[go: up one dir, main page]

CN116566939A - A mail processing method, device, storage medium and electronic equipment - Google Patents

A mail processing method, device, storage medium and electronic equipment Download PDF

Info

Publication number
CN116566939A
CN116566939A CN202310747799.XA CN202310747799A CN116566939A CN 116566939 A CN116566939 A CN 116566939A CN 202310747799 A CN202310747799 A CN 202310747799A CN 116566939 A CN116566939 A CN 116566939A
Authority
CN
China
Prior art keywords
antivirus
predetermined
identification information
unique identification
email
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310747799.XA
Other languages
Chinese (zh)
Inventor
孙佩
姜博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202310747799.XA priority Critical patent/CN116566939A/en
Publication of CN116566939A publication Critical patent/CN116566939A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/21Monitoring or handling of messages
    • H04L51/212Monitoring or handling of messages using filtering or selective blocking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/42Mailbox-related aspects, e.g. synchronisation of mailboxes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本发明提供了一种邮件处理方法、装置、存储介质以及电子设备,邮件处理方法包括:获取预定邮件的唯一标识信息;检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录;在存在所述杀毒扫描记录的情况下,将所述预定地址数据库中所述杀毒扫描记录对应的杀毒扫描结果确定为所述预定邮件的杀毒扫描结果;根据所述杀毒扫描结果对应的执行策略处理所述预定邮件。上述邮件处理方法能够在网关设备在同一时间接收到的大量邮件时,无需对所有邮件分别进行病毒扫描,提高了网关设备遇到群发邮件时对邮件病毒的扫描速度,且能够减少设备重复扫描同一封邮件所导致的性能资源浪费的情况,优化了用户体验。

The present invention provides a mail processing method, device, storage medium and electronic equipment. The mail processing method includes: obtaining unique identification information of a predetermined mail; detecting whether there is an antivirus scanning record corresponding to the unique identification information in a predetermined address database; If the antivirus scan record exists, determine the antivirus scan result corresponding to the antivirus scan record in the predetermined address database as the antivirus scan result of the predetermined mail; process according to the execution policy corresponding to the antivirus scan result The scheduled mail. The above email processing method can eliminate the need to perform virus scanning on all emails when the gateway device receives a large number of emails at the same time, which improves the scanning speed of the email virus when the gateway device encounters mass emails, and can reduce repeated scanning of the same email by the gateway equipment. The waste of performance resources caused by emails is eliminated, and the user experience is optimized.

Description

一种邮件处理方法、装置、存储介质以及电子设备A mail processing method, device, storage medium and electronic equipment

技术领域technical field

本发明涉及邮件处理技术领域,特别涉及一种邮件处理方法、装置、存储介质以及电子设备。The invention relates to the technical field of mail processing, in particular to a mail processing method, device, storage medium and electronic equipment.

背景技术Background technique

电子邮件(简称E-Mail)是在网络或因特网用户之间收发邮件的一种通信方式,通常使用三种主要的因特网邮件标准(POP3、SMTP、IMAP)之一来收发电子邮件。在计算机用户浏览邮件或下载邮件附件时,各类型的病毒也可能会藏在邮件内,随着用户的操作下载到用户本地的电脑上,导致用户的电脑受到病毒感染,所以做好病毒防护非常重要的。Electronic mail (abbreviated as E-Mail) is a communication method for sending and receiving mail between network or Internet users, usually using one of the three main Internet mail standards (POP3, SMTP, IMAP) to send and receive e-mail. When a computer user browses emails or downloads email attachments, various types of viruses may also be hidden in emails, which will be downloaded to the user's local computer with the user's operation, causing the user's computer to be infected by viruses, so it is very important to do a good job of virus protection important.

目前过滤的网关设备(或防火墙设备)在邮件病毒防护功能上主要支持的协议就是以上三种。网关设备中存在代理引擎模式,可以充当中间服务器,对来往的每封邮件进行还原扫描,如果在某一封邮件中查杀到病毒,会进行清除或拦截等操作,让用户客户端无法下载含有病毒的附件。The current filtering gateway device (or firewall device) mainly supports the above three protocols in the email virus protection function. There is a proxy engine mode in the gateway device, which can act as an intermediate server to restore and scan each incoming and outgoing email. If a virus is found in a certain email, it will perform operations such as clearing or intercepting it, so that the user client cannot download files containing Virus attachments.

当用户使用邮件客户端收取邮件时,例如使用POP3协议,数据包分片通过网关设备。网关设备会将这封邮件的所有的数据包分片收集起来,进行文件还原,存储在设备当中。随后进行下一步病毒扫描,病毒扫描完成后,若该封邮件不存在病毒特征,则直接进行转发,用户正常收取到该封邮件。若邮件中存在病毒特征,根据设备上的策略,对该邮件内容进行清除或拦截等操作,再转发数据,客户端看到的邮件则为设备修改过后的邮件内容。When a user uses a mail client to receive mail, such as using the POP3 protocol, the data packet fragments pass through the gateway device. The gateway device will collect all the packet fragments of this email, restore the file, and store it in the device. Then the next step of virus scanning is carried out. After the virus scanning is completed, if the email does not have virus characteristics, it will be forwarded directly, and the user will normally receive the email. If there are virus characteristics in the email, according to the policy on the device, the content of the email will be cleared or intercepted, and then the data will be forwarded. The email seen by the client is the modified email content of the device.

每封邮件在经过网关设备时,网关设备都会进行一遍相同的流程,即数据收发、邮件还原、病毒特征比对等。当有群发邮件时,多个用户共同收取邮件,就会导致网关设备在这个时间点需要处理大量的邮件,很可能会遇到设备性能不足,从而邮件转发过慢或影响其他模块检测的情况,体现在客户端就会产生收取邮件过慢或网络环境遭到波动的情况,用户体验较差。When each email passes through the gateway device, the gateway device will go through the same process, that is, data sending and receiving, email restoration, virus signature comparison, etc. When there is mass mailing, multiple users jointly receive mails, which will cause the gateway device to process a large amount of mails at this point in time, and it is likely that the performance of the device is insufficient, so that the mail forwarding is too slow or affects the detection of other modules. It is reflected in the situation that the client will receive emails too slowly or the network environment will be fluctuated, and the user experience will be poor.

