[go: up one dir, main page]

CN103093145B - A kind of methods, devices and systems scanning movable storage device - Google Patents

A kind of methods, devices and systems scanning movable storage device Download PDF

Info

Publication number
CN103093145B
CN103093145B CN201310020638.7A CN201310020638A CN103093145B CN 103093145 B CN103093145 B CN 103093145B CN 201310020638 A CN201310020638 A CN 201310020638A CN 103093145 B CN103093145 B CN 103093145B
Authority
CN
China
Prior art keywords
list
file
root directory
storage device
scan
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310020638.7A
Other languages
Chinese (zh)
Other versions
CN103093145A (en
Inventor
何博
宁敢
苏洁
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201310020638.7A priority Critical patent/CN103093145B/en
Publication of CN103093145A publication Critical patent/CN103093145A/en
Application granted granted Critical
Publication of CN103093145B publication Critical patent/CN103093145B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本发明公开了一种扫描移动存储设备的方法、装置和系统,涉及信息安全技术领域。所述方法包括:枚举移动存储设备的根目录文件,将匹配黑名单、特殊规则列表或云查询类型列表的根目录文件添加到扫描列表中,扫描移动存储设备的非根目录文件,将与黑名单中的非根目录路径匹配的项添加到扫描列表中,将扫描列表中的云查询类型发送到服务器端,将服务器端反馈的安全信息保存到扫描列表中,将扫描列表的各项与白名单进行匹配,将匹配项的安全信息修改为可信任,展示扫描列表中的信息。本发明的技术方案,可以在移动存储设备连接到终端上时,对移动存储设备进行扫描,有效地查获有风险的文件,由此解决了移动存储设备上的风险文件危害终端安全的问题。

The invention discloses a method, device and system for scanning mobile storage devices, and relates to the technical field of information security. The method includes: enumerating the root directory files of the mobile storage device, adding the root directory files matching the blacklist, special rule list or cloud query type list to the scan list, scanning the non-root directory files of the mobile storage device, and The items matching the non-root directory path in the blacklist are added to the scan list, the cloud query type in the scan list is sent to the server, the security information fed back by the server is saved in the scan list, and the items in the scan list are compared with the The whitelist is matched, the security information of the matched item is modified to be trusted, and the information in the scan list is displayed. The technical scheme of the present invention can scan the mobile storage device when it is connected to the terminal, and effectively find out risky files, thereby solving the problem that the risky files on the mobile storage device endanger the security of the terminal.

Description

一种扫描移动存储设备的方法、装置和系统A method, device and system for scanning mobile storage devices

技术领域technical field

本发明涉及信息安全技术领域,具体涉及一种扫描移动存储设备的方法、装置和系统。The invention relates to the technical field of information security, in particular to a method, device and system for scanning mobile storage devices.

背景技术Background technique

移动存储设备是指可以在不同终端间移动的存储设备,包括U盘、移动硬盘以及闪存卡等等。人们经常使用移动存储设备进行文件的备份、携带及转移。一些移动存储设备带有USB(UniversalSerialBUS,通用串行总线)接口,在需要对这种移动存储设备进行数据的读写时,需要将其通过通用串行总线接口连接到计算机上,并且在使用完毕之后,需要按照规定的程序将其从计算机上卸载之后才能从通用串行总线接口拔出。例如,通常需要用户点击任务栏右下角中显示为“安全删除硬件”的按钮,当弹出“安全删除USBMassStorageDevice-驱动器”提示之后,点击该提示,等到“安全删除硬件”按钮消失之后,即可将移动存储设备从通用串行总线接口拔出。A mobile storage device refers to a storage device that can be moved between different terminals, including a USB flash drive, a mobile hard disk, and a flash memory card. People often use mobile storage devices to back up, carry and transfer files. Some mobile storage devices have a USB (UniversalSerialBUS, Universal Serial Bus) interface. When you need to read and write data on this mobile storage device, you need to connect it to the computer through the Universal Serial Bus interface, and after use After that, it needs to be uninstalled from the computer according to the prescribed procedure before it can be pulled out from the universal serial bus interface. For example, the user usually needs to click the button displayed as "Safely Remove Hardware" in the lower right corner of the taskbar. When the "Safely Remove USBMassStorageDevice-driver" prompt pops up, click the prompt, wait until the "Safely Remove Hardware" button disappears, and then remove the Unplug the removable storage device from the Universal Serial Bus interface.

随着网络技术的发展,也出现了众多针对移动存储设备的病毒、木马等,严重危害了计算机安全。并且由于移动存储设备的可移动性,在感染病毒会传播到很多计算机上。With the development of network technology, many viruses and Trojan horses targeting mobile storage devices have also appeared, seriously endangering computer security. And due to the mobility of mobile storage devices, viruses can spread to many computers after infection.

因此,需要在移动存储设备连接到计算机上时,对其进行扫描以查获有风险的文件。Therefore, it is necessary to scan the mobile storage device to seize risky files when it is connected to the computer.

发明内容Contents of the invention

鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的一种扫描移动存储设备的方法、装置和系统。In view of the above problems, the present invention is proposed to provide a method, device and system for scanning mobile storage devices that overcome the above problems or at least partially solve the above problems.

依据本发明的一个方面,提供了一种扫描移动存储设备的方法,其中,该方法包括:According to one aspect of the present invention, a method for scanning a mobile storage device is provided, wherein the method includes:

枚举所述移动存储设备的根目录文件,对于枚举到的至少一个根目录文件,判断该根目录文件是否匹配预先保存的黑名单、特殊规则列表或云查询类型列表中的任一项,是则将该根目录文件添加到扫描列表中;Enumerate the root directory files of the mobile storage device, and for at least one root directory file enumerated, determine whether the root directory file matches any item in the pre-saved blacklist, special rule list or cloud query type list, If yes, add the root directory file to the scan list;

扫描所述移动存储设备的非根目录文件,如果有与黑名单中的非根目录路径匹配的非根目录文件,则将该匹配的非根目录文件添加到所述扫描列表中;Scan the non-root directory files of the mobile storage device, if there is a non-root directory file matching the non-root directory path in the blacklist, then add the matching non-root directory file to the scan list;

将扫描列表中的云查询类型发送到服务器端进行安全查询,将服务器端反馈的安全信息对应保存到扫描列表中;Send the cloud query type in the scan list to the server for security query, and save the security information fed back by the server to the scan list;

将扫描列表中的每项与预先保存的白名单进行匹配,将匹配项的安全信息修改为可信任;Match each item in the scan list with the pre-saved white list, and modify the security information of the matched item to be trusted;

展示扫描列表中的信息。Display the information in the scan list.

可选地,枚举所述移动存储设备的根目录文件包括:如果所述移动存储设备的根目录文件的数量少于或等于预设数量,则枚举所述移动存储设备的全部根目录文件;如果所述移动存储设备的根目录文件的数量多于预设数量,则枚举所述移动存储设备的所述预设数量的根目录文件。Optionally, enumerating the root directory files of the mobile storage device includes: enumerating all root directory files of the mobile storage device if the number of root directory files of the mobile storage device is less than or equal to a preset number ; If the number of root directory files of the mobile storage device is more than a preset number, enumerate the preset number of root directory files of the mobile storage device.

可选地,所述展示扫描列表中的信息包括:如果扫描列表中包含隐藏文件,则提示用户是否展示隐藏文件,当用户选择确认时,展示隐藏文件。Optionally, the displaying the information in the scanning list includes: if the scanning list contains hidden files, prompting the user whether to display the hidden files, and displaying the hidden files when the user chooses to confirm.

