block, instruction sequence.
Preferably, the dynamic identification, specifically includes: whether there is dangerous row by doubtful file described in virtual machine monitoring
Then to determine the sub- score value of third according to the type of hazardous act;The attack and the infection risk, comprising: all kinds of notes
Enter, mutexes, inline hook, starting host process, mirror image are kidnapped, addition delay renaming item, input method mechanism, modification instruction
Register and remote thread context, setting global message hook, common loophole flooding;In conjunction with the third of acquisition
Sub- score value and the multi engine are identified and the qualification result of static identification, determines the final score value.
Preferably, after the cloud killing engine of the calling based on anti-virus signature database scans the terminal device, also
If including: to scan virus document, the virus document is removed from the terminal device using cloud killing engine removal.
It is another object of the present invention to provide a kind of checking and killing virus devices of the whole network terminal.
In some illustrative embodiments, the checking and killing virus device of the whole network terminal, comprising: calling module, for adjusting
The terminal device is scanned with the cloud killing engine based on anti-virus signature database;Parsing module, if for scanning doubtful file,
It then identifies the doubtful file, and according to qualification result, judges whether the doubtful file is virus document;Sending module is used
In will determine that result is sent to the terminal device, and the virus characteristic of the virus document is published to the virus characteristic number
According in library.
Compared with prior art, illustrative embodiments of the invention includes following advantages:
Terminal side no longer needs to be carried out the killing of virus using the cloud killing engine on network side with virus base is set up, saved
The waste of space resources;And utilize the virus base of virus characteristic real-time update, the safety for the equipment being further ensured that.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair
Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of illustrative embodiments according to the invention;
Fig. 2 is the structural block diagram of illustrative embodiments according to the invention.
Specific embodiment
In the following detailed description, a large amount of specific details are proposed, in order to provide a thorough understanding of the present invention.But
It will be understood by those within the art that implementable present invention without these specific details.In other cases, without detailed
Well-known method, process, component and circuit are carefully described, in order to avoid influence the understanding of the present invention.
As shown in Figure 1, a kind of checking and killing virus method of the whole network terminal is disclosed, the Cloud Server for network side, comprising:
S11, the cloud killing engine based on anti-virus signature database is called to scan the terminal device;
If S12, scanning doubtful file, it is identified, and according to qualification result, judges that the doubtful file is
No is virus document;
S13, if so, will determine that result is sent to the terminal device, and the virus characteristic of the virus document is sent out
Cloth is into the anti-virus signature database.
Terminal calls cloud killing engine to scan the terminal document, and doubtful file, then obtain the doubtful file if it exists, carries out
It is put into data to be tested library, after identifying that the doubtful file is virus document, the virus characteristic of the virus document is put into disease
In malicious property data base.
Terminal side no longer needs to carry out looking into for virus using the cloud killing engine on network side with virus base is set up in the present invention
It kills, saves the waste of space resources;And utilize the virus base of virus characteristic real-time update, the safety for the equipment being further ensured that
Property.
In some illustrative embodiments, the identification doubtful file judges the doubtful text according to qualification result
Whether part is virus document, is specifically included: successively carrying out following identification to the doubtful file, is determined according to the qualification result
The final score value of the doubtful file;Auxiliary identification, multi engine identification, static identification and dynamic are identified;By the final score value
It is compared with preset viral threshold value, according to comparison result, determines the doubtful file for virus document or non-viral
File.
In some illustrative embodiments, the auxiliary identification, specifically includes: the type of the identification doubtful file, and
Type according to the doubtful file pre-processes it;Determine whether the digital signature of file after pretreatment is effective, and/
Or, determining whether file contains infection type code after pretreatment;If it is determined that result is that digital signature is invalid or contain infection type
The doubtful file is then determined as the virus document by file;Otherwise, subsequent identification is carried out to the doubtful file.
In some illustrative embodiments, in the type of the identification doubtful file, and according to the doubtful file
Type it is pre-processed, comprising: (1) if compressed file, then successively decompress, obtain decompression after all subfiles;
(2) it if shell adding file, then successively shells, the original document after obtaining shelling.