发明内容Contents of the invention

有鉴于此,本发明实施例提出了一种邮件处理方法、装置、存储介质以及电子设备,用以解决现有技术的如下问题:现有网关设备在同一时间接收到的大量邮件时,需要对所有邮件均进行病毒扫描,扫描过程会占用网关设备较大的性能,导致网关设备性能不足,客户端会产生收取邮件过慢或网络环境遭到波动的情况,用户体验较差。In view of this, the embodiment of the present invention proposes an email processing method, device, storage medium, and electronic equipment to solve the following problems in the prior art: when the existing gateway equipment receives a large number of emails at the same time, it needs to process All emails are scanned for viruses. The scanning process will take up a lot of performance of the gateway device, resulting in insufficient performance of the gateway device. The client will receive emails too slowly or the network environment will fluctuate, and the user experience will be poor.

本发明实施例提供了一种邮件处理方法,包括:An embodiment of the present invention provides a mail processing method, including:

获取预定邮件的唯一标识信息;Obtain unique identification information for scheduled mail;

检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录;Detecting whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database;

在存在所述杀毒扫描记录的情况下,将所述预定地址数据库中所述杀毒扫描记录对应的杀毒扫描结果确定为所述预定邮件的杀毒扫描结果;If the antivirus scan record exists, determine the antivirus scan result corresponding to the antivirus scan record in the predetermined address database as the antivirus scan result of the predetermined email;

根据所述杀毒扫描结果对应的执行策略处理所述预定邮件。The predetermined email is processed according to the execution policy corresponding to the antivirus scanning result.

在一些实施例中,在所述检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录之后,还包括:In some embodiments, after detecting whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database, the method further includes:

在不存在所述唯一标识信息的情况下,对所述预定邮件进行预定杀毒扫描操作,并记录杀毒扫描结果;In the absence of the unique identification information, perform a predetermined antivirus scanning operation on the predetermined email, and record the antivirus scanning result;

根据所述杀毒扫描结果和所述预定邮件的唯一标识信息生成杀毒扫描记录,并将所述杀毒扫描记录存储至所述预定地址数据库。An antivirus scan record is generated according to the antivirus scan result and the unique identification information of the predetermined email, and the antivirus scan record is stored in the predetermined address database.

在一些实施例中,所述根据所述杀毒扫描结果对应的执行策略处理所述预定邮件,具体包括:In some embodiments, the processing of the predetermined email according to the execution policy corresponding to the antivirus scanning result specifically includes:

在所述杀毒扫描结果为具有病毒的情况下,按照预定杀毒策略处理所述预定邮件;If the antivirus scanning result shows that there is a virus, process the predetermined email according to a predetermined antivirus strategy;

在所述杀毒扫描结果为不具有病毒的情况下,将所述预定邮件转发至目标地址。If the result of the antivirus scanning is that there is no virus, the predetermined email is forwarded to the target address.

在一些实施例中,所述检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录,具体包括:In some embodiments, the detecting whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database specifically includes:

检测预定地址数据库中是否存在与所述唯一标识信息相同的唯一标识信息。Detecting whether the same unique identification information as the unique identification information exists in the predetermined address database.

本发明实施例还提供了一种邮件处理装置,包括:An embodiment of the present invention also provides a mail processing device, including:

获取模块,其配置为获取预定邮件的唯一标识信息;an obtaining module configured to obtain unique identification information of scheduled mail;

检测模块,其配置为检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录;A detection module configured to detect whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database;

确定模块,其配置为在存在所述杀毒扫描记录的情况下,将所述预定地址数据库中所述杀毒扫描记录对应的杀毒扫描结果确定为所述预定邮件的杀毒扫描结果;A determining module, configured to determine the antivirus scan result corresponding to the antivirus scan record in the predetermined address database as the antivirus scan result of the predetermined email if the antivirus scan record exists;

处理模块,其配置为根据所述杀毒扫描结果对应的执行策略处理所述预定邮件。A processing module configured to process the predetermined email according to the execution policy corresponding to the antivirus scanning result.

在一些实施例中,所述处理模块还配置为在所述检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录之后,In some embodiments, the processing module is further configured to, after detecting whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database,

在不存在所述唯一标识信息的情况下,对所述预定邮件进行预定杀毒扫描操作,并记录杀毒扫描结果;In the absence of the unique identification information, perform a predetermined antivirus scanning operation on the predetermined email, and record the antivirus scanning result;

根据所述杀毒扫描结果和所述预定邮件的唯一标识信息生成杀毒扫描记录,并将所述杀毒扫描记录存储至所述预定地址数据库。An antivirus scan record is generated according to the antivirus scan result and the unique identification information of the predetermined email, and the antivirus scan record is stored in the predetermined address database.

在一些实施例中,所述处理模块还配置为在所述杀毒扫描结果为具有病毒的情况下,按照预定杀毒策略处理所述预定邮件;In some embodiments, the processing module is further configured to process the predetermined email according to a predetermined antivirus strategy if the antivirus scanning result shows that it has a virus;

在所述杀毒扫描结果为不具有病毒的情况下,将所述预定邮件转发至目标地址。If the result of the antivirus scanning is that there is no virus, the predetermined email is forwarded to the target address.

在一些实施例中,所述检测模块还配置为检测预定地址数据库中是否存在与所述唯一标识信息相同的唯一标识信息。In some embodiments, the detection module is further configured to detect whether unique identification information identical to the unique identification information exists in the predetermined address database.

本发明实施例还提供了一种存储介质,存储有计算机程序,所述计算机程序被处理器执行时实现上述的邮件处理方法的步骤。An embodiment of the present invention also provides a storage medium storing a computer program, and when the computer program is executed by a processor, the steps of the above mail processing method are realized.

本发明实施例还提供了一种电子设备,至少包括存储器、处理器,所述存储器上存储有计算机程序,所述处理器在执行所述存储器上的计算机程序时实现上述的邮件处理方法的步骤。An embodiment of the present invention also provides an electronic device, including at least a memory and a processor, the memory stores a computer program, and the processor implements the steps of the above mail processing method when executing the computer program on the memory .