可选地,在所述展示扫描列表中的信息之后,该方法进一步包括:根据用户指令对扫描列表中的安全信息表示有风险的项进行相应处理;处理完成后将处理结果在计算机的用户界面上展示。Optionally, after displaying the information in the scan list, the method further includes: according to the user instruction, correspondingly process the items whose security information in the scan list indicates risk; on display.

可选地,在所述枚举所述移动存储设备的根目录文件之前,该方法进一步包括:检查所述移动存储设备中的autorun.inf文件,判断该autorun.inf文件指向的可执行文件是否存在风险,是则将该可执行文件添加到扫描列表中,并阻止系统自启动autorun.inf文件指向的文件。Optionally, before enumerating the root directory files of the mobile storage device, the method further includes: checking the autorun.inf file in the mobile storage device, and judging whether the executable file pointed to by the autorun.inf file is If there is a risk, add the executable file to the scan list and prevent the system from starting the file pointed to by the autorun.inf file.

可选地,在所述展示扫描列表中的信息之前,该方法进一步包括:将扫描列表的各项与可信任列表进行匹配,将匹配项的安全信息修改为可信任。Optionally, before displaying the information in the scan list, the method further includes: matching items in the scan list with a trustworthy list, and modifying the security information of the matched items to trustworthy.

可选地,所述对于枚举到的至少一个根目录文件,判断该根目录文件是否匹配预先保存的黑名单、特殊规则列表或云查询类型列表中的任一项,是则将该根目录文件添加到扫描列表中包括:Optionally, for the enumerated at least one root directory file, it is judged whether the root directory file matches any item in the pre-saved blacklist, special rule list or cloud query type list, and if so, the root directory file Files added to the scan list include:

步骤A,判断该根目录文件是否匹配黑名单中的任一项,是则将该根目录文件添加到扫描列表中,否则执行步骤B;Step A, judging whether the root directory file matches any item in the blacklist, if yes, add the root directory file to the scan list, otherwise perform step B;

步骤B,判断该根目录文件是否匹配特殊规则列表中的任一项,是则将该根目录文件添加到扫描列表中,否则执行步骤C;Step B, judging whether the root directory file matches any item in the special rule list, if yes, add the root directory file to the scan list, otherwise perform step C;

步骤C,判断该根目录文件是否匹配云查询类型列表中的任一项,是则将该根目录文件添加到扫描列表中。Step C, judging whether the root directory file matches any item in the cloud query type list, and if so, adding the root directory file to the scan list.

可选地,所述预先保存的黑名单、特殊规则列表、云查询类型列表以及白名单为本地保存的,或为服务器端保存的。Optionally, the pre-saved blacklist, special rule list, cloud query type list and whitelist are saved locally or saved on the server side.

可选地,该方法在枚举所述移动存储设备的根目录文件之前进一步包括:Optionally, the method further includes before enumerating the root directory files of the mobile storage device:

加载扫描逻辑实现文件;Load the scan logic implementation file;

由所述扫描逻辑实现文件加载保存有黑名单、特殊规则列表、云查询类型列表和白名单的扫描规则文件。The scanning logic realizes the file loading and saves the scanning rule file of blacklist, special rule list, cloud query type list and white list.

依据本发明的另一方面,提供了一种扫描移动存储设备的装置,其中,该装置包括:存储单元、扫描单元、安全查询单元、安全信息修正单元和展示单元;According to another aspect of the present invention, a device for scanning mobile storage devices is provided, wherein the device includes: a storage unit, a scanning unit, a security query unit, a security information correction unit, and a display unit;

所述存储单元,适于存储黑名单、特殊规则列表、云查询类型列表以及白名单;The storage unit is suitable for storing blacklists, special rule lists, cloud query type lists and white lists;

所述扫描单元,适于枚举所述移动存储设备的根目录文件,对于枚举到的至少一个根目录文件,判断该根目录文件是否匹配所述存储单元中的或服务器端的黑名单、特殊规则列表或云查询类型列表中的任一项,是则将该根目录文件添加到扫描列表中,然后扫描所述移动存储设备的非根目录文件,如果有与黑名单中的非根目录路径匹配的非根目录文件,则将该匹配的非根目录文件添加到所述扫描列表中;The scanning unit is adapted to enumerate the root directory files of the mobile storage device, and for at least one root directory file enumerated, judge whether the root directory file matches the blacklist or special file in the storage unit or on the server side. Any item in the rule list or cloud query type list, add the root directory file to the scan list, and then scan the non-root directory file of the mobile storage device, if there is a non-root directory path in the blacklist matching non-root directory file, then add the matching non-root directory file to the scan list;

所述安全查询单元,适于将扫描列表中的云查询类型发送到服务器端进行安全查询,将服务器端反馈的安全信息对应保存到扫描列表中;The security query unit is suitable for sending the cloud query type in the scan list to the server for security query, and correspondingly saving the security information fed back by the server into the scan list;

所述安全信息修正单元,适于将扫描列表的各项与所述存储单元中的或服务器端的白名单进行匹配,将匹配项的安全信息修改为可信任;The security information correction unit is adapted to match the items in the scan list with the white list in the storage unit or on the server side, and modify the security information of the matching items to be trustworthy;

展示单元,适于展示扫描列表中的信息。The display unit is suitable for displaying information in the scan list.

可选地,所述扫描单元,适于在所述移动存储设备的根目录文件的数量少于或等于预设数量时,枚举所述移动存储设备的全部根目录文件,以及适于在所述移动存储设备的根目录文件的数量多于预设数量时,枚举所述移动存储设备的所述预设数量的根目录文件。Optionally, the scanning unit is adapted to enumerate all root directory files of the mobile storage device when the number of root directory files of the mobile storage device is less than or equal to a preset number, and is adapted to When the number of root directory files of the mobile storage device is more than a preset number, enumerate the preset number of root directory files of the mobile storage device.

可选地,所述展示单元,进一步适于在所述扫描列表中包含隐藏文件时,提示用户是否展示隐藏文件,当用户选择确认时,展示隐藏文件。Optionally, the display unit is further adapted to prompt the user whether to display the hidden file when the hidden file is included in the scanning list, and display the hidden file when the user chooses to confirm.

可选地,该装置进一步包括:Optionally, the device further includes:

处理显示单元,适于根据用户指令对扫描列表中的安全信息表示有风险的项进行相应处理,并在处理完成后将处理结果在计算机的用户界面上展示。The processing display unit is adapted to process the items in the scan list that are risky according to the user's instruction, and display the processing results on the user interface of the computer after the processing is completed.

可选地,所述扫描单元,在枚举所述移动存储设备的根目录文件之前,进一步适于检查所述移动存储设备中的autorun.inf文件,判断该autorun.inf文件指向的可执行文件是否存在风险,是则将该可执行文件添加到扫描列表中,并阻止系统自启动autorun.inf文件指向的文件。Optionally, the scanning unit, before enumerating the root directory files of the mobile storage device, is further adapted to check the autorun.inf file in the mobile storage device, and determine the executable file pointed to by the autorun.inf file If there is a risk, add the executable file to the scan list and prevent the system from starting the file pointed to by the autorun.inf file.

可选地,所述安全信息修正单元,进一步适于将扫描列表的各项与可信任列表进行匹配,将匹配项的安全信息修改为可信任。Optionally, the security information modifying unit is further adapted to match the items in the scan list with the trustworthy list, and modify the security information of the matched items to be trustworthy.