In some illustrative embodiments, the multi engine identification, specifically includes: deployment covers document engine, for auxiliary
It helps the filtered file of identification to be scanned, and the first sub- score value is allocated according to scanning result;In conjunction with described the of acquisition
The qualification result of one sub- score value and the static identification and dynamic identification, determines the final score value.
In some illustrative embodiments, the static identification, specifically includes: extraction document attribute material is being learned self
Material matching is carried out in habit type material database, determines whether material is abnormal, and the second sub- score value is determined according to judgement result;In conjunction with acquisition
The described second sub- score value and the multi engine identification and dynamic identify qualification result, determine the final score value.
In some illustrative embodiments, in the self-teaching type material database include standard element at least one
Material: table, key compositional character string, file icon, fileversion number, file compiler type, PE text system API, are imported and exported
Part section table, binary system piecemeal, instruction jump block, instruction sequence.
In some illustrative embodiments, the dynamic identification, specifically includes: by doubtful file described in virtual machine monitoring
With the presence or absence of hazardous act, then the sub- score value of third is determined according to the type of hazardous act;The attack and infection row
For, comprising: all kinds of injections, mutexes, inline hook, starting host process, mirror image is kidnapped, addition postpones renaming item, input
Method mechanism, modification command register and remote thread context, setting global message hook, common loophole flooding;Knot
It closes the sub- score value of the third obtained and the multi engine is identified and the qualification result of static identification, determine the final score value.
In some illustrative embodiments, the end is scanned in the cloud killing engine of the calling based on anti-virus signature database
After end equipment, further includes: if scanning virus document, remove from the terminal device using the cloud killing engine
Except the virus document.
In some illustrative embodiments, the first son that the multi engine identification, static identification and dynamic identify
Score value, the second sub- score value and the sub- score value of third carry out the combination of result by pre-set weighted value.
Such as:
I=aX+bY+cZ
Wherein, I is final score value, and X, Y, Z are respectively the first sub- score value, the second sub- score value and the sub- score value of third, and a, b, c divide
Not Wei the first sub- score value, the second sub- score value and the sub- score value of third weight coefficient,
A+b+c=1.
In some illustrative embodiments, identification can also include:
Special identification δ: refering in particular to a kind of code of points, which relies on a collection of special external factor auxiliary and calculate score value, such as
File size, file range, file path, scanning channel etc..
Such as:
I=aX+bY+cZ+ δ
Wherein, I is final score value, and X, Y, Z are respectively the first sub- score value, the second sub- score value and the sub- score value of third, and a, b, c divide
Not Wei the first sub- score value, the second sub- score value and the sub- score value of third weight coefficient, a+b+c=1.
As shown in Fig. 2, disclosing a kind of checking and killing virus device 100 of the whole network terminal, comprising: call and be based on virus characteristic number
The calling module 101 of the terminal device is scanned according to the cloud killing engine in library;If scanning doubtful file, the doubtful text is identified
Part, and according to qualification result, judge the doubtful file whether be virus document parsing module 102;It will determine that result is sent
The extremely terminal device, and the virus characteristic of the virus document is published to the sending module in the anti-virus signature database
103。
It in some illustrative embodiments, include: below successively being carried out to the doubtful file in the parsing module 102
The identification module 1021 of identification: auxiliary identification, multi engine identification, static identification and dynamic are identified;It is true according to the qualification result
The analyzing sub-module 1022 of the final score value of the fixed doubtful file;By the final score value and preset viral threshold value into
Row compares, and according to comparison result, determines that the doubtful file is virus document or the judgment module 1023 of non-viral file.
In some illustrative embodiments, include: the first identification submodule 10211 in the identification module 1021, be used for
It identifies the type of the doubtful file, and the type according to the doubtful file pre-processes it, determines after pretreatment
File digital signature it is whether effective, and/or, if contain infection type code;If it is determined that result be digital signature it is invalid or
Containing infection type code, then the doubtful file is determined as the virus document;Otherwise, the doubtful file is carried out subsequent
Identification.
In some illustrative embodiments, in the type of the identification doubtful file, and according to the doubtful file
Type it is pre-processed, comprising: if compressed file, then successively decompress, obtain decompression after all subfiles;If
Shell adding file, then successively shell, the original document after obtaining shelling.
In some illustrative embodiments, include: the second identification submodule 10212 in the identification module 1022, be used for
Deployment covers document engine, identifies that filtered file is scanned for auxiliary, and be allocated first according to scanning result
Sub- score value;In conjunction with the described first sub- score value of acquisition and the qualification result of the static identification and dynamic identification, determine described in most
Whole score value.
In some illustrative embodiments, include: third identification submodule 10213 in the identification module 1022, be used for
Extraction document attribute material carries out material matching in self-teaching type material database, determines whether material is abnormal, ties according to judgement
Fruit determines the second sub- score value;The identification knot identified in conjunction with the described second sub- score value of acquisition and the multi engine and dynamically identified
Fruit determines the final score value.
Preferably, in the self-teaching type material database include standard material at least one: system API, importing
Derived table, key compositional character string, file icon, fileversion number, file compiler type, PE file section table, binary system point
Block, instruction jump block, instruction sequence.
In some illustrative embodiments, include: the 4th identification submodule 10214 in the identification module 1022, be used for
It whether there is hazardous act by doubtful file described in virtual machine monitoring, then third point determined according to the type of hazardous act
Value;The attack and the infection risk, comprising: all kinds of injections, mutexes, inline hook, starting host process, mirror image
It kidnaps, addition delay renaming item, input method mechanism, modify command register and remote thread context, setting global message
Hook, common loophole flooding;It is identified in conjunction with the sub- score value of the third of acquisition and multi engine identification and static state
Qualification result determines the final score value.
In some illustrative embodiments, the checking and killing virus module further include: killing module, if for scanning virus
File then removes the virus document using cloud killing engine removal from the terminal device.
The above description of the embodiment is only used to help understand the method for the present invention and its core ideas;Meanwhile for this
The those skilled in the art in field, according to the thought of the present invention, there will be changes in the specific implementation manner and application range,
In conclusion the contents of this specification are not to be construed as limiting the invention.
Claims (9)
1. a kind of checking and killing virus method of the whole network terminal, which is characterized in that the Cloud Server for network side, comprising:
Call the cloud killing engine end of scan equipment based on anti-virus signature database;
If scanning doubtful file, it is identified, and according to qualification result, judges whether the doubtful file is virus
File;
If so, will determine that result is sent to the terminal device, and the virus characteristic of the virus document is published to described
In anti-virus signature database;
It is described that it is identified, and according to qualification result, judge whether the doubtful file is virus document, is specifically included:
Following identification is successively carried out to the doubtful file, determines final point of the doubtful file according to the qualification result
Value;Auxiliary identification, multi engine identification, static identification and dynamic are identified;
The final score value is compared with preset viral threshold value, according to comparison result, determines the doubtful file
For virus document or non-viral file;
The first sub- score value, the second sub- score value and the sub- score value of third that multi engine identification, static identification and dynamic identify are logical
The combination that pre-set weighted value carries out result is crossed,
I=aX+bY+cZ, I are final score value, and X, Y, Z are respectively the first sub- score value, the second sub- score value and the sub- score value of third, a, b,
C is respectively the weight coefficient of the first sub- score value, the second sub- score value and the sub- score value of third, a+b+c=1;
Identification can also include: special identification δ, refer in particular to code of points, which relies on special external factor auxiliary and calculate score value,
I=aX+bY+cZ+ δ, I are final score value, and X, Y, Z are respectively the first sub- score value, the second sub- score value and the sub- score value of third, a,
B, c is respectively the weight coefficient of the first sub- score value, the second sub- score value and the sub- score value of third, a+b+c=1.
2. checking and killing virus method according to claim 1, which is characterized in that the auxiliary identification specifically includes:
Identify the type of the doubtful file, and the type according to the doubtful file pre-processes it;
Determine whether the digital signature of file after pretreatment is effective, and/or, if contain infection type code;
If it is determined that result is digital signature in vain or contains infection type code, then the doubtful file is determined as the virus text
Part;
Otherwise, subsequent identification is carried out to the doubtful file.
3. checking and killing virus method according to claim 2, which is characterized in that the type of the identification doubtful file,
And the type according to the doubtful file pre-processes it, comprising:
It if compressed file, then successively decompresses, all subfiles after obtaining decompression;
If shell adding file, then successively shell, the original document after obtaining shelling.
4. checking and killing virus method according to claim 1, which is characterized in that the multi engine identification specifically includes:
Deployment covers document engine, identifies that filtered file is scanned for auxiliary, and be allocated according to scanning result
First sub- score value;
In conjunction with the described first sub- score value of acquisition and the qualification result of the static identification and dynamic identification, described final point is determined
Value.
5. checking and killing virus method according to claim 1, which is characterized in that the static identification specifically includes:
Extraction document attribute material carries out material matching in self-teaching type material database, determines whether material is abnormal, according to sentencing
Determine result and determines the second sub- score value;
The qualification result identified in conjunction with the described second sub- score value of acquisition and the multi engine and dynamically identified determines described final
Score value.
6. checking and killing virus method according to claim 5, which is characterized in that include in the self-teaching type material database with
At least one lower standard material:
System API, table, key compositional character string, file icon, fileversion number, file compiler type, PE text are imported and exported
Part section table, binary system piecemeal, instruction jump block, instruction sequence.
7. checking and killing virus method according to claim 1, which is characterized in that the dynamic identification specifically includes:
It whether there is hazardous act by doubtful file described in virtual machine monitoring, then third determined according to the type of hazardous act
Score value;
Attack and infection risk, comprising:
All kinds of injections, mutexes, inline hook, starting host process, mirror image is kidnapped, addition postpones renaming item, input method machine
System, modification command register and remote thread context, setting global message hook, common loophole flooding;
In conjunction with the qualification result of the sub- score value of the third of acquisition and multi engine identification and static identification, determine described final
Score value.
8. checking and killing virus method according to claim 1, which is characterized in that be based on anti-virus signature database in described call
Cloud killing engine scan the terminal device after, further includes:
If scanning virus document, the virus document is removed from the terminal device using the cloud killing engine.
9. a kind of checking and killing virus device of the whole network terminal characterized by comprising
Calling module, for calling the cloud killing engine end of scan equipment based on anti-virus signature database;
Parsing module if identifying for scanning doubtful file it, and according to qualification result, judges described doubtful
Whether file is virus document;
Sending module for that will determine that result is sent to the terminal device, and the virus characteristic of the virus document is issued
Into the anti-virus signature database;
The parsing module includes: that the following identification module identified successively is carried out to the doubtful file: auxiliary identification, multi engine
Identification, static identification and dynamic are identified;The parsing submodule of the final score value of the doubtful file is determined according to the qualification result
Block;The final score value is compared with preset viral threshold value, according to comparison result, determines that the doubtful file is
The judgment module of virus document or non-viral file;
It include: the first identification submodule in the identification module, the type of the doubtful file for identification, and doubted according to described
It is pre-processed like the type of file, determines whether the digital signature of file after pretreatment is effective, and/or, if
Contain infection type code;If it is determined that result is digital signature in vain or contains infection type code, then the doubtful file is determined
For the virus document;Otherwise, subsequent identification is carried out to the doubtful file;
The type of the identification doubtful file, and the type according to the doubtful file pre-processes it, comprising:
It if compressed file, then successively decompresses, all subfiles after obtaining decompression;It if shell adding file, then successively shells, obtains
Original document after taking shelling;
It include: the second identification submodule in the identification module, for disposing more set document engines, after auxiliary identification filtering
File be scanned, and the first sub- score value is allocated according to scanning result;In conjunction with the described first sub- score value of acquisition and institute
The qualification result for stating static identification and dynamic identification, determines the final score value;
Include: third identification submodule in the identification module, extraction document attribute material is used for, in self-teaching type material database
Middle progress material matching, determines whether material is abnormal, determines the second sub- score value according to judgement result;In conjunction with described the second of acquisition
Sub- score value and the multi engine are identified and the qualification result of dynamic identification, determines the final score value;
Include the standard material of at least one of in the self-teaching type material database: system API, importing and exporting table, key
Combining characters string, file icon, fileversion number, file compiler type, PE file section table, binary system piecemeal, instruction jump
Block, instruction sequence;
It include: the 4th identification submodule in the identification module, for whether there is by doubtful file described in virtual machine monitoring
Hazardous act then determines the sub- score value of third according to the type of hazardous act;Attack and infection risk, comprising: all kinds of injections,
Mutexes, inline hook, starting host process, mirror image abduction, addition delay renaming item, input method mechanism, modification are instructed and are posted
Storage and remote thread context, setting global message hook, common loophole flooding;In conjunction with the third of acquisition
Score value and the multi engine are identified and the qualification result of static identification, determines the final score value;
Checking and killing virus module further include: killing module, if utilizing the cloud killing engine from institute for scanning virus document
It states and removes the virus document on terminal device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510226429.7A CN106203102B (en) | 2015-05-06 | 2015-05-06 | A kind of checking and killing virus method and device of the whole network terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510226429.7A CN106203102B (en) | 2015-05-06 | 2015-05-06 | A kind of checking and killing virus method and device of the whole network terminal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106203102A CN106203102A (en) | 2016-12-07 |
| CN106203102B true CN106203102B (en) | 2019-10-11 |
Family
ID=57459111
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510226429.7A Active CN106203102B (en) | 2015-05-06 | 2015-05-06 | A kind of checking and killing virus method and device of the whole network terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106203102B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108667771B (en) * | 2017-03-29 | 2021-10-15 | 北京宸信征信有限公司 | Data processing system and method for processing untrusted data |
| CN106993042A (en) * | 2017-04-05 | 2017-07-28 | 河南工程学院 | A real-time network monitoring method based on cloud computing |
| CN107358102A (en) * | 2017-07-14 | 2017-11-17 | 合肥执念网络科技有限公司 | A kind of computer based checking and killing virus system |
| CN108171058A (en) * | 2017-12-26 | 2018-06-15 | 中国联合网络通信集团有限公司 | Multi engine virus scan system and multi engine virus scan method based on Serverless frames |
| CN108898019A (en) * | 2018-08-17 | 2018-11-27 | 广州瀚华建筑设计有限公司 | CAD checking and killing virus method, system, computer equipment and readable storage medium storing program for executing |
| CN109918173B (en) * | 2019-03-06 | 2021-11-19 | 苏州浪潮智能科技有限公司 | Openstack-based virtual machine health check method and system |
| CN112149115A (en) * | 2020-08-28 | 2020-12-29 | 杭州安恒信息技术股份有限公司 | Method and device for updating virus library, electronic device and storage medium |
| CN112214765B (en) * | 2020-09-29 | 2024-11-01 | 珠海豹好玩科技有限公司 | Virus checking and killing method and device, electronic equipment and storage medium |
| CN114840538A (en) * | 2022-04-21 | 2022-08-02 | 成都安恒信息技术有限公司 | Method and system for testing safety equipment by updating virus library |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101039177A (en) * | 2007-04-27 | 2007-09-19 | 珠海金山软件股份有限公司 | Apparatus and method for on-line searching virus |
| CN101621511A (en) * | 2009-06-09 | 2010-01-06 | 北京安天电子设备有限公司 | Multilayer detecting method without local virus library and multilayer detecting system |
| CN102279917A (en) * | 2011-09-19 | 2011-12-14 | 奇智软件(北京)有限公司 | Multi-antivirus engine parallel antivirus method and system |
| CN102799804A (en) * | 2012-04-30 | 2012-11-28 | 珠海市君天电子科技有限公司 | Comprehensive identification method and system for security of unknown file |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2007117567A2 (en) * | 2006-04-06 | 2007-10-18 | Smobile Systems Inc. | Malware detection system and method for limited access mobile platforms |
-
2015
- 2015-05-06 CN CN201510226429.7A patent/CN106203102B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101039177A (en) * | 2007-04-27 | 2007-09-19 | 珠海金山软件股份有限公司 | Apparatus and method for on-line searching virus |
| CN101621511A (en) * | 2009-06-09 | 2010-01-06 | 北京安天电子设备有限公司 | Multilayer detecting method without local virus library and multilayer detecting system |
| CN102279917A (en) * | 2011-09-19 | 2011-12-14 | 奇智软件(北京)有限公司 | Multi-antivirus engine parallel antivirus method and system |
| CN102799804A (en) * | 2012-04-30 | 2012-11-28 | 珠海市君天电子科技有限公司 | Comprehensive identification method and system for security of unknown file |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106203102A (en) | 2016-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106203102B (en) | A kind of checking and killing virus method and device of the whole network terminal | |
| US10657251B1 (en) | Multistage system and method for analyzing obfuscated content for malware | |
| US12518013B2 (en) | Analysis of malware | |
| US10581879B1 (en) | Enhanced malware detection for generated objects | |
| CN110826064B (en) | A method, device, electronic device and storage medium for processing malicious files | |
| US10192052B1 (en) | System, apparatus and method for classifying a file as malicious using static scanning | |
| US10165001B2 (en) | Method and device for processing computer viruses | |
| US9135443B2 (en) | Identifying malicious threads | |
| CN108804925A (en) | method and system for detecting malicious code | |
| KR20180081053A (en) | Systems and Methods for Domain Generation Algorithm (DGA) Malware Detection | |
| CN109558207B (en) | System and method for forming log for anti-virus scanning of file in virtual machine | |
| US20220159023A1 (en) | System and method for detecting and classifying malware | |
| CN103761478A (en) | Judging method and device of malicious files | |
| CN109800575B (en) | Security detection method for Android application program | |
| CN110417746A (en) | Cross-site scripting attack defence method, device, equipment and storage medium | |
| CN119397533A (en) | Malicious script detection method, device, equipment and storage medium | |
| US10645107B2 (en) | System and method for detecting and classifying malware | |
| CN105468975B (en) | Method for tracing, the apparatus and system of malicious code wrong report | |
| US8938807B1 (en) | Malware removal without virus pattern | |
| EP3799367A1 (en) | Generation device, generation method, and generation program | |
| JP7031438B2 (en) | Information processing equipment, control methods, and programs | |
| CN109472139A (en) | It is a kind of to defend to extort virus to the method and system of the secondary encryption of host document | |
| US9881155B2 (en) | System and method for automatic use-after-free exploit detection | |
| Dam et al. | Learning android malware | |
| CN106101086A (en) | The cloud detection method of optic of program file and system, client, cloud server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100041, room 2, building 3, building 30, Xing Xing street, Shijingshan District, Beijing, Patentee after: Beijing Falcon Safety Technology Co.,Ltd. Address before: 100041, room 2, building 3, building 30, Xing Xing street, Shijingshan District, Beijing, Patentee before: BEIJING KINGSOFT SECURITY MANAGEMENT SYSTEM TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder | ||
| CP03 | Change of name, title or address |
Address after: 3502B, 3rd Floor, Building 4, No. 49 Badachu Road, Shijingshan District, Beijing 100144 Patentee after: Beijing Falcon Safety Technology Co.,Ltd. Country or region after: China Address before: 100041 room a-0003, 2 / F, building 3, yard 30, Shixing street, Shijingshan District, Beijing Patentee before: Beijing Falcon Safety Technology Co.,Ltd. Country or region before: China |
|
| CP03 | Change of name, title or address |