与现有技术相比,本发明实施例的有益效果在于:通过获取预定邮件的唯一标识信息,检测预定地址数据库中是否存在该唯一标识信息对应的杀毒扫描记录,如果存在,则将对应的杀毒扫描记录确定为预定邮件的杀毒扫描结果,如此,在网关设备在同一时间接收到的大量邮件时,无需对所有邮件分别进行病毒扫描,解决现有技术中同时收取多封邮件时对邮件的杀毒扫描导致的设备性能不足的技术问题,提高了网关设备遇到群发邮件时对邮件病毒的扫描速度,且能够减少设备重复扫描同一封邮件所导致的性能资源浪费的情况,优化了用户体验。Compared with the prior art, the beneficial effect of the embodiment of the present invention is that: by obtaining the unique identification information of the scheduled mail, it is detected whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database, and if it exists, the corresponding antivirus The scanning record is determined to be the antivirus scanning result of the scheduled emails, so that when the gateway device receives a large number of emails at the same time, it is not necessary to perform virus scanning on all emails separately, which solves the antivirus of emails when receiving multiple emails at the same time in the prior art The technical problem of insufficient device performance caused by scanning has improved the scanning speed of email viruses when the gateway device encounters mass emails, and can reduce the waste of performance resources caused by repeated scanning of the same email by the device, optimizing the user experience.

附图说明Description of drawings

为了更清楚地说明本公开实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本公开中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present disclosure or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the drawings in the following description are only These are some embodiments described in the present disclosure. Those skilled in the art can also obtain other drawings based on these drawings without any creative effort.

图1为本发明第一实施例邮件处理方法的流程图;Fig. 1 is the flowchart of the mail processing method of the first embodiment of the present invention;

图2为本发明第二实施例邮件处理方法的流程图;Fig. 2 is the flowchart of the mail processing method of the second embodiment of the present invention;

图3为本发明第三实施例邮件处理方法的流程图;Fig. 3 is the flowchart of the mail processing method of the third embodiment of the present invention;

图4为本发明实施例邮件处理装置的结构框图。Fig. 4 is a structural block diagram of a mail processing device according to an embodiment of the present invention.

具体实施方式Detailed ways

为了使得本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例的附图,对本发明实施例的技术方案进行清楚、完整地描述。显然,所描述的实施例是本发明的一部分实施例,而不是全部的实施例。基于所描述的本发明的实施例,本领域普通技术人员在无需创造性劳动的前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention more clear, the technical solutions of the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings of the embodiments of the present invention. Apparently, the described embodiments are some, not all, embodiments of the present invention. Based on the described embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

除非另外定义,本发明使用的技术术语或者科学术语应当为本发明所属领域内具有一般技能的人士所理解的通常意义。本发明中使用的“第一”、“第二”以及类似的词语并不表示任何顺序、数量或者重要性,而只是用来区分不同的组成部分。“包括”或者“包含”等类似的词语意指出现该词前面的元件或者物件涵盖出现在该词后面列举的元件或者物件及其等同,而不排除其他元件或者物件。“连接”或者“相连”等类似的词语并非限定于物理的或者机械的连接,而是可以包括电性的连接,不管是直接的还是间接的。“上”、“下”、“左”、“右”等仅用于表示相对位置关系,当被描述对象的绝对位置改变后,则该相对位置关系也可能相应地改变。Unless otherwise defined, the technical terms or scientific terms used in the present invention shall have the usual meanings understood by those skilled in the art to which the present invention belongs. "First", "second" and similar words used in the present invention do not indicate any order, quantity or importance, but are only used to distinguish different components. "Comprising" or "comprising" and similar words mean that the elements or items appearing before the word include the elements or items listed after the word and their equivalents, without excluding other elements or items. Words such as "connected" or "connected" are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. "Up", "Down", "Left", "Right" and so on are only used to indicate the relative positional relationship. When the absolute position of the described object changes, the relative positional relationship may also change accordingly.

为了保持本发明实施例的以下说明清楚且简明,本发明省略了已知功能和已知部件的详细说明。To keep the following description of the embodiments of the present invention clear and concise, detailed descriptions of known functions and known components are omitted from the present invention.

本发明实施例提供了一种邮件处理方法,该邮件处理方法可应用于包括网关设备的电子设备。电子设备可以是指智能手机、平板电脑、笔记本电脑、个人电脑等等不同的电子设备,对于电子设备具体是什么样的设备本发明不做限制,其能够接收邮件并处理邮件即可。An embodiment of the present invention provides a mail processing method, and the mail processing method can be applied to an electronic device including a gateway device. Electronic devices may refer to different electronic devices such as smart phones, tablet computers, notebook computers, and personal computers. The present invention does not limit the specific types of electronic devices, as long as they can receive and process emails.

如图1所示,邮件处理方法包括步骤S101至步骤S104。As shown in FIG. 1 , the mail processing method includes steps S101 to S104.

步骤S101:获取预定邮件的唯一标识信息。Step S101: Obtain the unique identification information of the scheduled email.

具体地,上述预定邮件的唯一标识信息可理解为Message-id,Message-id标头是RFC 2822中定义的字段包含一个唯一的消息标识符,通过利用该消息标识符能够解决网关设备在邮件的病毒扫描上的性能不足的问题。需要说明的是,在邮件头信息中,“Message-id”是电子邮件系统赋予电子邮件的唯一标记,在电子邮件传输过程中不会变更,至少包括识别编号、符号、主机名称等信息。另外,上述“Message-id”会记载有发件人的电子邮箱地址。Specifically, the unique identification information of the above scheduled mail can be understood as Message-id, and the Message-id header is a field defined in RFC 2822 that contains a unique message identifier. Insufficient performance on virus scanning. It should be noted that in the email header information, "Message-id" is a unique tag assigned to emails by the email system, which will not change during email transmission, and at least includes information such as identification numbers, symbols, and host names. In addition, the above "Message-id" contains the sender's e-mail address.

具体地,上述预定邮件可通过POP3协议或IMAP协议进入设备。Specifically, the above-mentioned predetermined mail can enter the device through the POP3 protocol or the IMAP protocol.

步骤S102:检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录。Step S102: Detect whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database.

具体地,上述预定地址数据可理解为与Message-id相关的数据库,其内存储有Message-id和与其对应的标记,该标记可为非病毒标记或病毒标记。杀毒扫描记录可用于记录已扫描的不存在病毒特征以及存在病毒特征的邮件的Message-id。Specifically, the aforementioned predetermined address data can be understood as a database related to the Message-id, in which the Message-id and its corresponding mark are stored, and the mark can be a non-virus mark or a virus mark. Antivirus scan records can be used to record the Message-ids of scanned emails without virus signatures and with virus signatures.