可选地,所述扫描单元适于对于枚举到的至少一个根目录文件,根据如下顺序判断是否匹配黑名单、特殊规则列表或云查询类型列表中的任一项:Optionally, the scanning unit is adapted to judge whether the enumerated at least one root directory file matches any of the blacklist, special rule list or cloud query type list according to the following order:

步骤A,判断该根目录文件是否匹配黑名单中的任一项,是则将该根目录文件添加到扫描列表中,否则执行步骤B;Step A, judging whether the root directory file matches any item in the blacklist, if yes, add the root directory file to the scan list, otherwise perform step B;

步骤B,判断该根目录文件是否匹配特殊规则列表中的任一项,是则将该根目录文件添加到扫描列表中,否则执行步骤C;Step B, judging whether the root directory file matches any item in the special rule list, if yes, add the root directory file to the scan list, otherwise perform step C;

步骤C,判断该根目录文件是否匹配云查询类型列表中的任一项,是则将该根目录文件添加到扫描列表中。Step C, judging whether the root directory file matches any item in the cloud query type list, and if so, adding the root directory file to the scan list.

依据本发明的又一发面,提供了一种扫描移动存储设备的系统,其中,该系统包括:服务器以及一个或多个如以上任一项所述的装置;According to another aspect of the present invention, a system for scanning mobile storage devices is provided, wherein the system includes: a server and one or more devices as described in any one of the above;

所述服务器,适于保存黑名单、特殊规则列表、云查询类型列表和白名单,供所述装置查询,以及适于为所述装置提供云查询类型的安全查询。The server is adapted to save a blacklist, a special rule list, a cloud query type list and a white list for the device to query, and is adapted to provide the device with a cloud query type of security query.

根据本发明的这种先枚举移动存储设备的根目录文件,将匹配本地的或服务器端的黑名单、特殊规则列表或云查询类型列表中的任一项的根目录文件添加到扫描列表中,然后扫描移动存储设备的非根目录文件,将与黑名单中的非根目录路径匹配的非根目录文件添加到扫描列表中,将扫描列表中的云查询类型发送到服务器端进行安全查询,将服务器端反馈的安全信息对应保存到扫描列表中,将扫描列表的各项与预先保存的白名单进行匹配,将匹配项的安全信息修改为可信任,展示扫描列表中的信息的技术方案,可以在移动存储设备连接到终端上时,对移动存储设备进行扫描,有效地查获有风险的文件,由此解决了移动存储设备上的风险文件危害终端安全的问题。According to the present invention, the root directory file of the mobile storage device is first enumerated, and any root directory file matching the local or server-side blacklist, special rule list or cloud query type list is added to the scan list, Then scan the non-root directory files of the mobile storage device, add the non-root directory files matching the non-root directory path in the blacklist to the scan list, send the cloud query type in the scan list to the server for security query, and The security information fed back by the server is correspondingly stored in the scan list, the items in the scan list are matched with the pre-saved white list, the security information of the matching items is modified to be trusted, and the technical solution for displaying the information in the scan list can be When the mobile storage device is connected to the terminal, the mobile storage device is scanned, and risky files are effectively seized, thereby solving the problem that the risky files on the mobile storage device endanger the security of the terminal.

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same components. In the attached picture:

图1示出了根据本发明一个实施例的一种扫描移动存储设备的方法的流程图;Fig. 1 shows a flow chart of a method for scanning a mobile storage device according to an embodiment of the present invention;

图2示出了根据本发明一个实施例的扫描移动存储设备的方法的流程图;Fig. 2 shows a flowchart of a method for scanning a mobile storage device according to an embodiment of the present invention;

图3示出了根据本发明一个实施例的一种扫描移动存储设备的装置的结构图;FIG. 3 shows a structural diagram of an apparatus for scanning mobile storage devices according to an embodiment of the present invention;

图4示出了根据本发明一个实施例的一种扫描移动存储设备的装置的结构图;FIG. 4 shows a structural diagram of an apparatus for scanning mobile storage devices according to an embodiment of the present invention;

图5示出了根据本发明一个实施例的一种扫描移动存储设备的系统的组成示意图。Fig. 5 shows a schematic composition diagram of a system for scanning mobile storage devices according to an embodiment of the present invention.

具体实施方式detailed description

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

图1示出了根据本发明一个实施例的一种扫描移动存储设备的方法的流程图。如图1所示,该方法包括:Fig. 1 shows a flowchart of a method for scanning a mobile storage device according to an embodiment of the present invention. As shown in Figure 1, the method includes:

S110,枚举所述移动存储设备的根目录文件,对于枚举到的至少一个根目录文件,判断该根目录文件是否匹配预先保存的黑名单、特殊规则列表或云查询类型列表中的任一项,是则将该根目录文件添加到扫描列表中。S110, enumerate the root directory files of the mobile storage device, and for at least one root directory file enumerated, determine whether the root directory file matches any of the pre-saved blacklist, special rule list or cloud query type list item, if yes, add the root directory file to the scan list.

在本发明的一个实施例中,如果移动存储设备的根目录文件的数量少于或等于预设数量,则枚举该移动存储设备的全部根目录文件;如果该移动存储设备的根目录文件的数量多于预设数量,则枚举该移动存储设备的预设数量的根目录文件。这种方案主要针对U盘控制扫描时间,如果U盘的根目录文件数目很庞大,如果全部都扫描则会耗费很长的时间,用户体验不好,因此可以设置预设数量,最多扫描该预设数量的根目录文件。例如,预设数量取100,当U盘的根据目录文件少于或等于100时,扫描全部的根目录文件,当该U盘的根目录文件多于100时,只扫描100个根目录文件。In one embodiment of the present invention, if the number of root directory files of the mobile storage device is less than or equal to the preset number, all root directory files of the mobile storage device are enumerated; If the number is more than the preset number, enumerate the preset number of root directory files of the mobile storage device. This solution is mainly aimed at controlling the scanning time of the U disk. If the number of files in the root directory of the U disk is very large, it will take a long time to scan all of them, and the user experience is not good. Set the number of root directory files. For example, the preset number is 100. When the root directory files of the U disk are less than or equal to 100, all root directory files are scanned; when the root directory files of the U disk are more than 100, only 100 root directory files are scanned.

S120,扫描所述移动存储设备的非根目录文件,如果有与黑名单中的非根目录路径匹配的非根目录文件,则将该匹配的非根目录文件添加到所述扫描列表中。S120. Scan the non-root directory files of the mobile storage device, and if there is a non-root directory file matching the non-root directory path in the blacklist, add the matched non-root directory file to the scanning list.

在本发明的一个实施例中,在扫描非根目录文件时不受文件数量的约束,即不管非根目录文件的数量为多少,都全部进行扫描。In one embodiment of the present invention, when scanning non-root directory files, there is no restriction on the number of files, that is, all non-root directory files are scanned regardless of the number of non-root directory files.

S130,将扫描列表中的云查询类型发送到服务器端进行安全查询,将服务器端反馈的安全信息对应保存到扫描列表中。S130. Send the cloud query type in the scan list to the server for security query, and correspondingly save the security information fed back by the server into the scan list.

S140,将扫描列表中的每项与预先保存的白名单进行匹配,将匹配项的安全信息修改为可信任。S140. Match each item in the scan list with a pre-saved white list, and modify the security information of the matched item to be trustworthy.

S150,展示扫描列表中的信息。S150, displaying information in the scan list.