具体地,可在采用上述邮件处理方法的电子设备的显示界面上呈现与根据唯一标识信息进行病毒扫描的显示块,在用户选中该显示块后,在获取到预定邮件的唯一标识信息后即执行上述步骤S102。Specifically, a display block for virus scanning according to the unique identification information may be presented on the display interface of the electronic device adopting the above-mentioned mail processing method. Step S102 above.

具体地,上述预定地址数据库可内置在采用上述邮件处理方法的电子设备中,以供执行上述邮件处理方法。Specifically, the aforementioned predetermined address database may be built into an electronic device adopting the aforementioned mail processing method, so as to execute the aforementioned mail processing method.

步骤S103:在存在所述杀毒扫描记录的情况下,将所述预定地址数据库中所述杀毒扫描记录对应的杀毒扫描结果确定为所述预定邮件的杀毒扫描结果。Step S103: If the antivirus scan record exists, determine the antivirus scan result corresponding to the antivirus scan record in the predetermined address database as the antivirus scan result of the predetermined email.

上述通过数据库中的杀毒扫描记录确定预设邮件的杀毒扫描结果的方式能够在不对预设邮件进行杀毒扫描的基础上,快速地确定出预设邮件是否包含病毒,有效地提高了对邮件病毒的扫描速度。The above-mentioned method of determining the antivirus scanning result of the preset email through the antivirus scanning records in the database can quickly determine whether the preset email contains a virus without performing antivirus scanning on the preset email, and effectively improves the protection against email viruses. scan speed.

具体地,上述杀毒扫描记录可确定预设邮件为病毒邮件的杀毒扫描结果,也可确定该预设邮件为非病毒邮件的杀毒扫描结果。Specifically, the antivirus scanning record may determine that the preset email is an antivirus scanning result of a virus email, or may determine that the preset email is an antivirus scanning result of a non-virus email.

具体地,若存在与唯一标识信息对应的杀毒扫描记录,则表明与预设邮件具有相同的唯一标识信息的邮件已经被扫描查杀过,此时,继续读取预定地址数据库中与唯一标识信息对应的杀毒扫描记录,进而根据杀毒扫描记录确定该预定邮件是否为病毒邮件。Specifically, if there is an anti-virus scanning record corresponding to the unique identification information, it indicates that the mail with the same unique identification information as the preset mail has been scanned and killed. Corresponding anti-virus scanning records, and then determine whether the predetermined email is a virus email according to the anti-virus scanning records.

步骤S104:根据所述杀毒扫描结果对应的执行策略处理所述预定邮件。Step S104: Process the predetermined email according to the execution policy corresponding to the antivirus scanning result.

具体地,上述执行策略与杀毒扫描结果是相对应的,执行策略至少包括对应预定邮件为病毒邮件的杀毒扫描结果的策略,以及对应预定邮件为非病毒邮件的杀毒扫描结果的策略。Specifically, the above execution strategy corresponds to the antivirus scanning result, and the execution strategy at least includes a strategy corresponding to the antivirus scanning result that the predetermined email is a virus email, and a strategy corresponding to the antivirus scanning result that the predetermined email is a non-virus email.

通过获取预定邮件的唯一标识信息,检测预定地址数据库中是否存在该唯一标识信息对应的杀毒扫描记录,如果存在,则将对应的杀毒扫描记录确定为预定邮件的杀毒扫描结果,如此,在网关设备在同一时间接收到的大量邮件时,无需对所有邮件分别进行病毒扫描,解决现有技术中同时收取多封邮件时对邮件的杀毒扫描导致的设备性能不足的技术问题,提高了网关设备遇到群发邮件时对邮件病毒的扫描速度,且能够减少设备重复扫描同一封邮件所导致的性能资源浪费的情况,优化了用户体验。By obtaining the unique identification information of the scheduled mail, it is detected whether there is an anti-virus scanning record corresponding to the unique identification information in the predetermined address database, and if it exists, the corresponding anti-virus scanning record is determined as the anti-virus scanning result of the scheduled mail. In this way, in the gateway device When a large number of emails are received at the same time, there is no need to perform virus scanning on all emails separately, which solves the technical problem of insufficient equipment performance caused by the antivirus scanning of emails in the prior art when multiple emails are received at the same time, and improves the gateway equipment. The scanning speed of email viruses when sending emails in groups can reduce the waste of performance resources caused by repeated scanning of the same email by the device, and optimize the user experience.

在一些实施例中,如图2所示,在步骤S102的检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录之后,还包括步骤S201和步骤S202。In some embodiments, as shown in FIG. 2 , after detecting whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database in step S102 , step S201 and step S202 are further included.

步骤S201:在不存在所述唯一标识信息的情况下,对所述预定邮件进行预定杀毒扫描操作,并记录杀毒扫描结果。Step S201: If the unique identification information does not exist, perform a predetermined antivirus scanning operation on the predetermined email, and record the antivirus scanning result.

步骤S202:根据所述杀毒扫描结果和所述预定邮件的唯一标识信息生成杀毒扫描记录,并将所述杀毒扫描记录存储至所述预定地址数据库。Step S202: Generate an antivirus scan record according to the antivirus scan result and the unique identification information of the predetermined email, and store the antivirus scan record in the predetermined address database.

在一些可选实施例中,如图3所示,上述步骤S202具体包括步骤S301至步骤S303。In some optional embodiments, as shown in FIG. 3 , the above step S202 specifically includes steps S301 to S303.

步骤S301:根据步骤S201中的杀毒扫描结果判断所述预定邮件是否具有病毒;Step S301: judging whether the predetermined email has a virus according to the antivirus scanning result in step S201;

步骤S302:若是,则将预定邮件的唯一标识信息存入数据库,并对该唯一标识信息设置病毒标记;Step S302: If yes, store the unique identification information of the scheduled mail in the database, and set a virus flag on the unique identification information;

步骤S303:若否,则将预定邮件的唯一标识信息存入数据库,并对该唯一标识信息设置非病毒标记。Step S303: If not, store the unique identification information of the scheduled email into the database, and set a non-virus flag on the unique identification information.

在一些实施例中,如图3所示,步骤S104的根据所述杀毒扫描结果对应的执行策略处理所述预定邮件,具体包括步骤S401和步骤S402。In some embodiments, as shown in FIG. 3 , the step S104 of processing the predetermined email according to the execution policy corresponding to the antivirus scanning result specifically includes steps S401 and S402 .

步骤S401:在所述杀毒扫描结果为具有病毒的情况下,按照预定杀毒策略处理所述预定邮件。Step S401: in the case that the antivirus scanning result shows that there is a virus, process the predetermined email according to a predetermined antivirus policy.

步骤S402:在所述杀毒扫描结果为不具有病毒的情况下,将所述预定邮件转发至目标地址。Step S402: If the antivirus scanning result shows that there is no virus, forward the predetermined email to the target address.

具体地,上述步骤S104的按照预定杀毒策略处理预定邮件可理解为采用以下一种或多种方式处理预定邮件:在日志中记录及删除掉病毒文件、拦截邮件。Specifically, processing the scheduled mail according to the predetermined antivirus policy in the above step S104 can be understood as processing the scheduled mail in one or more of the following ways: recording and deleting virus files in the log, and intercepting the mail.

具体地,上述将所述预定邮件转发至目标地址可理解为直接通过放行该预定邮件,将其存入至对应的目标地址中,以便于用户查阅。Specifically, the above-mentioned forwarding of the scheduled email to the target address can be understood as directly releasing the scheduled email and storing it in the corresponding target address, so as to facilitate the user's reference.

具体地,在执行步骤S302后可执行步骤S401的按照预定杀毒策略处理所述预定邮件。Specifically, after step S302 is executed, step S401 of processing the predetermined email according to a predetermined antivirus policy may be executed.

具体地,在执行步骤S303后可执行步骤S402的将所述预定邮件转发至目标地址。Specifically, step S402 of forwarding the predetermined email to the target address may be performed after step S303 is performed.

在一些实施例中,步骤S102的检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录,具体包括:检测预定地址数据库中是否存在与所述唯一标识信息相同的唯一标识信息。In some embodiments, the step S102 of detecting whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database specifically includes: detecting whether the same unique identification information as the unique identification information exists in the predetermined address database.

如此,能够增加检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录的检测准确性,进而增加判断是否为病毒邮件的准确性。In this way, the detection accuracy of detecting whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database can be increased, thereby increasing the accuracy of judging whether the email is a virus.

本发明实施例还提供了一种邮件处理装置110。如图4所示,邮件处理装置110包括获取模块101、检测模块102、确定模块103以及处理模块104。获取模块101配置为获取预定邮件的唯一标识信息。检测模块102配置为检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录。确定模块103配置为在存在所述杀毒扫描记录的情况下,将所述预定地址数据库中所述杀毒扫描记录对应的杀毒扫描结果确定为所述预定邮件的杀毒扫描结果。处理模块104配置为根据所述杀毒扫描结果对应的执行策略处理所述预定邮件。The embodiment of the present invention also provides a mail processing device 110 . As shown in FIG. 4 , the mail processing apparatus 110 includes an acquisition module 101 , a detection module 102 , a determination module 103 and a processing module 104 . The obtaining module 101 is configured to obtain the unique identification information of the scheduled mail. The detecting module 102 is configured to detect whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database. The determining module 103 is configured to determine the antivirus scanning result corresponding to the antivirus scanning record in the predetermined address database as the antivirus scanning result of the predetermined email if the antivirus scanning record exists. The processing module 104 is configured to process the predetermined email according to the execution policy corresponding to the antivirus scanning result.

具体地,上述预定邮件的唯一标识信息可理解为Message-id,Message-id标头是RFC 2822中定义的字段包含一个唯一的消息标识符,通过利用该消息标识符能够解决网关设备在邮件的病毒扫描上的性能不足的问题。需要说明的是,在邮件头信息中,“Message-id”是电子邮件系统赋予电子邮件的唯一标记,在电子邮件传输过程中不会变更,至少包括识别编号、符号、主机名称等信息。另外,上述“Message-id”会记载有发件人的电子邮箱地址。Specifically, the unique identification information of the above scheduled mail can be understood as Message-id, and the Message-id header is a field defined in RFC 2822 that contains a unique message identifier. Insufficient performance on virus scanning. It should be noted that in the email header information, "Message-id" is a unique tag assigned to emails by the email system, which will not change during email transmission, and at least includes information such as identification numbers, symbols, and host names. In addition, the above "Message-id" contains the sender's e-mail address.

具体地,上述预定邮件可通过POP3协议或IMAP协议进入设备。Specifically, the above-mentioned predetermined mail can enter the device through the POP3 protocol or the IMAP protocol.

具体地,上述预定地址数据可理解为与Message-id相关的数据库,其内存储有Message-id和与其对应的标记,该标记可为非病毒标记或病毒标记。杀毒扫描记录可用于记录已扫描的不存在病毒特征以及存在病毒特征的邮件的Message-id。Specifically, the aforementioned predetermined address data can be understood as a database related to the Message-id, in which the Message-id and its corresponding mark are stored, and the mark can be a non-virus mark or a virus mark. Antivirus scan records can be used to record the Message-ids of scanned emails without virus signatures and with virus signatures.

具体地,可在采用上述邮件处理方法的电子设备的显示界面上呈现与根据唯一标识信息进行病毒扫描的显示块,在用户选中该显示块后,在获取到预定邮件的唯一标识信息后即执行上述检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录这一步骤。Specifically, a display block for virus scanning according to the unique identification information may be presented on the display interface of the electronic device adopting the above-mentioned mail processing method. The above-mentioned step of detecting whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database.

具体地,上述预定地址数据库可内置在采用上述邮件处理方法的电子设备中,以供执行上述邮件处理方法。Specifically, the aforementioned predetermined address database may be built into an electronic device adopting the aforementioned mail processing method, so as to execute the aforementioned mail processing method.

具体地,上述杀毒扫描记录可确定预设邮件为病毒邮件的杀毒扫描结果,也可确定该预设邮件为非病毒邮件的杀毒扫描结果。Specifically, the antivirus scanning record may determine that the preset email is an antivirus scanning result of a virus email, or may determine that the preset email is an antivirus scanning result of a non-virus email.

具体地,若存在与唯一标识信息对应的杀毒扫描记录,则表明与预设邮件具有相同的唯一标识信息的邮件已经被扫描查杀过,此时,继续读取预定地址数据库中与唯一标识信息对应的杀毒扫描记录,进而根据杀毒扫描记录确定该预定邮件是否为病毒邮件。Specifically, if there is an anti-virus scanning record corresponding to the unique identification information, it indicates that the mail with the same unique identification information as the preset mail has been scanned and killed. Corresponding anti-virus scanning records, and then determine whether the predetermined email is a virus email according to the anti-virus scanning records.