其中,所述预先保存的黑名单、特殊规则列表、云查询类型列表以及白名单为本地保存的,或为服务器端保存的。Wherein, the pre-saved blacklist, special rule list, cloud query type list and whitelist are stored locally or stored on the server side.

在本发明的一个实施例中,根据本地保存的黑名单、特殊规则列表、云查询类型列表以及白名单进行图1所示的扫描,此时由于匹配信息都在本地,因此扫描速度快。在本发明的另一个实施例中,根据服务器端的黑名单、特殊规则列表、云查询类型列表以及白名单进行图1所示的扫描,即需要向服务器查询相关的信息,这种方式可以在服务器端维护最新的黑名单、特殊规则列表、云查询类型列表以及白名单,因此扫描结果的准确率很高。In one embodiment of the present invention, the scanning shown in FIG. 1 is performed according to the locally saved blacklist, special rule list, cloud query type list and whitelist. At this time, since the matching information is all locally, the scanning speed is fast. In another embodiment of the present invention, the scanning shown in Figure 1 is carried out according to the blacklist, special rule list, cloud query type list and white list of the server side, that is, it is necessary to query the server for relevant information, which can be done in the server The terminal maintains the latest blacklist, special rule list, cloud query type list and whitelist, so the accuracy of the scanning results is very high.

图1所示的技术方案,可以在移动存储设备连接到终端上时,对移动存储设备进行扫描,有效地查获有风险的文件,由此解决了移动存储设备上的风险文件危害终端安全的问题。The technical solution shown in Figure 1 can scan the mobile storage device when the mobile storage device is connected to the terminal, and effectively seize the risky files, thereby solving the problem that the risky files on the mobile storage device endanger the security of the terminal .

在本发明的实施例中,黑名单是指已确认为有风险的文件(如病毒文件,木马程序等)的集合。这些有风险的文件可以用文件名表示。在有些情况下指定目录下的指定文件是有风险的文件,因此黑名单中也会给出文件名以及路径。例如,本发明的一个实施例中的黑名单可以包括如下内容:In the embodiment of the present invention, the blacklist refers to a collection of files (such as virus files, Trojan programs, etc.) that have been confirmed as risky. These risky files can be indicated by their filenames. In some cases, the specified file in the specified directory is a risky file, so the file name and path will also be given in the blacklist. For example, the blacklist in one embodiment of the present invention can include the following content:

oso.exeoso.exe

rising.exerising.exe

这里只是对黑名单所包含的内容进行了举例说明,并不能作为对黑名单的限制,在实际情况中可以根据经验将已确认为有风险的文件都添加到黑名单中。Here is just an example of the content contained in the blacklist, and it cannot be used as a restriction on the blacklist. In actual situations, all files that have been confirmed as risky can be added to the blacklist based on experience.

在本发明的实施例中,特殊规则列表是一些符合特殊规则的有风险文件的集合。例如,本发明的一个实施例中的特殊规则列表可以包括如下规则:In the embodiment of the present invention, the special rule list is a set of risky files conforming to special rules. For example, the list of special rules in one embodiment of the present invention may include the following rules:

(1).是否存在usp10.dll/ws2help.dll/msimg32.dll/lpk.dll,如果存在,是PE文件,没有签名,则报毒。(1). Whether there is usp10.dll/ws2help.dll/msimg32.dll/lpk.dll, if it exists, it is a PE file, without signature, it will report poison.

(2).是否存在desktop.ini,存在且文件大小在20字节到1024字节之间,扫描文件中是否存在下面字符串(不区分大小写)iconfile=recycle.exe,如果有则报毒。(2).Whether desktop.ini exists, and the file size is between 20 bytes and 1024 bytes, scan the file for the following string (case insensitive) iconfile=recycle.exe, if there is, report poison .

这里只是对特殊规则进行了举例说明,并不能作为对特殊规则列表的限制,在实际情况中可以根据经验将匹配风险文件的特殊规则添加到特殊规则列表中。Here is just an example of the special rules, and it cannot be used as a limitation on the list of special rules. In actual situations, special rules that match risk files can be added to the list of special rules based on experience.

在本发明的实施例中,云查询类型列表是需要进行云查询的文件的集合。需要进行云查询的文件是其安全信息不明确,需要在服务器端进行查询的文件。In the embodiment of the present invention, the cloud query type list is a collection of files that need to be cloud queryed. The files that need to be queried by the cloud are files whose security information is not clear and need to be queried on the server side.

在本发明的实施例中,白名单是指已确认为无风险的安全文件的集合。In the embodiment of the present invention, the white list refers to a collection of safe files that have been confirmed as risk-free.

在实际实现图1所示的方法时,具体可以将扫描逻辑写入扫描逻辑实现文件中,将黑名单、特殊规则列表、云查询类型列表和白名单写入扫描规则文件中。则在扫描移动存储设备(如U盘)时,先加载扫描逻辑实现文件,由扫描逻辑实现文件加载保存有黑名单、特殊规则列表、云查询类型列表和白名单的扫描规则文件,然后由扫描逻辑实现文件根据扫描规则文件中的内容按照图1所示的方法完成对移动存储设备的扫描。When actually implementing the method shown in FIG. 1 , specifically, the scanning logic can be written into the scanning logic implementation file, and the blacklist, special rule list, cloud query type list and whitelist can be written into the scanning rule file. Then when scanning a mobile storage device (such as a U disk), first load the scan logic implementation file, and the scan logic implementation file loads the scan rule file containing the blacklist, special rule list, cloud query type list and white list, and then the scan The logic implementation file completes the scanning of the mobile storage device according to the content in the scanning rule file according to the method shown in FIG. 1 .

图2示出了根据本发明一个实施例的扫描移动存储设备的方法的流程图。如图2所示,该方法包括:Fig. 2 shows a flowchart of a method for scanning a mobile storage device according to an embodiment of the present invention. As shown in Figure 2, the method includes:

步骤S202,检查移动存储设备中的autorun.inf文件。Step S202, check the autorun.inf file in the mobile storage device.

autorun.inf是电脑使用中比较常见的文件之一,其作用是允许在双击磁盘时自动运行指定的某个文件。但是近几年出现了用autorun.inf文件传播木马或病毒的情况,它通过使用者的误操作让目标程序执行,达到侵入电脑的目的,带来了很大的负面影响。autorun.inf is one of the more common files in computer use. Its function is to allow a specified file to be automatically run when the disk is double-clicked. However, in recent years, there have been cases of using autorun.inf files to spread Trojan horses or viruses. It makes the target program execute through the user's misoperation, and achieves the purpose of invading the computer, which has brought great negative effects.

因此在本步骤中,检查移动存储设备中的autorun.inf文件,判断该autorun.inf文件指向的可执行文件是否存在风险,是则将该可执行文件添加到扫描列表中,并阻止系统自启动autorun.inf文件指向的文件。Therefore, in this step, check the autorun.inf file in the mobile storage device to determine whether the executable file pointed to by the autorun.inf file is at risk, and if so, add the executable file to the scan list and prevent the system from starting The file pointed to by the autorun.inf file.

步骤S204,枚举移动存储设备中的根目录文件。Step S204, enumerating root directory files in the mobile storage device.

本步骤中是一一列举移动存储设备中的根目录文件,对于列举到的根目录文件执行步骤S206至步骤S214的过程。In this step, the root directory files in the mobile storage device are listed one by one, and the processes from step S206 to step S214 are executed for the listed root directory files.