具体地,上述执行策略与杀毒扫描结果是相对应的,执行策略至少包括对应预定邮件为病毒邮件的杀毒扫描结果的策略,以及对应预定邮件为非病毒邮件的杀毒扫描结果的策略。Specifically, the above execution strategy corresponds to the antivirus scanning result, and the execution strategy at least includes a strategy corresponding to the antivirus scanning result that the predetermined email is a virus email, and a strategy corresponding to the antivirus scanning result that the predetermined email is a non-virus email.

如此,上述邮件处理装置110通过获取预定邮件的唯一标识信息,检测预定地址数据库中是否存在该唯一标识信息对应的杀毒扫描记录,如果存在,则将对应的杀毒扫描记录确定为预定邮件的杀毒扫描结果,如此,在网关设备在同一时间接收到的大量邮件时,无需对所有邮件分别进行病毒扫描,解决现有技术中同时收取多封邮件时对邮件的杀毒扫描导致的设备性能不足的技术问题,提高了网关设备遇到群发邮件时对邮件病毒的扫描速度,且能够减少设备重复扫描同一封邮件所导致的性能资源浪费的情况,优化了用户体验。In this way, the above-mentioned mail processing device 110 obtains the unique identification information of the scheduled mail, detects whether there is an anti-virus scanning record corresponding to the unique identification information in the predetermined address database, and if it exists, determines the corresponding anti-virus scanning record as the anti-virus scanning of the scheduled mail. As a result, in this way, when the gateway device receives a large number of mails at the same time, it is not necessary to perform virus scanning on all mails separately, which solves the technical problem of insufficient equipment performance caused by the antivirus scanning of mails when receiving multiple mails at the same time in the prior art , which improves the scanning speed of email viruses when the gateway device encounters mass emails, and can reduce the waste of performance resources caused by repeated scanning of the same email by the device, and optimize the user experience.

在一些实施例中,所述处理模块104还配置为在所述检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录之后,In some embodiments, the processing module 104 is further configured to, after detecting whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database,

在不存在所述唯一标识信息的情况下,对所述预定邮件进行预定杀毒扫描操作,并记录杀毒扫描结果;In the absence of the unique identification information, perform a predetermined antivirus scanning operation on the predetermined email, and record the antivirus scanning result;

根据所述杀毒扫描结果和所述预定邮件的唯一标识信息生成杀毒扫描记录,并将所述杀毒扫描记录存储至所述预定地址数据库。An antivirus scan record is generated according to the antivirus scan result and the unique identification information of the predetermined email, and the antivirus scan record is stored in the predetermined address database.

在一些实施例中,所述处理模块104还配置为:根据杀毒扫描结果判断所述预定邮件是否具有病毒;若是,则将预定邮件的唯一标识信息存入数据库,并对该唯一标识信息设置病毒标记;若否,则将预定邮件的唯一标识信息存入数据库,并对该唯一标识信息设置非病毒标记。In some embodiments, the processing module 104 is further configured to: judge whether the predetermined mail has a virus according to the antivirus scanning result; if so, store the unique identification information of the predetermined mail into the database, and set the virus mark; if not, store the unique identification information of the scheduled mail into the database, and set a non-virus mark on the unique identification information.

在一些实施例中,所述处理模块104还配置为在所述杀毒扫描结果为具有病毒的情况下,按照预定杀毒策略处理所述预定邮件;In some embodiments, the processing module 104 is further configured to process the predetermined email according to a predetermined antivirus strategy if the antivirus scanning result shows that it has a virus;

在所述杀毒扫描结果为不具有病毒的情况下,将所述预定邮件转发至目标地址。If the result of the antivirus scanning is that there is no virus, the predetermined email is forwarded to the target address.

具体地,上述将所述预定邮件转发至目标地址可理解为直接通过放行该预定邮件,将其存入至对应的目标地址中,以便于用户查阅。Specifically, the above-mentioned forwarding of the scheduled email to the target address can be understood as directly releasing the scheduled email and storing it in the corresponding target address, so as to facilitate the user's reference.

在一些实施例中,所述检测模块102还配置为检测预定地址数据库中是否存在与所述唯一标识信息相同的唯一标识信息。如此,能够增加检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录的检测准确性,进而增加判断是否为病毒邮件的准确性。In some embodiments, the detection module 102 is further configured to detect whether unique identification information identical to the unique identification information exists in the predetermined address database. In this way, the detection accuracy of detecting whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database can be increased, thereby increasing the accuracy of judging whether the email is a virus.

本发明实施例还提供了一种存储介质,存储有计算机程序,所述计算机程序被处理器执行时实现上述的邮件处理方法的步骤。An embodiment of the present invention also provides a storage medium storing a computer program, and when the computer program is executed by a processor, the steps of the above mail processing method are implemented.

本发明实施例还提供了一种电子设备,至少包括存储器、处理器,所述存储器上存储有计算机程序,所述处理器在执行所述存储器上的计算机程序时实现上述的邮件处理方法的步骤。An embodiment of the present invention also provides an electronic device, including at least a memory and a processor, the memory stores a computer program, and the processor implements the steps of the above mail processing method when executing the computer program on the memory .

可选地,在本实施例中,上述存储介质可以包括但不限于:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。可选地,在本实施例中,处理器根据存储介质中已存储的程序代码执行上述实施例记载的方法步骤。可选地,本实施例中的具体示例可以参考上述实施例及可选实施方式中所描述的示例,本实施例在此不再赘述。显然,本领域的技术人员应该明白,上述的本发明的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本发明不限制于任何特定的硬件和软件结合。Optionally, in this embodiment, the above-mentioned storage medium may include but not limited to: U disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, magnetic disk Various media that can store program codes such as discs or optical discs. Optionally, in this embodiment, the processor executes the method steps described in the foregoing embodiments according to the program code stored in the storage medium. Optionally, for specific examples in this embodiment, reference may be made to the examples described in the foregoing embodiments and optional implementation manners, and details are not repeated in this embodiment. Obviously, those skilled in the art should understand that each module or each step of the present invention described above can be realized by a general-purpose computing device, and they can be concentrated on a single computing device, or distributed in a network formed by multiple computing devices Alternatively, they may be implemented in program code executable by a computing device so that they may be stored in a storage device to be executed by a computing device, and in some cases in an order different from that shown here The steps shown or described are carried out, or they are separately fabricated into individual integrated circuit modules, or multiple modules or steps among them are fabricated into a single integrated circuit module for implementation. As such, the present invention is not limited to any specific combination of hardware and software.