步骤S206,判断当前枚举到的根目录文件是否匹配黑名单中项,是则执行步骤S212,否则执行步骤S208。Step S206, judging whether the currently enumerated root directory file matches an item in the blacklist, if yes, execute step S212, otherwise execute step S208.

步骤S208,判断当前枚举到的根目录文件是否匹配特殊规则列表中的项,是则执行步骤S212,否则执行步骤S210。Step S208, judging whether the currently enumerated root directory file matches an item in the special rule list, if yes, execute step S212, otherwise execute step S210.

步骤S210,判断当前枚举到的根目录文件是否匹配云查询类型列表中的项,是则执行步骤S212,否则执行步骤S214。Step S210, judging whether the currently enumerated root directory file matches an item in the cloud query type list, if yes, execute step S212, otherwise execute step S214.

步骤S212,将匹配的根目录文件添加到扫描列表中。Step S212, adding matching root directory files to the scan list.

步骤S214,判断根目录文件的枚举是否完成,是则执行步骤S216,否则返回步骤S204。Step S214, judging whether the enumeration of root directory files is completed, if yes, execute step S216, otherwise return to step S204.

步骤S216,扫描该移动存储设备的非根目录文件,如果有与黑名单中的非根目录路径匹配的非根目录文件,则将该匹配的非根目录文件添加到扫描列表中。Step S216, scanning the non-root directory files of the mobile storage device, if there is a non-root directory file matching the non-root directory path in the blacklist, adding the matching non-root directory file to the scan list.

例如,移动存储设备中包括文件recycier\system.exe,由于黑名单中也包括此项,因此匹配成功,将其添加到扫描列表中。For example, the file recycier\system.exe is included in the mobile storage device. Since this item is also included in the blacklist, the match is successful and it will be added to the scan list.

步骤S218,将扫描列表中的云查询类型发送到服务器端进行安全查询,将服务器端反馈的安全信息对应保存到扫描列表中。Step S218, sending the cloud query type in the scan list to the server for security query, and correspondingly saving the security information fed back by the server into the scan list.

本步骤中是将匹配云查询类型列表的各项发送到服务器端进行安全信息的查询。In this step, items matching the cloud query type list are sent to the server for security information query.

步骤S220,将扫描列表的各项与白名单和可信任列表进行匹配,将匹配项的安全信息修改为可信任。Step S220, matching the items in the scan list with the white list and the trusted list, and modifying the security information of the matched items to be trusted.

本步骤中将扫描列表中内容与白名单和可信任列表进行匹配。其中,白名单可以是本地保存的,也可以是服务器端的,如果是服务器端的则需要向服务器查询白名单。可信任列表可以是用户创建的,用户将一些确认可信任的文件添加到该列表中,并且后续可以对该可信任列表进行更新。In this step, the content in the scan list is matched with the white list and trusted list. Wherein, the white list can be stored locally or on the server side, and if it is on the server side, it is necessary to query the server for the white list. The trustworthy list may be created by the user, and the user may add some confirmed trustworthy files to the list, and the trustworthy list may be updated subsequently.

在本发明的实施例中,不限定扫描列表的各项与白名单和可信任列表进行匹配的顺序。即可以将扫描列表中的各项先与白名单进行匹配,然后与可信任列表进行匹配,也可以将扫描列表中的各项先与可信任列表进行匹配,然后与白名单进行匹配。In the embodiment of the present invention, the order in which items in the scan list are matched with the white list and the trusted list is not limited. That is, the items in the scan list can be matched with the white list first, and then matched with the trusted list, or the items in the scan list can be matched with the trusted list first, and then matched with the white list.

步骤S222,展示扫描列表中的信息。Step S222, displaying information in the scan list.

本步骤中将扫描列表中的信息展示给用户。扫描列表中的信息包括文件名以及对应的安全信息。在本发明的一个实施例中,可用安全等级来表示安全信息,安全等级越高表示风险越小越安全,反之安全等级越低表示风险越高越不安全。在黑名单、特殊规则列表或云查询类型列表中设置每一项的安全等级,在将与黑名单、特殊规则列表或云查询类型列表匹配的项添入扫描列表时,将对应的安全等级也一并添入扫描列表中。例如,设定安全等级越高表示风险越小越安全,且安全等级10为是可信任文件的等级,则在步骤S220将,将与白名单和用户自定义的可信任列表匹配的项的安全等级修正为10。In this step, the information in the scan list is displayed to the user. Information in the scan list includes file names and corresponding security information. In an embodiment of the present invention, the security information can be represented by a security level. A higher security level indicates a lower risk and is more secure, whereas a lower security level indicates a higher risk and is less secure. Set the security level of each item in the blacklist, special rule list or cloud query type list. When adding items matching the blacklist, special rule list or cloud query type list to the scan list, the corresponding security level will also be Also added to the scan list. For example, if the security level is set higher, it means that the risk is smaller and more secure, and the security level 10 is the level of a trusted file, then in step S220, the security level of the item matched with the white list and the user-defined trusted list will be determined. The level is corrected to 10.

在本步骤跟中,还可以对隐藏文件进行处理,具体为:如果扫描列表中包含隐藏文件,则提示用户是否展示隐藏文件,当用户选择确认时,展示隐藏文件。In this step, the hidden files can also be processed, specifically: if the hidden files are included in the scanning list, the user is prompted whether to display the hidden files, and when the user chooses to confirm, the hidden files are displayed.

至此,图2所示的方法流程结束,实现了对移动存储设备的安全扫描,有效地查获有风险的文件,由此解决了移动存储设备上的风险文件危害终端安全的问题。So far, the flow of the method shown in FIG. 2 is completed, and the security scanning of the mobile storage device is realized, and risky files are effectively seized, thus solving the problem that the risky files on the mobile storage device endanger the security of the terminal.

在本发明的一个实施例中,图2所示的方法在步骤S222之后还可以进一步包括:根据用户指令对扫描列表中的安全信息表示有风险的项进行相应处理;处理完成后将处理结果在计算机的用户界面上展示。具体来说,在用户界面上展示扫描列表中的信息时提示用户对有风险的文件进行删除或隔离等处理,如果用户发出删除或隔离等处理的指令,则根据用户指令对扫描列表中的对应内容进行删除或隔离处理,并在处理完成后将处理结果展示给用户,如隔离成功等。In one embodiment of the present invention, the method shown in FIG. 2 may further include after step S222: according to the user instruction, correspondingly process items in the scan list whose security information indicates risk; displayed on the user interface of the computer. Specifically, when the information in the scan list is displayed on the user interface, the user is prompted to delete or quarantine risky files. The content is deleted or quarantined, and the processing results are displayed to the user after the processing is completed, such as successful quarantine.

图3示出了根据本发明一个实施例的一种扫描移动存储设备的装置的结构图。如图3所示,该装置300包括:存储单元310、扫描单元320、安全查询单元330、安全信息修正单元340和展示单元350。Fig. 3 shows a structural diagram of an apparatus for scanning a mobile storage device according to an embodiment of the present invention. As shown in FIG. 3 , the device 300 includes: a storage unit 310 , a scanning unit 320 , a security query unit 330 , a security information correction unit 340 and a display unit 350 .

存储单元310,适于存储黑名单、特殊规则列表、云查询类型列表以及白名单。The storage unit 310 is adapted to store a blacklist, a special rule list, a cloud query type list and a whitelist.