此外,尽管已经在本文中描述了示例性实施例,其范围包括任何和所有基于本发明的具有等同元件、修改、省略、组合(例如,各种实施例交叉的方案)、改编或改变的实施例。权利要求书中的元件将被基于权利要求中采用的语言宽泛地解释,并不限于在本说明书中或本申请的实施期间所描述的示例,其示例将被解释为非排他性的。因此,本说明书和示例旨在仅被认为是示例,真正的范围和精神由以下权利要求以及其等同物的全部范围所指示。Furthermore, while exemplary embodiments have been described herein, the scope includes any and all implementations based on the present invention having equivalent elements, modifications, omissions, combinations (eg, crossover aspects of various embodiments), adaptations, or changes example. Elements in the claims are to be interpreted broadly based on the language employed in the claims and are not limited to examples described in this specification or during the practice of the application, which examples are to be construed as non-exclusive. It is therefore intended that the specification and examples be considered as illustrations only, with a true scope and spirit being indicated by the following claims, along with their full scope of equivalents.

以上描述旨在是说明性的而不是限制性的。例如,上述示例(或其一个或更多方案)可以彼此组合使用。例如本领域普通技术人员在阅读上述描述时可以使用其它实施例。另外,在上述具体实施方式中,各种特征可以被分组在一起以简单化本发明。这不应解释为一种不要求保护的公开的特征对于任一权利要求是必要的意图。相反,本发明的主题可以少于特定的公开的实施例的全部特征。从而,以下权利要求书作为示例或实施例在此并入具体实施方式中,其中每个权利要求独立地作为单独的实施例,并且考虑这些实施例可以以各种组合或排列彼此组合。本发明的范围应参照所附权利要求以及这些权利要求赋权的等同形式的全部范围来确定。The above description is intended to be illustrative rather than restrictive. For example, the above examples (or one or more aspects thereof) may be used in combination with each other. For example, other embodiments may be used by those of ordinary skill in the art upon reading the above description. Additionally, in the foregoing Detailed Description, various features may be grouped together in order to simplify the present invention. This is not to be interpreted as intending that an unclaimed disclosed feature is essential to any claim. Rather, inventive subject matter may lie in less than all features of a particular disclosed embodiment. Thus, the following claims are hereby incorporated into the detailed description as examples or embodiments, where each claim stands on its own as a separate embodiment, and it is contemplated that these embodiments may be combined with each other in various combinations or permutations. The scope of the invention should be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.

以上对本发明多个实施例进行了详细说明,但本发明不限于这些具体的实施例,本领域技术人员在本发明构思的基础上,能够做出多种变型和修改实施例,这些变型和修改都应落入本发明所要求保护的范围之内。Multiple embodiments of the present invention have been described in detail above, but the present invention is not limited to these specific embodiments. Those skilled in the art can make various variations and modifications on the basis of the concept of the present invention. These variations and modifications All should fall within the scope of protection required by the present invention.

Claims (10)