扫描单元320,适于枚举移动存储设备的根目录文件,对于枚举到的至少一个根目录文件,判断该根目录文件是否匹配存储单元310中的或服务器端的黑名单、特殊规则列表或云查询类型列表中的任一项,是则将该根目录文件添加到扫描列表中,然后扫描移动存储设备的非根目录文件,如果有与黑名单中的非根目录路径匹配的非根目录文件,则将该匹配的非根目录文件添加到扫描列表中。The scanning unit 320 is adapted to enumerate the root directory files of the mobile storage device, and for at least one root directory file enumerated, judge whether the root directory file matches the blacklist, special rule list or cloud list in the storage unit 310 or on the server side. Query any item in the type list, add the root directory file to the scan list, and then scan the non-root directory file of the mobile storage device, if there is a non-root directory file matching the non-root directory path in the blacklist , the matching non-root directory file is added to the scan list.

安全查询单元330,适于将扫描列表中的云查询类型发送到服务器端进行安全查询,将服务器端反馈的安全信息对应保存到扫描列表中。The security query unit 330 is adapted to send the cloud query type in the scan list to the server for security query, and correspondingly save the security information fed back by the server into the scan list.

安全信息修正单元340,适于将扫描列表的各项与存储单元310中的或服务器端的白名单进行匹配,将匹配项的安全信息修改为可信任。The security information modification unit 340 is adapted to match the items in the scan list with the white list in the storage unit 310 or on the server side, and modify the security information of the matched items to be trusted.

展示单元350,适于展示扫描列表中的信息。The display unit 350 is adapted to display information in the scan list.

图3所示的装置,可以在移动存储设备连接到终端上时,对移动存储设备进行扫描,有效地查获有风险的文件,由此解决了移动存储设备上的风险文件危害终端安全的问题。The device shown in Figure 3 can scan the mobile storage device when the mobile storage device is connected to the terminal, and effectively seize risky files, thus solving the problem that the risky files on the mobile storage device endanger the security of the terminal.

图4示出了根据本发明一个实施例的一种扫描移动存储设备的装置的结构图。如图4所示,该装置400包括:存储单元410、扫描单元420、安全查询单元430、安全信息修正单元440、展示单元450和处理显示单元460。Fig. 4 shows a structural diagram of an apparatus for scanning a mobile storage device according to an embodiment of the present invention. As shown in FIG. 4 , the device 400 includes: a storage unit 410 , a scanning unit 420 , a security query unit 430 , a security information modification unit 440 , a display unit 450 and a processing display unit 460 .

存储单元410,适于存储黑名单、特殊规则列表、云查询类型列表以及白名单。The storage unit 410 is adapted to store a blacklist, a special rule list, a cloud query type list and a whitelist.

扫描单元420,适于枚举移动存储设备的根目录文件,对于枚举到的每个根目录文件,判断该根目录文件是否匹配存储单元410中的或服务器端的黑名单、特殊规则列表或云查询类型列表中的任一项,是则将该根目录文件添加到扫描列表中,然后扫描移动存储设备的非根目录文件,如果有与黑名单中的非根目录路径匹配的非根目录文件,则将该匹配的非根目录文件添加到扫描列表中。The scanning unit 420 is adapted to enumerate the root directory files of the mobile storage device, and for each root directory file enumerated, it is judged whether the root directory file matches the blacklist, special rule list or cloud list in the storage unit 410 or on the server side. Query any item in the type list, add the root directory file to the scan list, and then scan the non-root directory file of the mobile storage device, if there is a non-root directory file matching the non-root directory path in the blacklist , the matching non-root directory file is added to the scan list.

在本发明的一个实施例中,扫描单元420适于对于枚举到的每个根目录文件,根据如下顺序判断是否匹配黑名单、特殊规则列表或云查询类型列表中的任一项:步骤A,判断该根目录文件是否匹配黑名单中的任一项,是则将该根目录文件添加到扫描列表中,否则执行步骤B;步骤B,判断该根目录文件是否匹配特殊规则列表中的任一项,是则将该根目录文件添加到扫描列表中,否则执行步骤C;步骤C,判断该根目录文件是否匹配云查询类型列表中的任一项,是则将该根目录文件添加到扫描列表中。In one embodiment of the present invention, the scanning unit 420 is adapted to, for each root directory file enumerated, judge whether to match any item in the blacklist, special rule list or cloud query type list according to the following sequence: Step A , to judge whether the root directory file matches any item in the blacklist, if yes, add the root directory file to the scan list, otherwise perform step B; step B, judge whether the root directory file matches any item in the special rule list One item, if yes, add the root directory file to the scan list, otherwise perform step C; step C, judge whether the root directory file matches any item in the cloud query type list, if so, add the root directory file to scan list.

在本发明的一个实施例中,扫描单元420适于在移动存储设备的根目录文件的数量少于或等于预设数量时,枚举所述移动存储设备的全部根目录文件,以及适于在移动存储设备的根目录文件的数量多于预设数量时,枚举移动存储设备的所述预设数量的根目录文件。例如,所述预设数量可取100。In one embodiment of the present invention, the scanning unit 420 is adapted to enumerate all root directory files of the mobile storage device when the number of root directory files of the mobile storage device is less than or equal to a preset number, and is adapted to When the number of root directory files of the mobile storage device is more than the preset number, enumerate the preset number of root directory files of the mobile storage device. For example, the preset number may be 100.

在本发明的一个实施例中,扫描单元420还可以在枚举移动存储设备的根目录文件之前,进一步适于检查该移动存储设备中的autorun.inf文件,判断该autorun.inf文件指向的可执行文件是否存在风险,是则将该可执行文件添加到扫描列表中,并阻止系统自启动autorun.inf文件指向的文件。In one embodiment of the present invention, the scanning unit 420 may be further adapted to check the autorun.inf file in the mobile storage device before enumerating the root directory files of the mobile storage device, and determine the autorun.inf file pointed to by the autorun.inf file. If there is a risk in executing the file, add the executable file to the scan list and prevent the system from starting the file pointed to by the autorun.inf file.

安全查询单元430,适于将扫描列表中的云查询类型发送到服务器端进行安全查询,将服务器端反馈的安全信息对应保存到扫描列表中。The security query unit 430 is adapted to send the cloud query types in the scan list to the server for security query, and store the security information fed back by the server into the scan list.

安全信息修正单元440,适于将扫描列表的各项与存储单元410中的或服务器端的白名单进行匹配,将匹配项的安全信息修改为可信任。The security information modification unit 440 is adapted to match the items in the scan list with the white list in the storage unit 410 or on the server side, and modify the security information of the matched items to be trusted.

在本发明的一个实施例中,安全信息修正单元440还可以进一步适于将扫描列表的各项与可信任列表进行匹配,将匹配项的安全信息修改为可信任。In an embodiment of the present invention, the security information modifying unit 440 may be further adapted to match the items in the scan list with the trusted list, and modify the security information of the matched items to be trusted.

展示单元450,适于展示扫描列表中的信息。在本发明的一个实施例中,展示单元450还可以进一步适于在所述扫描列表中包含隐藏文件时,提示用户是否展示隐藏文件,当用户选择确认时,展示隐藏文件。The display unit 450 is adapted to display information in the scan list. In an embodiment of the present invention, the display unit 450 may be further adapted to prompt the user whether to display the hidden file when the hidden file is included in the scanning list, and display the hidden file when the user chooses to confirm.

处理显示单元460,适于根据用户指令对扫描列表中的安全信息表示有风险的项进行相应处理,并在处理完成后将处理结果在计算机的用户界面上展示。The processing and displaying unit 460 is adapted to process correspondingly risky items in the scan list according to user instructions, and display the processing results on the user interface of the computer after the processing is completed.

图5示出了根据本发明一个实施例的一种扫描移动存储设备的系统的组成示意图。如图5所示,该系统包括:服务器501以及一个或多个扫描移动存储设备的装置502。Fig. 5 shows a schematic composition diagram of a system for scanning mobile storage devices according to an embodiment of the present invention. As shown in FIG. 5 , the system includes: a server 501 and one or more devices 502 for scanning mobile storage devices.

其中,扫描移动存储设备的装置502是为如图3所示的扫描移动存储设备的装置300,或者也可以是如图4所示的扫描移动存储设备的装置400。服务器501,适于保存黑名单、特殊规则列表、云查询类型列表和白名单,供扫描移动存储设备的装置502查询,以及适于为扫描移动存储设备的装置502提供云查询类型的安全查询。Wherein, the device 502 for scanning a mobile storage device is the device 300 for scanning a mobile storage device as shown in FIG. 3 , or it may be the device 400 for scanning a mobile storage device as shown in FIG. 4 . The server 501 is adapted to save the blacklist, special rule list, cloud query type list and white list for query by the device 502 for scanning mobile storage devices, and is suitable for providing cloud query type security queries for the device 502 for scanning mobile storage devices.

综上所述,根据本发明的这种先枚举移动存储设备的根目录文件,将匹配本地的或服务器端的黑名单、特殊规则列表或云查询类型列表中的任一项的根目录文件添加到扫描列表中,然后扫描移动存储设备的非根目录文件,将与黑名单中的非根目录路径匹配的非根目录文件添加到扫描列表中,将扫描列表中的云查询类型发送到服务器端进行安全查询,将服务器端反馈的安全信息对应保存到扫描列表中,将扫描列表的各项与预先保存的白名单进行匹配,将匹配项的安全信息修改为可信任,展示扫描列表中的信息的技术方案,可以在移动存储设备连接到终端上时,对移动存储设备进行扫描,有效地查获有风险的文件,由此解决了移动存储设备上的风险文件危害终端安全的问题。In summary, according to the present invention, the root directory file of the mobile storage device is first enumerated, and the root directory file matching any one of the local or server-side blacklist, special rule list or cloud query type list is added Go to the scan list, then scan the non-root directory files of the mobile storage device, add the non-root directory files matching the non-root directory path in the blacklist to the scan list, and send the cloud query type in the scan list to the server Perform a security query, save the security information fed back from the server to the scan list, match the items in the scan list with the pre-saved white list, modify the security information of the matching item to trustworthy, and display the information in the scan list The technical solution can scan the mobile storage device when the mobile storage device is connected to the terminal, and effectively seize the risky files, thereby solving the problem that the risky files on the mobile storage device endanger the security of the terminal.

需要说明的是:It should be noted:

在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.

在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.

类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings), as well as any method or method so disclosed, may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the following claims, any one of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的扫描移动存储设备的装置和系统中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) can be used in practice to implement some or all of some or all of the components in the device and system for scanning mobile storage devices according to the embodiments of the present invention Features. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.

Claims (17)

1. scan a method for movable storage device, wherein, the method comprises:
Enumerate the root directory file of described movable storage device, for at least one the root directory file enumerated, judge whether this root directory file mates blacklist, any one in special rules list or the list of cloud query type of preserving in advance, is add in scan list by this root directory file; Wherein, blacklist refers to the set confirming as risky file, and special rules list is that some meet the set of the risky file of special rules, and the list of cloud query type is the set needing the file carrying out cloud inquiry;
Scan the non-root catalogue file of described movable storage device, if there is the non-root catalogue file mated with the non-root directory path in blacklist, then the non-root catalogue file of this coupling is added in described scan list;
Cloud query type in scan list is sent to server end and carries out Safety query, the security information correspondence that server end feeds back is saved in scan list;
In scan list every is mated with the white list preserved in advance, the security information of occurrence is revised as trusted;
Information in display scan list, wherein, the information in described scan list comprises the security information of filename and correspondence.
2. the root directory file the method for claim 1, wherein enumerating described movable storage device comprises:
If the quantity of the root directory file of described movable storage device is less than or equals predetermined number, then enumerate whole root directory files of described movable storage device;
If the quantity of the root directory file of described movable storage device is more than predetermined number, then enumerate the root directory file of the described predetermined number of described movable storage device.
3. the information the method for claim 1, wherein in described display scan list comprises:
If comprise hidden file in scan list, then point out user whether to show hidden file, when user selects to confirm, show hidden file.
4., after the information the method for claim 1, wherein in described display scan list, the method comprises further:
According to user instruction, respective handling is carried out to the item that the safety information table in scan list is shown with risk;
After having processed, result is shown in the user interface of computing machine.
5. the method for claim 1, wherein described enumerate the root directory file of described movable storage device before, the method comprises further:
Check the autorun.inf file in described movable storage device, judge whether the executable file that this autorun.inf file points to exists risk, be that this executable file is added in scan list, and stop the file that system self-starting autorun.inf file points to.
6., before the information the method for claim 1, wherein in described display scan list, the method comprises further:
The every of scan list is mated with trusted list, the security information of occurrence is revised as trusted.
7. the method for claim 1, wherein, described at least one root directory file for enumerating, judge whether this root directory file mates blacklist, any one in special rules list or the list of cloud query type of preserving in advance, is add this root directory file to scan list and comprise:
Steps A, judges whether this root directory file mates any one in blacklist, is, is added in scan list by this root directory file, otherwise performs step B;
Step B, judges whether this root directory file mates any one in special rules list, is, is added in scan list by this root directory file, otherwise performs step C;
Step C, judges whether this root directory file mates any one in the list of cloud query type, is, is added in scan list by this root directory file.
8. the method according to any one of claim 1 to 7, wherein, described blacklist, special rules list, the list of cloud query type and the white list preserved in advance is local preservation, or for server end preservation.
9. the method according to any one of claim 1 to 7, wherein, the taking a step forward of root directory file that the method is enumerating described movable storage device comprises:
Load scanning logic and realize file;
The scanning rule file that files loading preserves blacklist, special rules list, the list of cloud query type and white list is realized by described scanning logic.
10. scan a device for movable storage device, wherein, this device comprises: storage unit, scanning element, Safety query unit, security information amending unit and display unit;
Described storage unit, is suitable for storing blacklist, special rules list, the list of cloud query type and white list;
Described scanning element, be suitable for the root directory file enumerating described movable storage device, for at least one the root directory file enumerated, judge whether this root directory file mates blacklist that is in described storage unit or server end, any one in special rules list or the list of cloud query type, that this root directory file is added in scan list, then the non-root catalogue file of described movable storage device is scanned, if there is the non-root catalogue file mated with the non-root directory path in blacklist, then the non-root catalogue file of this coupling is added in described scan list, wherein, blacklist refers to the set confirming as risky file, and special rules list is that some meet the set of the risky file of special rules, and the list of cloud query type is the set needing the file carrying out cloud inquiry,
Described Safety query unit, is suitable for that the cloud query type in scan list is sent to server end and carries out Safety query, is saved in scan list by the security information correspondence that server end feeds back;
Described security information amending unit, be suitable for by the every of scan list and described storage unit or the white list of server end mate, the security information of occurrence is revised as trusted;
Display unit, is suitable for the information in display scan list, and wherein, the information in described scan list comprises the security information of filename and correspondence.
11. devices as claimed in claim 10, wherein,
Described scanning element, be suitable for when the quantity of the root directory file of described movable storage device is less than or equals predetermined number, enumerate whole root directory files of described movable storage device, and be suitable for, when the quantity of the root directory file of described movable storage device is more than predetermined number, enumerating the root directory file of the described predetermined number of described movable storage device.
12. devices as claimed in claim 10, wherein,
Described display unit, is further adapted for when comprising hidden file in described scan list, and whether prompting user shows hidden file, when user selects to confirm, shows hidden file.
13. devices as claimed in claim 10, wherein, this device comprises further:
Processes and displays unit, is suitable for carrying out respective handling according to user instruction to the item that the safety information table in scan list is shown with risk, and result is shown in the user interface of computing machine after processing is completed.
14. devices as claimed in claim 10, wherein,
Described scanning element, before enumerating the root directory file of described movable storage device, be further adapted for the autorun.inf file checked in described movable storage device, judge whether the executable file that this autorun.inf file points to exists risk, be that this executable file is added in scan list, and stop the file that system self-starting autorun.inf file points to.
15. devices as claimed in claim 10, wherein,
Described security information amending unit, is further adapted for and the every of scan list is mated with trusted list, and the security information of occurrence is revised as trusted.
16. devices as claimed in claim 10, wherein, described scanning element is suitable at least one the root directory file for enumerating, and judges whether to mate any one in blacklist, special rules list or the list of cloud query type according to following order:
Steps A, judges whether this root directory file mates any one in blacklist, is, is added in scan list by this root directory file, otherwise performs step B;
Step B, judges whether this root directory file mates any one in special rules list, is, is added in scan list by this root directory file, otherwise performs step C;
Step C, judges whether this root directory file mates any one in the list of cloud query type, is, is added in scan list by this root directory file.
17. 1 kinds of systems scanning movable storage device, wherein, this system comprises: server and one or more device according to any one of claim 10 to 16;
Described server, is suitable for preserving blacklist, special rules list, the list of cloud query type and white list, for described device inquiry, and is suitable for the Safety query that described device provides cloud query type.
CN201310020638.7A 2013-01-18 2013-01-18 A kind of methods, devices and systems scanning movable storage device Active CN103093145B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310020638.7A CN103093145B (en) 2013-01-18 2013-01-18 A kind of methods, devices and systems scanning movable storage device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310020638.7A CN103093145B (en) 2013-01-18 2013-01-18 A kind of methods, devices and systems scanning movable storage device

Publications (2)

Publication Number Publication Date
CN103093145A CN103093145A (en) 2013-05-08
CN103093145B true CN103093145B (en) 2016-01-13

Family

ID=48205701

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310020638.7A Active CN103093145B (en) 2013-01-18 2013-01-18 A kind of methods, devices and systems scanning movable storage device

Country Status (1)

Country Link
CN (1) CN103093145B (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103617392B (en) * 2013-11-22 2017-02-01 北京奇虎科技有限公司 Method and device for safety scanning external storage device of smart terminal
CN103646669B (en) * 2013-11-29 2016-08-24 北京奇虎科技有限公司 The reliability checking method of a kind of movable storage device and device
CN103677668B (en) * 2013-11-29 2017-04-05 北京奇虎科技有限公司 A kind of method and device of movable storage device detection
CN104778222B (en) * 2015-03-23 2017-12-05 四川长虹电器股份有限公司 Media library based on USB storage device is established and update method
CN107025281A (en) * 2017-03-31 2017-08-08 上海斐讯数据通信技术有限公司 A kind of file management method of Intelligent worn device, module and system
CN110795403B (en) * 2019-10-31 2022-03-11 北京永亚普信科技有限责任公司 File arrival scanning optimization method for polling mechanism
CN110826068B (en) * 2019-11-01 2022-03-18 海南车智易通信息技术有限公司 Safety detection method and safety detection system
CN111367819B (en) * 2020-03-30 2024-07-30 建信金融科技有限责任公司 Code scanning and filtering method and device
WO2021217652A1 (en) * 2020-04-30 2021-11-04 西门子股份公司 Method and apparatus for controlling mobile storage device, and computer-readable medium
CN111881305B (en) * 2020-06-23 2024-03-01 博泰车联网科技(上海)股份有限公司 Scanning method and related equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100017877A1 (en) * 2008-06-23 2010-01-21 Symantec Corporation Methods and systems for determining file classifications
CN101923609A (en) * 2009-06-09 2010-12-22 深圳市联软科技有限公司 Computer network security protection method and system
CN102279917A (en) * 2011-09-19 2011-12-14 奇智软件(北京)有限公司 Multi-antivirus engine parallel antivirus method and system
CN102346827A (en) * 2011-09-19 2012-02-08 奇智软件(北京)有限公司 Method and device for dealing with computer virus
CN102629403A (en) * 2012-03-14 2012-08-08 深圳市紫金支点技术股份有限公司 USB (Universal Serial Bus) flash disk authorization method and system based on ATM (Automatic Teller Machine) equipment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101706851B (en) * 2009-11-03 2012-07-04 广州广电运通金融电子股份有限公司 Method and system for controlling process of self-help terminal

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100017877A1 (en) * 2008-06-23 2010-01-21 Symantec Corporation Methods and systems for determining file classifications
CN101923609A (en) * 2009-06-09 2010-12-22 深圳市联软科技有限公司 Computer network security protection method and system
CN102279917A (en) * 2011-09-19 2011-12-14 奇智软件(北京)有限公司 Multi-antivirus engine parallel antivirus method and system
CN102346827A (en) * 2011-09-19 2012-02-08 奇智软件(北京)有限公司 Method and device for dealing with computer virus
CN102629403A (en) * 2012-03-14 2012-08-08 深圳市紫金支点技术股份有限公司 USB (Universal Serial Bus) flash disk authorization method and system based on ATM (Automatic Teller Machine) equipment

Also Published As

Publication number Publication date
CN103093145A (en) 2013-05-08

Similar Documents

Publication Publication Date Title
CN103093145B (en) A kind of methods, devices and systems scanning movable storage device
JP5816198B2 (en) System and method for sharing the results of computing operations between related computing systems
JP5976020B2 (en) System and method for performing anti-malware metadata lookup
US8863291B2 (en) Reputation checking of executable programs
CN103207970B (en) Virus document scan method and device
JP5026543B2 (en) Platform-based inspection for input-output device content
CN102819717B (en) Method and device for file protection processing
CN104536792A (en) Method and device for eliminating application program residual files
CN103793248B (en) Method and device for upgrading application program
US20140237226A1 (en) Option read-only memory use
CN105335184A (en) Application installation method and apparatus
CN106503556A (en) Method, device and system for data storage
US8515732B2 (en) Opening a message catalog file for a language that is not installed
EP2998902B1 (en) Method and apparatus for processing file
CN104503807A (en) Management method and device of starting items
CN102999725B (en) Malevolence code processing method and system
CN103309666B (en) A kind of software running control method and device
CN102915359B (en) File management method and device
TW200402634A (en) Data processing method, data processing device, computer program and recording medium
CN111125721A (en) Control method for process starting, computer equipment and readable storage medium
CN102902925B (en) The processing method of a kind of file of contaminating and system
CN102930209B (en) The document handling method of movable storage device and document handling apparatus
WO2015081836A1 (en) Method and device for virus identification, nonvolatile storage medium, and device
CN106127052A (en) The recognition methods of rogue program and device
CN104462975A (en) Program scanning method, device and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220725

Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

TR01 Transfer of patent right