1.一种邮件处理方法,其特征在于,包括:1. A mail processing method, characterized in that, comprising: 获取预定邮件的唯一标识信息;Obtain unique identification information for scheduled mail; 检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录;Detecting whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database; 在存在所述杀毒扫描记录的情况下,将所述预定地址数据库中所述杀毒扫描记录对应的杀毒扫描结果确定为所述预定邮件的杀毒扫描结果;If the antivirus scan record exists, determine the antivirus scan result corresponding to the antivirus scan record in the predetermined address database as the antivirus scan result of the predetermined email; 根据所述杀毒扫描结果对应的执行策略处理所述预定邮件。The predetermined email is processed according to the execution policy corresponding to the antivirus scanning result. 2.如权利要求1所述的邮件处理方法,其特征在于,在所述检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录之后,还包括:2. The mail processing method according to claim 1, further comprising: 在不存在所述唯一标识信息的情况下,对所述预定邮件进行预定杀毒扫描操作,并记录杀毒扫描结果;In the absence of the unique identification information, perform a predetermined antivirus scanning operation on the predetermined email, and record the antivirus scanning result; 根据所述杀毒扫描结果和所述预定邮件的唯一标识信息生成杀毒扫描记录,并将所述杀毒扫描记录存储至所述预定地址数据库。An antivirus scan record is generated according to the antivirus scan result and the unique identification information of the predetermined email, and the antivirus scan record is stored in the predetermined address database. 3.如权利要求1所述的邮件处理方法,其特征在于,所述根据所述杀毒扫描结果对应的执行策略处理所述预定邮件,具体包括:3. The mail processing method according to claim 1, wherein the processing of the predetermined mail according to the execution policy corresponding to the antivirus scanning result specifically comprises: 在所述杀毒扫描结果为具有病毒的情况下,按照预定杀毒策略处理所述预定邮件;If the antivirus scanning result shows that there is a virus, process the predetermined email according to a predetermined antivirus strategy; 在所述杀毒扫描结果为不具有病毒的情况下,将所述预定邮件转发至目标地址。If the result of the antivirus scanning is that there is no virus, the predetermined email is forwarded to the target address. 4.如权利要求1至3中任一项所述的邮件处理方法,其特征在于,所述检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录,具体包括:4. The mail processing method according to any one of claims 1 to 3, wherein the detecting whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database specifically includes: 检测预定地址数据库中是否存在与所述唯一标识信息相同的唯一标识信息。Detecting whether the same unique identification information as the unique identification information exists in the predetermined address database. 5.一种邮件处理装置,其特征在于,包括:5. A mail processing device, characterized in that, comprising: 获取模块,其配置为获取预定邮件的唯一标识信息;an obtaining module configured to obtain unique identification information of scheduled mail; 检测模块,其配置为检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录;A detection module configured to detect whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database; 确定模块,其配置为在存在所述杀毒扫描记录的情况下,将所述预定地址数据库中所述杀毒扫描记录对应的杀毒扫描结果确定为所述预定邮件的杀毒扫描结果;A determining module, configured to determine the antivirus scan result corresponding to the antivirus scan record in the predetermined address database as the antivirus scan result of the predetermined email if the antivirus scan record exists; 处理模块,其配置为根据所述杀毒扫描结果对应的执行策略处理所述预定邮件。A processing module configured to process the predetermined email according to the execution policy corresponding to the antivirus scanning result. 6.如权利要求5所述的邮件处理装置,其特征在于,所述处理模块还配置为在所述检测预定地址数据库中是否存在与所述唯一标识信息对应的杀毒扫描记录之后,6. The mail processing device according to claim 5, wherein the processing module is further configured to, after detecting whether there is an antivirus scanning record corresponding to the unique identification information in the predetermined address database, 在不存在所述唯一标识信息的情况下,对所述预定邮件进行预定杀毒扫描操作,并记录杀毒扫描结果;In the absence of the unique identification information, perform a predetermined antivirus scanning operation on the predetermined email, and record the antivirus scanning result; 根据所述杀毒扫描结果和所述预定邮件的唯一标识信息生成杀毒扫描记录,并将所述杀毒扫描记录存储至所述预定地址数据库。An antivirus scan record is generated according to the antivirus scan result and the unique identification information of the predetermined email, and the antivirus scan record is stored in the predetermined address database. 7.如权利要求5所述的邮件处理装置,其特征在于,所述处理模块还配置为在所述杀毒扫描结果为具有病毒的情况下,按照预定杀毒策略处理所述预定邮件;7. The mail processing device according to claim 5, wherein the processing module is further configured to process the predetermined mail according to a predetermined anti-virus strategy when the anti-virus scanning result shows that there is a virus; 在所述杀毒扫描结果为不具有病毒的情况下,将所述预定邮件转发至目标地址。If the result of the antivirus scanning is that there is no virus, the predetermined email is forwarded to the target address. 8.如权利要求5至7中任一项所述的邮件处理装置,其特征在于,所述检测模块还配置为检测预定地址数据库中是否存在与所述唯一标识信息相同的唯一标识信息。8. The mail processing device according to any one of claims 5 to 7, wherein the detection module is further configured to detect whether there is unique identification information identical to the unique identification information in the predetermined address database. 9.一种存储介质,存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现权利要求1至4中任一项所述的邮件处理方法的步骤。9. A storage medium storing a computer program, wherein when the computer program is executed by a processor, the steps of the mail processing method according to any one of claims 1 to 4 are realized. 10.一种电子设备,至少包括存储器、处理器,所述存储器上存储有计算机程序,其特征在于,所述处理器在执行所述存储器上的计算机程序时实现权利要求1至4中任一项所述的邮件处理方法的步骤。10. An electronic device, comprising at least a memory and a processor, and a computer program is stored on the memory, wherein the processor implements any one of claims 1 to 4 when executing the computer program on the memory. The steps of the mail processing method described in the item.
CN202310747799.XA 2023-06-21 2023-06-21 A mail processing method, device, storage medium and electronic equipment Pending CN116566939A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310747799.XA CN116566939A (en) 2023-06-21 2023-06-21 A mail processing method, device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310747799.XA CN116566939A (en) 2023-06-21 2023-06-21 A mail processing method, device, storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN116566939A true CN116566939A (en) 2023-08-08

Family

ID=87486317

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310747799.XA Pending CN116566939A (en) 2023-06-21 2023-06-21 A mail processing method, device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN116566939A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040078580A1 (en) * 2002-10-18 2004-04-22 Trend Micro Incorporated Antivirus network system and method for handling electronic mails infected by computer viruses
CN107276878A (en) * 2012-07-16 2017-10-20 迈克菲公司 In a network environment using local policy application enter to rack email message scan
CN108259316A (en) * 2017-03-14 2018-07-06 平安科技(深圳)有限公司 E-mail processing method and device
CN110535757A (en) * 2019-09-10 2019-12-03 四川新网银行股份有限公司 The judgment method of E-mail address scanning behavior

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040078580A1 (en) * 2002-10-18 2004-04-22 Trend Micro Incorporated Antivirus network system and method for handling electronic mails infected by computer viruses
CN107276878A (en) * 2012-07-16 2017-10-20 迈克菲公司 In a network environment using local policy application enter to rack email message scan
CN108259316A (en) * 2017-03-14 2018-07-06 平安科技(深圳)有限公司 E-mail processing method and device
CN110535757A (en) * 2019-09-10 2019-12-03 四川新网银行股份有限公司 The judgment method of E-mail address scanning behavior

Similar Documents

Publication Publication Date Title
US10419478B2 (en) Identifying malicious messages based on received message data of the sender
US8577968B2 (en) Method and system for handling unwanted email messages
EP2036246B1 (en) Systems and methods for identifying potentially malicious messages
US8549642B2 (en) Method and system for using spam e-mail honeypots to identify potential malware containing e-mails
US7950047B2 (en) Reporting on spoofed e-mail
US6701440B1 (en) Method and system for protecting a computer using a remote e-mail scanning device
US8095606B1 (en) Provisioning user email accounts based on incoming emails
US7899870B2 (en) Determination of participation in a malicious software campaign
US20060288418A1 (en) Computer-implemented method with real-time response mechanism for detecting viruses in data transfer on a stream basis
US20130325991A1 (en) Filtering Unsolicited Emails
US20150047028A1 (en) Method, apparatus and system for detecting unwanted digital content delivered to a mail box
US11411990B2 (en) Early detection of potentially-compromised email accounts
EP2044740A2 (en) Method and apparatus for detecting zombie-generated spam
US20060041621A1 (en) Method and system for providing a disposable email address
WO2005119483A2 (en) Method and system for segmentation of a message inbox
US8381262B2 (en) Blocking of spoofed E-mail
CN107733581A (en) Based on the fast Internet assets feature detection method and device under the whole network environment
US20040254990A1 (en) System and method for knock notification to an unsolicited message
CN112511517A (en) Mail detection method, device, equipment and medium
CN108683589B (en) Junk mail detection method and device and electronic equipment
US9092624B2 (en) System, method, and computer program product for conditionally performing a scan on data based on an associated data structure
US20060075099A1 (en) Automatic elimination of viruses and spam
US20250294003A1 (en) Methods for managing spam communication and devices thereof
JP6493606B1 (en) Information processing apparatus, client terminal, control method, and program
JP2018173682A (en) Determination program, determination method, determination apparatus, and information processing system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination