[go: up one dir, main page]

CN104318159A - Server virus killing method, device and system - Google Patents

Server virus killing method, device and system Download PDF

Info

Publication number
CN104318159A
CN104318159A CN201410578896.1A CN201410578896A CN104318159A CN 104318159 A CN104318159 A CN 104318159A CN 201410578896 A CN201410578896 A CN 201410578896A CN 104318159 A CN104318159 A CN 104318159A
Authority
CN
China
Prior art keywords
server
antivirus
operating system
engine
antivirus engine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410578896.1A
Other languages
Chinese (zh)
Inventor
温铭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qianxin Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201410578896.1A priority Critical patent/CN104318159A/en
Publication of CN104318159A publication Critical patent/CN104318159A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Agricultural Chemicals And Associated Chemicals (AREA)

Abstract

本发明公开了一种服务器杀毒的方法、装置及系统,涉及计算机安全领域,为解决在隔离网环境下,无法对安装有Linux操作系统的服务器进行有效的病毒查杀的问题而发明。本发明的方法包括:检测服务器当前运行的Linux操作系统的版本信息;根据所述版本信息获取支持所述Linux操作系统的杀毒引擎;将所述杀毒引擎安装到所述服务器,以使得所述服务器运行所述杀毒引擎进行病毒查杀。本发明主要应用于隔离环境下服务器的病毒查杀过程中。

The invention discloses a server antivirus method, device and system, relates to the field of computer security, and is invented to solve the problem that a server installed with a Linux operating system cannot effectively detect and kill viruses in an isolated network environment. The method of the present invention includes: detecting the version information of the Linux operating system currently running on the server; obtaining an antivirus engine supporting the Linux operating system according to the version information; installing the antivirus engine on the server, so that the server Run the antivirus engine to scan and kill viruses. The invention is mainly applied in the process of checking and killing viruses of servers in an isolated environment.

Description

服务器杀毒的方法、装置及系统Method, device and system for server antivirus

技术领域technical field

本发明涉及计算机安全领域,尤其涉及一种服务器杀毒的方法、装置及系统。The invention relates to the field of computer security, in particular to a server antivirus method, device and system.

背景技术Background technique

杀毒引擎是一套判断特定程序行为是否为病毒或可疑程序的技术机制,而杀毒引擎性能的优劣也直接决定着病毒查杀效果的好坏。The antivirus engine is a set of technical mechanisms to judge whether the behavior of a specific program is a virus or a suspicious program, and the performance of the antivirus engine also directly determines the quality of the virus detection and killing effect.

为了保证服务器的正常运行,可以通过本地杀毒引擎和云引擎两种方式对服务器进行病毒查杀。通过本地杀毒引擎进行病毒查杀是指,在服务器本地安装杀毒引擎,对服务器上的病毒进行查杀;采用云引擎进行病毒查杀是指,利用安装在远端服务器上的杀毒引擎对服务器进行病毒查杀。In order to ensure the normal operation of the server, virus detection and killing can be performed on the server through the local antivirus engine and the cloud engine. Using a local antivirus engine to scan and kill viruses means installing an antivirus engine locally on the server to scan and kill viruses on the server; using a cloud engine to scan and kill viruses means using an antivirus engine installed on a remote server to scan and kill viruses on the server Virus killing.

现有技术中,针对安装Windows操作系统的服务器,可以进行云引擎和本地杀毒引擎进行病毒查杀,而对于安装有Linux操作系统的服务器(例如邮件服务器、文件服务器等),则通常使用云引擎进行病毒查杀。在隔离网环境下,由于网络内外的数据交互存在物理隔离,隔离网内部的云引擎无法通过外网对病毒样本库进行更新,因此云引擎的病毒查杀率较低,无法对安装Linux操作系统的服务器进行有效的病毒查杀。In prior art, for the server that Windows operating system is installed, can carry out cloud engine and local antivirus engine to carry out virus killing, and for the server (for example mail server, file server etc.) that is installed with Linux operating system, then usually use cloud engine Perform a virus scan. In the isolated network environment, due to the physical isolation of data interaction inside and outside the network, the cloud engine inside the isolated network cannot update the virus sample database through the external network. Effective virus scanning and killing of the server.

发明内容Contents of the invention

鉴于上述问题,本发明提供了一种服务器杀毒的方法、装置及系统,用于解决在隔离网环境下,无法对安装有Linux操作系统的服务器进行有效的病毒查杀的问题。In view of the above problems, the present invention provides a server antivirus method, device and system, which are used to solve the problem that the server installed with the Linux operating system cannot effectively detect and kill viruses in an isolated network environment.

为达到上述目的,本发明主要提供如下技术方案:In order to achieve the above object, the present invention mainly provides the following technical solutions:

第一方面,本发明实施例提供了一种服务器杀毒的方法,该方法包括:In the first aspect, the embodiment of the present invention provides a method for server antivirus, the method comprising:

检测服务器当前运行的Linux操作系统的版本信息;Detect the version information of the Linux operating system currently running on the server;

根据版本信息获取支持所述Linux操作系统的杀毒引擎;Obtain an antivirus engine supporting the Linux operating system according to the version information;

将杀毒引擎安装到所述服务器,以使得服务器运行杀毒引擎进行病毒查杀。An anti-virus engine is installed on the server, so that the server runs the anti-virus engine to scan and kill viruses.

第二方面,本发明实施例还提供了一种服务器杀毒的装置,该装置包括:In the second aspect, the embodiment of the present invention also provides a server antivirus device, the device comprising:

检测单元,用于检测服务器当前运行的Linux操作系统的版本信息;The detection unit is used to detect the version information of the Linux operating system currently running on the server;

获取单元,用于根据检测单元检测到的版本信息获取支持Linux操作系统的杀毒引擎;An acquisition unit, configured to acquire an antivirus engine supporting the Linux operating system according to the version information detected by the detection unit;

安装单元,用于将获取单元获取到的杀毒引擎安装到服务器,以使得所述服务器运行所述杀毒引擎进行病毒查杀。The installation unit is configured to install the antivirus engine obtained by the acquisition unit on the server, so that the server runs the antivirus engine to perform virus scanning and killing.

第三方面,本发明实施例又提供了一种服务器杀毒的系统,该系统包括:病毒服务器和应用服务器,其中,病毒服务器包括如前述第二方面所述的装置;In the third aspect, the embodiment of the present invention further provides a server antivirus system, the system includes: a virus server and an application server, wherein the virus server includes the device as described in the aforementioned second aspect;

所述病毒服务器,用于检测当前运行的Linux操作系统的版本信息;根据所述版本信息获取支持所述Linux操作系统的杀毒引擎;将所述杀毒引擎发送给所述应用服务器;The virus server is used to detect the version information of the currently running Linux operating system; obtain an antivirus engine supporting the Linux operating system according to the version information; send the antivirus engine to the application server;

所述应用服务器,用于接收并安装所述杀毒引擎,运行所述杀毒引擎进行病毒查杀。The application server is configured to receive and install the antivirus engine, and run the antivirus engine to scan and kill viruses.

借由上述技术方案,本发明提供的服务器杀毒的方法、装置及系统,在隔离网环境下,通过检测服务器当前运行的Linux操作系统的版本信息,根据该版本信息获取支持该Linux操作系统杀毒引擎,并且将获得到的杀毒引擎安装到服务器中,以便于服务器可以利用杀毒引擎进行病毒查杀。与现有技术相比,本发明通过在运行Linux操作系统的服务器上安装支持杀毒引擎,利用杀毒引擎对服务器中的病毒进行查杀,在很大程度上提高了服务器的查杀效率,从而避免了现有技术中由于隔离网的作用,导致云引擎不能对服务器有效的进行病毒查杀的问题。By means of the above-mentioned technical solution, the server antivirus method, device and system provided by the present invention, in the isolated network environment, by detecting the version information of the Linux operating system currently running on the server, obtain the antivirus engine supporting the Linux operating system according to the version information. , and install the obtained antivirus engine into the server, so that the server can use the antivirus engine to scan and kill viruses. Compared with the prior art, the present invention supports the virus-killing engine installed on the server running the Linux operating system, utilizes the virus-killing engine to check and kill the virus in the server, improves the checking and killing efficiency of the server to a large extent, thereby avoiding This solves the problem in the prior art that the cloud engine cannot effectively scan and kill viruses on the server due to the effect of the isolation network.

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same parts. In the attached picture:

图1示出了本发明实施例中提供的一种服务器杀毒的方法流程图;FIG. 1 shows a flow chart of a server antivirus method provided in an embodiment of the present invention;

图2示出了本发明实施例中提供的一种服务器杀毒的装置结构示意图;FIG. 2 shows a schematic structural diagram of a server antivirus device provided in an embodiment of the present invention;

图3示出了本发明实施例中提供的另一种服务器杀毒的装置结构示意图;FIG. 3 shows a schematic structural diagram of another server antivirus device provided in an embodiment of the present invention;

图4示出了本发明实施例中提供的一种服务器杀毒的系统示意图;FIG. 4 shows a schematic diagram of a server antivirus system provided in an embodiment of the present invention;

图5示出了本发明应用实施例中提供的一种服务器杀毒的系统示意图。FIG. 5 shows a schematic diagram of a server antivirus system provided in an application embodiment of the present invention.

具体实施方式Detailed ways

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

操作系统(Operating System,简称OS)是管理和控制计算机硬件与软件资源的计算机程序,是直接运行在“裸机”上的最基本的系统软件,任何其他软件都必须在操作系统的支持下才能运行。目前,应用服务器常用的操作系统为Linux操作系统。其中,应用服务器包括:邮件服务器、文件服务器等。The operating system (Operating System, referred to as OS) is a computer program that manages and controls computer hardware and software resources. It is the most basic system software that runs directly on the "bare metal". Any other software must be supported by the operating system to run. . Currently, the operating system commonly used by application servers is the Linux operating system. Wherein, the application server includes: a mail server, a file server, and the like.

实际应用当中,应用服务器的数量一般为多个,为了对应用服务器进行有效的安全防护,可以在应用服务器的上层设置病毒服务器,该病毒服务器可以下发支持应用服务器当前运行操作系统的杀毒引擎,以使得应用服务器可以安装并启动该杀毒引擎进行病毒查杀。In practical applications, the number of application servers is generally multiple. In order to effectively protect the application server, a virus server can be installed on the upper layer of the application server. The virus server can issue an antivirus engine that supports the operating system currently running on the application server. So that the application server can install and start the antivirus engine to perform virus scanning and killing.

为了解决解决在隔离网环境下,无法对安装有Linux操作系统的服务器进行有效的病毒查杀的问题,本发明实施例提供了一种服务器杀毒的方法,如图1所示,该方法包括:In order to solve the problem that under the isolated network environment, the server with the Linux operating system cannot be effectively checked and killed, the embodiment of the present invention provides a method for server virus killing, as shown in Figure 1, the method includes:

步骤101,检测服务器当前运行的Linux操作系统的版本信息。Step 101, detecting the version information of the Linux operating system currently running on the server.

实施例中,Linux是一套免费使用和自由传播的类Unix操作系统,是一个基于POSIX(Portable Operating System Interface,可移植操作系统接口)和UNIX的多用户、多任务、支持多线程和多CPU的操作系统。它能运行主要的UNIX工具软件、应用程序和网络协议。它支持32位和64位硬件。Linux继承了Unix以网络为核心的设计思想,是一个性能稳定的多用户网络操作系统。随着Linux的不断升级,Linux本身有一系列的更新版本。另外,为了满足不同用户的需求,许多厂家基于Linux内核开发了许多Linux操作系统的版本,比较常用的Linux操作系统,包括:乌班图Ubuntu、社区企业操作系统CentOS和红帽CentOS操作系统,另外,还有如红旗Linux、Linux Mint、Debian等等,这里不再一一列举,下面就Ubuntu进行简单介绍。In an embodiment, Linux is a set of Unix-like operating systems for free use and free dissemination, and is a multi-user, multi-tasking, multi-threading and multi-CPU based on POSIX (Portable Operating System Interface, Portable Operating System Interface) and UNIX operating system. It can run major UNIX utility software, application programs and network protocols. It supports 32-bit and 64-bit hardware. Linux inherits Unix's network-centric design idea and is a multi-user network operating system with stable performance. With the continuous upgrading of Linux, Linux itself has a series of updated versions. In addition, in order to meet the needs of different users, many manufacturers have developed versions of many Linux operating systems based on the Linux kernel. The more commonly used Linux operating systems include: Ubuntu, community enterprise operating systems CentOS, and Red Hat CentOS operating systems. , as well as Red Flag Linux, Linux Mint, Debian, etc., which will not be listed one by one here, but a brief introduction to Ubuntu below.

实施例中所指的Linux操作系统的版本信息,除了包括如Ubuntu、CentOS及CentOS等操作系统信息的信息以外,还可以包括每种Linux操作系统的不同更新版本信息,例如Ubuntu 1.1.0、Ubuntu 1.1.1等。The version information of the Linux operating system referred to in the embodiment, in addition to including information such as operating system information such as Ubuntu, CentOS and CentOS, can also include different update version information of each kind of Linux operating system, such as Ubuntu 1.1.0, Ubuntu 1.1.1 etc.

实施例中,病毒服务器检测应用服务器当前运行的Linux操作系统的版本信息,应用服务器需要处于运行状态,首先病毒服务器检测应用服务器当前运行的操作系统是否为Linux操作系统,如果应用服务器当前运行的操作系统是Linux操作系统,则对该Linux操作系统的具体版本信息进行检测,并将得到的检测信息进行保存。在另一个应用场景中,本发明实施例提供的服务器杀毒的方法还可以应用到其他安装的非Linux操作系统的服务器中。In the embodiment, the virus server detects the version information of the Linux operating system currently running on the application server, and the application server needs to be in a running state. If the system is a Linux operating system, the specific version information of the Linux operating system is detected, and the obtained detection information is saved. In another application scenario, the server antivirus method provided by the embodiment of the present invention can also be applied to other servers with non-Linux operating systems installed.

步骤102,根据Linux操作系统的版本信息获取支持该Linux操作系统的杀毒引擎。Step 102, acquire an antivirus engine supporting the Linux operating system according to the version information of the Linux operating system.

实施例中,根据上述步骤101可以获知,Linux操作系统包括很多的类别及版本型号,而杀毒引擎也包括许多种,如人工智能引擎QVM(QihooSupport Vector Machine,奇虎支持向量机)、启发式杀毒引擎AVE及小红伞Avira AntiVir等等。由于Linux操作系统的种类较多,而杀毒引擎的种类也有多种,而不同的杀毒引擎并不一定支持所有的Linux操作系统。因此,当病毒服务器检测到应用服务器当前运行的Linux操作系统的版本信息后,需要查找支持该Linux操作系统的杀毒引擎。In the embodiment, according to the above-mentioned step 101, it can be known that the Linux operating system includes many categories and version models, and the antivirus engine also includes many kinds, such as artificial intelligence engine QVM (QihooSupport Vector Machine, Qihoo Support Vector Machine), heuristic antivirus Engine AVE and Little Red Umbrella Avira AntiVir and so on. Since there are many types of Linux operating systems, there are also many types of antivirus engines, and different antivirus engines do not necessarily support all Linux operating systems. Therefore, when the virus server detects the version information of the Linux operating system currently running on the application server, it needs to search for an antivirus engine that supports the Linux operating system.

步骤103,将获取到的支持Linux操作系统的杀毒引擎安装到服务器,以使得该服务器运行该杀毒引擎进行病毒查杀。Step 103, installing the obtained antivirus engine supporting the Linux operating system on the server, so that the server runs the antivirus engine to scan and kill viruses.

实施例中,当病毒服务器获取应用服务器当前运行的Linux操作系统的版本信息,并且根据该版本信息查找到对应支持该Linux操作系统的杀毒引擎后,病毒服务器将该杀毒引擎下发给应用服务器,应用服务器接收到该杀毒引擎后,对该杀毒引擎进行安装和启动,杀毒引擎启动后对应用服务器进行病毒查杀。In an embodiment, when the virus server obtains the version information of the Linux operating system currently running on the application server, and finds the antivirus engine corresponding to the Linux operating system according to the version information, the virus server sends the antivirus engine to the application server, After the application server receives the anti-virus engine, it installs and starts the anti-virus engine, and after the anti-virus engine starts, it scans and kills viruses on the application server.

具体的,本发明实施例主要应用于隔离网的环境中,在隔离网的环境中,一般部署有私有云,可以将所需的不同类型的杀毒引擎存放到私有云的病毒服务器当中,当应用服务器获取到支持当前运行的Linux操作系统的杀毒引擎后,应用服务器可以发送请求信息给私有云。其中,请求信息包括杀毒引擎的类型信息等信息,实施例中可以将私有云中病毒服务器中的所有杀毒引擎进行编号,当检测到应用服务器当前运行的Linux操作系统版本信息,并且应用服务器获取到支持该Linux操作系统的杀毒引擎后,应用服务器可以将该杀毒引擎的版本类型信息转换为请求信息发送给私有云。根据实际应用,请求信息还可以包含其他的信息,如请求私有云下发杀毒引擎的时间、方式等信息。当病毒服务器接收到应用服务器发送的请求信息后,病毒服务器会对该请求信息进行解析,按照解析结果病毒服务器将应用服务器所需的杀毒引擎下发给应用服务器。其下发时机可以是:病毒服务器立即下发给应用服务器、还可以在特定时间下发给应用服务器、或者在网络空闲时间下发给应用服务器等等。其下发方式可以是,应用服务器可以通过下载工具下载病毒服务器下发的杀毒引擎,病毒服务器也可以直接发送给应用服务器等。另外,上述应用服务器发送给病毒服务器中的请求信息还可以包含所需杀毒引擎的数量信息,其杀毒引擎的数量可以是一个,还可以是多个。当应用服务器获得支持当前运行Linux操作系统的杀毒引擎后,将该杀毒引擎安装到该服务器中,并且服务器运行该杀毒引擎进行病毒查杀。Specifically, the embodiment of the present invention is mainly applied in an isolated network environment. In an isolated network environment, a private cloud is generally deployed, and the required antivirus engines of different types can be stored in the virus server of the private cloud. When the application After the server obtains the antivirus engine supporting the currently running Linux operating system, the application server can send request information to the private cloud. Wherein, the request information includes information such as the type information of the antivirus engine. In the embodiment, all antivirus engines in the virus server in the private cloud can be numbered. When the version information of the Linux operating system currently running on the application server is detected, and the application server obtains After supporting the antivirus engine of the Linux operating system, the application server can convert the version type information of the antivirus engine into request information and send it to the private cloud. According to the actual application, the request information may also include other information, such as the time and method of requesting the private cloud to deliver the antivirus engine. After the virus server receives the request information sent by the application server, the virus server will analyze the request information, and send the antivirus engine required by the application server to the application server according to the analysis result. The sending timing can be: the virus server sends it to the application server immediately, it can also send it to the application server at a specific time, or it can send it to the application server when the network is idle, and so on. The distribution method may be that the application server may download the antivirus engine delivered by the virus server through a download tool, or the virus server may directly send it to the application server. In addition, the request information sent by the application server to the virus server may also include information on the number of required antivirus engines, and the number of antivirus engines may be one or multiple. After the application server obtains an antivirus engine supporting the current running Linux operating system, the antivirus engine is installed in the server, and the server runs the antivirus engine to perform virus scanning and killing.

本发明实施例中提供的服务器杀毒的方法,在隔离网环境下,通过检测服务器当前运行的Linux操作系统的版本信息,根据该版本信息获取支持该Linux操作系统杀毒引擎,并且将获得到的杀毒引擎安装到服务器中,以便于服务器可以利用杀毒引擎进行病毒查杀。与现有技术相比,本发明通过在运行Linux操作系统的服务器上安装支持该Linux操作系统的杀毒引擎,利用该杀毒引擎对服务器中的病毒进行查杀,避免了隔离网内部的云引擎无法通过外网对病毒样本库进行更新,进而导致云引擎的病毒查杀率较低,无法对安装Linux操作系统的服务器进行有效的进行病毒查杀的问题。In the server antivirus method provided in the embodiment of the present invention, in an isolated network environment, by detecting the version information of the Linux operating system currently running on the server, the antivirus engine supporting the Linux operating system is acquired according to the version information, and the obtained antivirus engine is obtained. The antivirus engine is installed in the server so that the server can use the antivirus engine to scan and kill viruses. Compared with the prior art, the present invention installs the antivirus engine supporting the Linux operating system on the server running the Linux operating system, utilizes the antivirus engine to check and kill the virus in the server, and avoids the inability of the cloud engine inside the isolated network to The virus sample library is updated through the external network, which leads to the low virus detection and killing rate of the cloud engine, and the problem that the virus detection and killing of the server installed with the Linux operating system cannot be carried out effectively.

进一步的,作为对图1方法的细化,在本发明的另一实施例中,在服务器根据检测得到的版本信息获取支持Linux操作系统的杀毒引擎之前,还包括:建立Linux操作系统的版本信息与支持该Linux操作系统之间的映射表。Further, as a refinement of the method in Figure 1, in another embodiment of the present invention, before the server obtains the antivirus engine supporting the Linux operating system according to the detected version information, it also includes: establishing the version information of the Linux operating system The mapping table between the supported Linux operating system.

具体的,如上所述,Linux操作系统的版本信息包括:Ubuntu、CentOS和RedHat等操作系统的信息,另外,该版本信息还包括每一个Linux操作系统的更新版本,例如:Ubuntu操作系统的更新版本包括:13.10、14.04LTS等等。杀毒引擎包括:QVM、AVE及Avira AntiVir等等。Specifically, as mentioned above, the version information of the Linux operating system includes information on operating systems such as Ubuntu, CentOS, and RedHat. In addition, the version information also includes an updated version of each Linux operating system, such as: an updated version of the Ubuntu operating system Including: 13.10, 14.04LTS, etc. Antivirus engines include: QVM, AVE, Avira AntiVir, etc.

实施例中,由于每一个杀毒引擎支持的Linux操作系统版本不一样,因此,需要将杀毒引擎与Linux操作系统建立关系映射表。当病毒服务器检测到应用服务器当前运行Linux操作系统的版本信息后,通过查找关系映射表,可以迅速的查找支持该Linux操作系统的杀毒引擎。例如:QVM和AVE分别支持Ubuntu、CentOS和RedHat操作系统,将QVM和AVE分别与Ubuntu、CentOS和RedHat建立关系映射,写入到关系映射表中。那么,病毒服务器通过查找关系映射表,就可以知道QVM和AVE分别支持Ubuntu、CentOS和RedHat操作系统。示例性的:当病毒服务器检测到应用服务器当前运行的操作系统为Ubuntu、CentOS或RedHat时,病毒服务器将QVM和AVE下发给应用服务器,应用服务器接收并将QVM和/或AVE安装到本地,并且运行QVM和/或AVE进行病毒查杀。In the embodiment, since each antivirus engine supports a different version of the Linux operating system, it is necessary to establish a relationship mapping table between the antivirus engine and the Linux operating system. After the virus server detects the version information of the Linux operating system currently running on the application server, it can quickly find the antivirus engine supporting the Linux operating system by searching the relational mapping table. For example: QVM and AVE respectively support Ubuntu, CentOS and RedHat operating systems, and QVM and AVE respectively establish relationship mapping with Ubuntu, CentOS and RedHat, and write them into the relationship mapping table. Then, the virus server can know that QVM and AVE support Ubuntu, CentOS and RedHat operating systems respectively by looking up the relational mapping table. Exemplary: when the virus server detects that the operating system currently running on the application server is Ubuntu, CentOS or RedHat, the virus server sends QVM and AVE to the application server, and the application server receives and installs QVM and/or AVE locally, And run QVM and/or AVE to scan and kill viruses.

进一步的,当病毒服务器根据检测到当前运行的Linux操作系统的版本信息,病毒服务器根据该版本信息获得支持该Linux操作系统的杀毒引擎数量至少为两个时,那么病毒服务器可以将这些支持Linux操作系统的杀毒引擎都下发给应用服务器,应用服务器接收这些杀毒引擎之后,将这些杀毒引擎安装到服务器上(或者只安装其中的几个),进行多引擎杀毒。Further, when the virus server detects the version information of the currently running Linux operating system, and the virus server obtains at least two antivirus engines that support the Linux operating system according to the version information, then the virus server can use these to support Linux operations. The antivirus engines of the system are all sent to the application server, and after the application server receives these antivirus engines, these antivirus engines are installed on the server (or only a few of them are installed) to perform multi-engine antivirus.

具体的,对应用服务器多引擎杀毒可以是多个杀毒引擎同时对应用服务器进行病毒查杀,或者多个杀毒引擎依次对应用服务器进行病毒查杀,又或者将前面的杀毒引擎的查杀结果发送给后一个杀毒引擎,后一个杀毒引擎根据前一个杀毒引擎的查杀结果进行病毒查杀。Specifically, the multi-engine antivirus for the application server may be that multiple antivirus engines perform virus inspection and killing on the application server at the same time, or multiple antivirus engines sequentially perform virus inspection and killing on the application server, or send the results of the previous antivirus engines. Give the latter antivirus engine, and the latter antivirus engine performs virus inspection and killing according to the results of the previous antivirus engine.

首先,应用服务器多引擎杀毒可以是多个杀毒引擎同时对服务器进行病毒查杀。其中,每一个杀毒引擎相对其他杀毒引擎来说是独立运行的,相互不影响。当所有的杀毒引擎将应用服务器上的文件进行病毒查杀完成后,将查杀结果发送给应用服务器,应用服务器可以将上述杀毒引擎的杀毒结果进行分析。例如:可以将上述得到的查杀结果中包含的相同信息,如查找出的病毒、感染文件等进行再次的确认,以判断该查杀结果是否正确;应用服务器还可以将不同杀毒引擎得到的查杀结果中相异部分进行再次的分析,以最终确认出病毒、或感染文件。First of all, the multi-engine anti-virus of the application server can be that multiple anti-virus engines perform virus scanning and killing on the server at the same time. Wherein, each antivirus engine operates independently relative to other antivirus engines and does not affect each other. After all the antivirus engines have finished virus scanning and killing the files on the application server, they send the results of the virus checking to the application server, and the application server can analyze the antivirus results of the above antivirus engines. For example: the same information contained in the killing results obtained above, such as the viruses and infected files found out, can be reconfirmed to determine whether the killing results are correct; Analyze the different parts of the killing results again to finally confirm the virus or infected files.

其次,应用服务器将多个杀毒引擎依次对服务器本地进行病毒查杀。这种方式的多杀毒引擎查杀方式可以用在,当第一个杀毒引擎得到的查杀结果时,如包含多个病毒或感染文件时,或者查到的病毒为危险病毒(如感染率很高等),又或者查杀结果中查到的感染文件为重要文件时,可以依次启动其他杀毒引擎对应用服务器进行再次的病毒查杀。当第一个或者中间某个杀毒引擎得到的查杀结果中没有查到病毒或感染文件时,终止本次病毒查杀。在实施例中的另一个应用场景中,还可以是当第一个或前面一个杀毒引擎得到的查杀结果中不包含病毒或感染文件时,为了防止漏查杀,可以启动后面的杀毒引擎进行查杀,当连续有两个(或更多个)杀毒引擎的查杀结果中不包含病毒或感染文件时,终止本次病毒查杀。Secondly, the application server uses multiple antivirus engines to scan and kill viruses locally on the server in turn. The multi-antivirus engine checking and killing method in this way can be used when the first antivirus engine gets the killing result, such as when it contains multiple viruses or infected files, or the virus found is a dangerous virus (such as a very high infection rate). Advanced), or when the infected file found in the killing result is an important file, other antivirus engines can be started in turn to perform another virus killing on the application server. When no virus or infected file is found in the killing result obtained by the first or an antivirus engine in the middle, the virus killing is terminated. In another application scenario in the embodiment, it can also be that when the killing result obtained by the first or the previous antivirus engine does not contain viruses or infected files, in order to prevent missed killing, the following antivirus engine can be started to perform Scanning and killing, when there are two (or more) anti-virus engines in a row that the results of scanning and killing do not contain viruses or infected files, terminate this virus scanning and killing.

最后,将前面的杀毒引擎的查杀结果发送给后一个杀毒引擎,后一个杀毒引擎根据前一个杀毒引擎的查杀结果进行病毒查杀。这种多引擎的查杀方式中,多个杀毒引擎也是依次对应用服务器进行病毒查杀,当前一个杀毒引擎对应用服务器查杀完成后,得到查杀结果。其中,该查杀结果一般应当包含两部分内容,一是确定出一部分文件不包含病毒或感染文件的确定信息,一是不确定剩下的文件中是否包含病毒或感染文件的疑似信息。为了提高查杀效率,后一个杀毒引擎可以直接针对上一个杀毒引擎中得到的疑似信息部分进行查杀,即对不确定的那部分中是否包含病毒或感染文件的文件进行查杀,最终确定出查杀结果。Finally, the anti-virus results of the preceding anti-virus engine are sent to the latter anti-virus engine, and the latter anti-virus engine performs virus inspection and killing according to the anti-virus results of the previous anti-virus engine. In this multi-engine scanning method, multiple antivirus engines also perform virus scanning on the application server in sequence. After the current antivirus engine completes the scanning and killing on the application server, the scanning result is obtained. Wherein, the killing result should generally include two parts, one is to confirm that some files do not contain virus or confirmed information of infected files, and the other is to determine whether the remaining files contain suspected information of viruses or infected files. In order to improve the efficiency of checking and killing, the latter antivirus engine can directly check and kill the suspected information part obtained in the previous antivirus engine, that is, check and kill the files that are not sure whether there are viruses or infected files in the part, and finally determine the Kill the results.

进一步的,当服务器根据检测到当前运行的Linux操作系统的版本信息,获得支持该Linux操作系统的杀毒引擎数量至少为两个时,选择优先级最高的杀毒引擎进行杀毒。Further, when the server obtains at least two antivirus engines supporting the Linux operating system according to the detected version information of the currently running Linux operating system, the antivirus engine with the highest priority is selected for antivirus.

具体的,首先可以设置杀毒引擎的优先级关系,如可以根据杀毒引擎的查杀率等参数对杀毒引擎进行优先级排序。当病毒服务器获得支持应用服务器当前运行的Linux操作系统的杀毒引擎数量至少为两个时,病毒服务器将这些杀毒引擎下发给应用服务器,应用服务器可以选择支持本应用服务器优先级最高的杀毒引擎进行安装,以便该应用服务器运行所述优先级最高的杀毒引擎进行病毒查杀,这样可以更有效的对服务器进行病毒查杀。Specifically, firstly, the priority relationship of the antivirus engines may be set, for example, the priority of the antivirus engines may be sorted according to parameters such as the detection rate of the antivirus engines. When the virus server obtains at least two antivirus engines that support the Linux operating system currently running on the application server, the virus server sends these antivirus engines to the application server, and the application server can choose the antivirus engine that supports the application server with the highest priority. installed, so that the application server runs the antivirus engine with the highest priority to scan and kill viruses, which can more effectively scan and kill viruses on the server.

进一步的,在病毒服务器检测应用服务器当前运行的Linux操作系统的版本信息之前,还可以首先通过云引擎对服务器进行病毒查杀。云引擎一般是通过不断更新病毒库,将应用服务器中的程序与比病毒库中的病毒样本进行匹配,当匹配度大于阈值时,判断出该程序为病毒。由于隔离网的存在,云引擎无法及时有效的与互联网进行数据交互,以更新病毒库,因此云引擎很可能会漏查病毒。而本发明实施例中所涉及到的杀毒引擎,可以通过如启发式杀毒等方式进行杀毒,可以不依赖与病毒库的更新,很大程度上提高了病毒的查杀效率。其中,启发式杀毒是指,在对程序进行扫描时,依靠分析程序的行为来查杀病毒。Further, before the virus server detects the version information of the Linux operating system currently running on the application server, it may also firstly perform virus scanning and killing on the server through the cloud engine. Generally, the cloud engine matches the program in the application server with the virus sample in the virus database by constantly updating the virus database. When the matching degree is greater than the threshold, it is judged that the program is a virus. Due to the existence of the isolation network, the cloud engine cannot exchange data with the Internet in a timely and effective manner to update the virus database, so the cloud engine is likely to miss viruses. However, the anti-virus engine involved in the embodiment of the present invention can perform anti-virus through methods such as heuristic anti-virus, and can not rely on the update of the virus database, which greatly improves the efficiency of virus detection and killing. Wherein, the heuristic antivirus refers to detecting and killing viruses by analyzing the behavior of the program when scanning the program.

本发明实施例中提供的服务器杀毒的方法,在隔离网环境下,通过检测服务器当前运行的Linux操作系统的版本信息,根据该版本信息获取支持该Linux操作系统杀毒引擎,并且将获得到的杀毒引擎安装到服务器中,以便于服务器可以利用杀毒引擎进行病毒查杀。与现有技术相比,本发明通过在运行Linux操作系统的服务器上安装支持该Linux操作系统的杀毒引擎,利用杀毒引擎对服务器中的病毒进行查杀,避免了隔离网内部的云引擎无法通过外网对病毒样本库进行更新,进而导致云引擎的病毒查杀率较低,无法对安装Linux操作系统的服务器进行有效的进行病毒查杀的问题。In the server antivirus method provided in the embodiment of the present invention, in an isolated network environment, by detecting the version information of the Linux operating system currently running on the server, the antivirus engine supporting the Linux operating system is acquired according to the version information, and the obtained antivirus engine is obtained. The antivirus engine is installed in the server so that the server can use the antivirus engine to scan and kill viruses. Compared with the prior art, the present invention installs the anti-virus engine supporting the Linux operating system on the server running the Linux operating system, utilizes the anti-virus engine to check and kill the virus in the server, and avoids the cloud engine inside the isolated network from being unable to pass through. The virus sample library is updated on the external network, which leads to the low virus detection and killing rate of the cloud engine, and the problem that the virus detection and killing of the server installed with the Linux operating system cannot be carried out effectively.

此外,本发明实施例中提供的服务器杀毒的方法,当服务器检测到有多个杀毒引擎支持当前运行的Linux操作系统时,可以将这些杀毒引擎都安装或部分安装到服务器上,对服务器进行多引擎杀毒;服务器还可以选择优先级最高的杀毒引擎,将该杀毒引擎安装到服务器上进行病毒查杀。另外,还可以在检测服务器当前运行的Linux操作系统的版本信息之前,首先利用云引擎对服务器进行病毒查杀。通过本发明实施例中提供的服务器杀毒的方法,可以对服务器进行高效的病毒查杀。In addition, in the server anti-virus method provided in the embodiment of the present invention, when the server detects that there are multiple anti-virus engines supporting the currently running Linux operating system, all or part of these anti-virus engines can be installed on the server, and multiple anti-virus engines can be installed on the server. Engine antivirus; the server can also select the antivirus engine with the highest priority, and install the antivirus engine on the server to perform virus inspection and killing. In addition, before detecting the version information of the Linux operating system currently running on the server, the cloud engine may be used to scan and kill viruses on the server. Through the server antivirus method provided in the embodiment of the present invention, efficient virus inspection and antivirus can be performed on the server.

以上各方法实施例是以病毒服务器为应用服务器配置杀毒引擎为例进行的说明,实际应用中,也可以将应用服务器所需的杀毒引擎保存到应用服务器内部的存储空间中。上述检测操作系统版本、获取对应杀毒引擎等步骤也可以由应用服务器进行执行。当检测到当前运行的Linux操作系统的版本信息,并且获取到支持该Linux操作系统的杀毒引擎后,应用服务器从存放杀毒引擎的空间中查找所需的杀毒引擎,当找到支持当前Linux操作系统的杀毒引擎后,应用服务器安装该杀毒引擎并运行该杀毒引擎进行病毒查杀。进一步的,作为对上述各实施例的实现,本发明实施例还提供了一种服务器杀毒的装置,该装置位于服务器中,通过检测服务器当前运行的Linux操作系统的版本信息,根据版本信息获取支持该Linux操作系统杀毒引擎,并且将获得到的杀毒引擎安装到服务器中,使得服务器可以利用杀毒引擎进行病毒查杀,如图2所示,该装置包括:检测单元10、获取单元20和安装单元30。The above embodiments of the methods are described by taking the virus server as an example to configure the antivirus engine for the application server. In practical applications, the antivirus engine required by the application server may also be stored in the internal storage space of the application server. The above steps of detecting the version of the operating system and obtaining the corresponding antivirus engine may also be performed by the application server. After detecting the version information of the currently running Linux operating system and obtaining the antivirus engine supporting the Linux operating system, the application server searches for the required antivirus engine from the storage space for the antivirus engine. After the antivirus engine is installed, the application server installs the antivirus engine and runs the antivirus engine to scan and kill viruses. Further, as the implementation of the above-mentioned embodiments, the embodiment of the present invention also provides a server antivirus device, the device is located in the server, by detecting the version information of the Linux operating system currently running on the server, according to the version information to obtain support The antivirus engine of the Linux operating system, and the obtained antivirus engine is installed in the server, so that the server can utilize the antivirus engine to carry out virus inspection and killing, as shown in Figure 2, the device includes: detection unit 10, acquisition unit 20 and installation unit 30.

检测单元10,用于检测服务器当前运行的Linux操作系统的版本信息;The detection unit 10 is used to detect the version information of the Linux operating system currently running on the server;

获取单元20,用于根据检测单元10检测到的版本信息获取支持Linux操作系统的杀毒引擎;Acquisition unit 20, for obtaining the antivirus engine supporting Linux operating system according to the version information detected by detection unit 10;

安装单元30,用于将获取单元20获取到的杀毒引擎安装到服务器,以使得服务器运行杀毒引擎进行病毒查杀。The installation unit 30 is configured to install the antivirus engine acquired by the acquisition unit 20 on the server, so that the server runs the antivirus engine to scan and kill viruses.

需要说明的是,服务器可以通过获取单元20从病毒服务器中获取所需的杀毒引擎,还可以从本地的存储空间中获取所需的杀毒引擎。It should be noted that the server can obtain the required antivirus engine from the virus server through the obtaining unit 20, and can also obtain the required antivirus engine from the local storage space.

进一步的,如图3所示,获取单元20,还包括:Further, as shown in FIG. 3, the acquiring unit 20 also includes:

映射模块21,用于建立检测单元10检测到的Linux操作系统的版本信息与杀毒引擎之间的关系映射表,其中,关系映射表包括Linux操作系统的版本信息与杀毒引擎之间的对应关系。The mapping module 21 is used to establish a relationship mapping table between the version information of the Linux operating system detected by the detection unit 10 and the antivirus engine, wherein the relationship mapping table includes the corresponding relationship between the version information of the Linux operating system and the antivirus engine.

获取模块22,用于根据映射模块21建立的关系映射表获取支持所述Linux操作系统的杀毒引擎。The acquiring module 22 is configured to acquire the antivirus engine supporting the Linux operating system according to the relational mapping table established by the mapping module 21 .

进一步的,如图3所示,安装单元30还包括:设置模块31、选择模块32和安装模块33;Further, as shown in FIG. 3 , the installation unit 30 also includes: a setting module 31 , a selection module 32 and an installation module 33 ;

设置模块31,用于设置获取单元20获取到的杀毒引擎之间的优先级关系;A setting module 31, configured to set the priority relationship between the antivirus engines acquired by the acquisition unit 20;

选择模块32,用于根据设置模块31设置的优先级关系确定出支持服务器优先级最高的杀毒引擎;The selection module 32 is used to determine the antivirus engine that supports the highest server priority according to the priority relationship set by the setting module 31;

安装模块33,用于将选择模块31确定出的优先级最高的杀毒引擎安装到服务器,以使得服务器运行优先级最高的杀毒引擎进行病毒查杀。The installation module 33 is configured to install the antivirus engine with the highest priority determined by the selection module 31 on the server, so that the server runs the antivirus engine with the highest priority to scan and kill viruses.

进一步的,如图3所示,本发明实施例中提供的服务器杀毒的装置还包括:云引擎杀毒单元40;Further, as shown in FIG. 3 , the server antivirus device provided in the embodiment of the present invention further includes: a cloud engine antivirus unit 40;

云引擎杀毒单元40,用于对服务器进行云引擎杀毒。其中,云引擎杀毒单元40与检测单元10连接,在检测单元10检测服务器当前运行的Linux操作系统的版本信息之前执行。The cloud engine antivirus unit 40 is configured to perform cloud engine antivirus on the server. Wherein, the cloud engine antivirus unit 40 is connected to the detection unit 10, and is executed before the detection unit 10 detects the version information of the Linux operating system currently running on the server.

需要说明的是,实际应用中,本发明实施例中提供的服务器杀毒的装置,可以位于病毒服务器中,还可以位于应用服务器中。当实施例提供的服务器杀毒的装置位于病毒服务器中时,由病毒服务器完成对应用服务器当前运行的Linux操作系统的版本信息的检测,并将支持该Linux操作系统的杀毒引擎发送给应用服务器,使得应用服务器完成对该杀毒引擎的安装和启动,用于对应用服务器的病毒查杀。当实施例提供的服务器杀毒的装置位于应用服务器中时,由应用服务器检测本地当前运行的的Linux操作系统的版本信息,并且应用服务器获取支持该Linux操作系统的杀毒引擎,将该杀毒引擎安装并运行,用于完成对自身的病毒查杀。It should be noted that, in practical applications, the server antivirus device provided in the embodiment of the present invention may be located in a virus server or an application server. When the server antivirus device provided by the embodiment is located in the virus server, the virus server completes the detection of the version information of the Linux operating system currently running on the application server, and sends the antivirus engine supporting the Linux operating system to the application server, so that The application server completes the installation and startup of the antivirus engine, which is used to scan and kill viruses on the application server. When the server antivirus device provided by the embodiment is located in the application server, the application server detects the version information of the currently running Linux operating system locally, and the application server acquires an antivirus engine supporting the Linux operating system, installs the antivirus engine and Run to complete the virus scanning and killing of itself.

本发明实施例中提供的服务器杀毒的装置,在隔离网环境下,通过检测服务器当前运行的Linux操作系统的版本信息,根据该版本信息获取支持该Linux操作系统杀毒引擎,并且将获得到的杀毒引擎安装到服务器中,以便于服务器可以利用杀毒引擎进行病毒查杀。与现有技术相比,本发明通过在运行Linux操作系统的服务器上安装支持该Linux操作系统的杀毒引擎,利用杀毒引擎对服务器中的病毒进行查杀,避免了隔离网内部的云引擎无法通过外网对病毒样本库进行更新,进而导致云引擎的病毒查杀率较低,无法对安装Linux操作系统的服务器进行有效的进行病毒查杀的问题。The server antivirus device provided in the embodiment of the present invention, in the isolated network environment, by detecting the version information of the Linux operating system currently running on the server, obtains the antivirus engine supporting the Linux operating system according to the version information, and will obtain the antivirus engine. The antivirus engine is installed in the server so that the server can use the antivirus engine to scan and kill viruses. Compared with the prior art, the present invention installs the anti-virus engine supporting the Linux operating system on the server running the Linux operating system, utilizes the anti-virus engine to check and kill the virus in the server, and avoids the cloud engine inside the isolated network from being unable to pass through. The virus sample library is updated on the external network, which leads to the low virus detection and killing rate of the cloud engine, and the problem that the virus detection and killing of the server installed with the Linux operating system cannot be carried out effectively.

此外,本发明实施例中提供的服务器杀毒的装置,当服务器检测到有多个杀毒引擎支持当前运行的Linux操作系统时,可以将这些杀毒引擎都安装或部分安装到服务器上,对服务器进行多引擎杀毒;服务器还可以选择优先级最高的杀毒引擎,将该杀毒引擎安装到服务器上进行病毒查杀。另外,还可以在检测服务器当前运行的Linux操作系统的版本信息之前,首先利用云引擎对服务器进行病毒查杀。通过本发明实施例中提供的服务器杀毒的装置,可以对服务器进行高效的病毒查杀。In addition, the server anti-virus device provided in the embodiment of the present invention, when the server detects that there are multiple anti-virus engines supporting the currently running Linux operating system, these anti-virus engines can be installed or partially installed on the server, and multiple anti-virus engines can be installed on the server. Engine antivirus; the server can also select the antivirus engine with the highest priority, and install the antivirus engine on the server to perform virus inspection and killing. In addition, before detecting the version information of the Linux operating system currently running on the server, the cloud engine may be used to scan and kill viruses on the server. Through the server antivirus device provided in the embodiment of the present invention, efficient virus inspection and antivirus can be performed on the server.

进一步的,作为上述各实施例的实现,本发明实施例还提供了一种服务器杀毒的系统,该系统可以部署在隔离网环境中。该系统通过检测服务器当前运行的Linux操作系统的版本信息,根据该版本信息获取支持当前运行的Linux操作系统的杀毒引擎,并将该杀毒引擎安装到服务器,以便于服务器运行该杀毒引擎进行病毒查杀。如图4所示,该系统包括:病毒服务器50和应用服务器60。Further, as the realization of the above-mentioned embodiments, the embodiment of the present invention also provides a server antivirus system, which can be deployed in an isolated network environment. The system detects the version information of the Linux operating system currently running on the server, obtains an antivirus engine that supports the currently running Linux operating system according to the version information, and installs the antivirus engine on the server so that the server can run the antivirus engine for virus detection. kill. As shown in FIG. 4 , the system includes: a virus server 50 and an application server 60 .

病毒服务器50,用于检测当前运行的Linux操作系统的版本信息;根据当前运行的Linux操作系统的版本信息,获取支持该Linux操作系统的杀毒引擎;将该杀毒引擎发送给应用服务器60。The virus server 50 is used to detect the version information of the currently running Linux operating system; obtain an antivirus engine supporting the Linux operating system according to the version information of the currently running Linux operating system; send the antivirus engine to the application server 60 .

应用服务器60,用于接收杀毒引擎并将该杀毒引擎进行本地安装,运行杀毒引擎进行病毒查杀。The application server 60 is configured to receive the antivirus engine and install the antivirus engine locally, and run the antivirus engine to scan and kill viruses.

具体的,应用服务器60包括许多类型和数量的服务器,如文件服务器和邮件服务器等,这些应用服务器主要安装的是Linux操作系统,以应用服务器60中的文件服务器为例,如图5所示,在计算机局域网中,以文件数据共享为目标,需要将供多台计算机共享的文件存放于一台计算机中,这台计算机可以成为文件服务器。由于文件服务器与许多终端连接并进行文件共享,因此,文件服务器的安全性为首要问题,一旦文件服务器被病毒感染,那么将造成严重的后果。Specifically, the application server 60 includes many types and quantities of servers, such as file servers and mail servers. These application servers are mainly installed with a Linux operating system. Taking the file server in the application server 60 as an example, as shown in Figure 5, In the computer local area network, with the goal of file data sharing, it is necessary to store the files shared by multiple computers in one computer, and this computer can become a file server. Since the file server is connected to many terminals and performs file sharing, the security of the file server is the primary issue. Once the file server is infected by a virus, it will cause serious consequences.

因此,利用本发明提供的服务器杀毒的系统,病毒服务器50通过检测文件服务器当前运行的Linux操作系统的版本信息,将支持该Linux操作系统的杀毒引擎发送给文件服务器,文件服务器接收并将该杀毒引擎安装到本地,使得文件服务器启动杀毒引擎对本地的共享文件及传输数据的病毒查杀,可以高效的对文件服务器进行病毒查杀,保证了文件服务器和终端上的数据的安全性。Therefore, utilize the server antivirus system provided by the present invention, the virus server 50 sends the antivirus engine that supports the Linux operating system to the file server by detecting the version information of the Linux operating system currently running on the file server, and the file server receives and passes the antivirus The engine is installed locally, so that the file server starts the antivirus engine to scan and kill the virus of the local shared files and transmitted data, which can efficiently scan and kill the virus on the file server, ensuring the security of the data on the file server and the terminal.

本发明实施例中提供的服务器杀毒的系统,通过检测服务器当前运行的Linux操作系统的版本信息,根据该版本信息获取支持该Linux操作系统杀毒引擎,并且将获得到的杀毒引擎安装到服务器中,以便于服务器可以利用杀毒引擎进行病毒查杀。与现有技术相比,本发明通过在运行Linux操作系统的服务器上安装支持该Linux操作系统的杀毒引擎,利用杀毒引擎对服务器中的病毒进行查杀,避免了隔离网内部的云引擎无法通过外网对病毒样本库进行更新,进而导致云引擎的病毒查杀率较低,无法对安装Linux操作系统的服务器进行有效的进行病毒查杀的问题。The server antivirus system provided in the embodiment of the present invention, by detecting the version information of the Linux operating system currently running on the server, obtains the antivirus engine supporting the Linux operating system according to the version information, and installs the obtained antivirus engine into the server, So that the server can use the antivirus engine to scan and kill viruses. Compared with the prior art, the present invention installs the anti-virus engine supporting the Linux operating system on the server running the Linux operating system, utilizes the anti-virus engine to check and kill the virus in the server, and avoids the cloud engine inside the isolated network from being unable to pass through. The virus sample library is updated on the external network, which leads to the low virus detection and killing rate of the cloud engine, and the problem that the virus detection and killing of the server installed with the Linux operating system cannot be carried out effectively.

此外,本发明实施例中提供的服务器杀毒的系统,当服务器检测到有多个杀毒引擎支持当前运行的Linux操作系统时,可以将这些杀毒引擎都安装或部分安装到服务器上,对服务器进行多引擎杀毒;服务器还可以选择优先级最高的杀毒引擎,将该杀毒引擎安装到服务器上进行病毒查杀。另外,还可以在检测服务器当前运行的Linux操作系统的版本信息之前,利用云引擎对服务器进行病毒查杀。通过本发明实施例中提供的服务器杀毒的系统,可以对服务器进行高效的病毒查杀。In addition, in the server anti-virus system provided in the embodiment of the present invention, when the server detects that there are multiple anti-virus engines supporting the currently running Linux operating system, these anti-virus engines can be installed or partially installed on the server, and multiple anti-virus engines can be installed on the server. Engine antivirus; the server can also select the antivirus engine with the highest priority, and install the antivirus engine on the server to perform virus inspection and killing. In addition, before detecting the version information of the Linux operating system currently running on the server, the cloud engine can be used to scan and kill viruses on the server. Through the server antivirus system provided in the embodiment of the present invention, efficient virus inspection and antivirus can be performed on the server.

本发明还提供了以下技术方案:The present invention also provides the following technical solutions:

A1、一种服务器杀毒的方法,所述方法包括:A1, a method for server antivirus, said method comprising:

检测服务器当前运行的Linux操作系统的版本信息;Detect the version information of the Linux operating system currently running on the server;

根据所述版本信息获取支持所述Linux操作系统的杀毒引擎;Obtain an antivirus engine supporting the Linux operating system according to the version information;

将所述杀毒引擎安装到所述服务器,以使得所述服务器运行所述杀毒引擎进行病毒查杀。The antivirus engine is installed on the server, so that the server runs the antivirus engine to scan and kill viruses.

A2、根据权利要求A1所述的方法,所述根据所述版本信息获取支持所述Linux操作系统的杀毒引擎,包括:A2. The method according to claim A1, said obtaining an antivirus engine supporting said Linux operating system according to said version information, comprising:

建立所述Linux操作系统的版本信息与所述杀毒引擎之间的关系映射表,所述关系映射表包括所述版本信息与所述杀毒引擎之间的对应关系;Establishing a relationship mapping table between the version information of the Linux operating system and the antivirus engine, the relationship mapping table including the corresponding relationship between the version information and the antivirus engine;

根据所述关系映射表获取支持所述Linux操作系统的杀毒引擎。An antivirus engine supporting the Linux operating system is obtained according to the relational mapping table.

A3、根据权利要求A1所述的方法,所述将所述杀毒引擎安装到所述服务器,包括:A3. The method according to claim A1, said installing said antivirus engine on said server, comprising:

当获取支持所述Linux操作系统的杀毒引擎数量至少有两个时,将所述至少有两个杀毒引擎安装到所述服务器,以使得所述服务器运行所述至少有两个杀毒引擎以进行多引擎病毒查杀。When the number of antivirus engines supporting the Linux operating system is at least two, the at least two antivirus engines are installed on the server, so that the server runs the at least two antivirus engines for multiple Engine virus detection and killing.

A4、根据权利要求A1所述的方法,所述将所述杀毒引擎安装到所述服务器,包括:A4. The method according to claim A1, said installing said antivirus engine on said server, comprising:

当获取支持所述Linux操作系统的杀毒引擎数量至少有两个时,设置所述杀毒引擎之间的优先级关系;When obtaining at least two antivirus engines supporting the Linux operating system, set the priority relationship between the antivirus engines;

确定出支持所述服务器优先级最高的杀毒引擎;Determine the antivirus engine that supports the server with the highest priority;

将所述优先级最高的杀毒引擎安装到所述服务器,以使得所述服务器运行所述优先级最高的杀毒引擎进行病毒查杀。The antivirus engine with the highest priority is installed on the server, so that the server runs the antivirus engine with the highest priority to scan and kill viruses.

A5、根据权利要求A1所述的方法,在检测服务器当前运行的Linux操作系统的版本信息之前,进一步包括:对所述服务器进行云引擎杀毒。A5. The method according to claim A1, before detecting the version information of the Linux operating system currently running on the server, further comprising: performing cloud engine antivirus on the server.

A6、根据权利要求A1所述的方法,所述杀毒引擎包括:人工智能引擎QVM和启发式杀毒引擎AVE;A6. The method according to claim A1, wherein the antivirus engine comprises: an artificial intelligence engine QVM and a heuristic antivirus engine AVE;

所述QVM和AVE分别支持乌班图Ubuntu、社区企业操作系统CentOS和红帽RedHat操作系统。Said QVM and AVE respectively support Ubuntu, community enterprise operating system CentOS and Red Hat RedHat operating system.

B7、一种服务器杀毒的装置,所述装置包括:B7, a device for server antivirus, said device comprising:

检测单元,用于检测服务器当前运行的Linux操作系统的版本信息;The detection unit is used to detect the version information of the Linux operating system currently running on the server;

获取单元,用于根据所述检测单元检测到的所述版本信息获取支持所述Linux操作系统的杀毒引擎;An acquisition unit, configured to acquire an antivirus engine supporting the Linux operating system according to the version information detected by the detection unit;

安装单元,用于将所述获取单元获取到的所述杀毒引擎安装到所述服务器,以使得所述服务器运行所述杀毒引擎进行病毒查杀。The installation unit is configured to install the antivirus engine acquired by the acquisition unit on the server, so that the server runs the antivirus engine to perform virus scanning and killing.

B8、根据权利要求B7所述的装置,所述获取单元包括:映射模块和获取模块;B8. The device according to claim B7, the acquisition unit comprising: a mapping module and an acquisition module;

所述映射模块,用于建立所述检测单元检测到的所述Linux操作系统的版本信息与所述杀毒引擎之间的关系映射表,所述关系映射表包括所述版本信息与所述杀毒引擎之间的对应关系;The mapping module is configured to establish a relationship mapping table between the version information of the Linux operating system detected by the detection unit and the antivirus engine, and the relationship mapping table includes the version information and the antivirus engine Correspondence between;

所述获取模块,用于根据所述映射模块建立的所述关系映射表获取支持所述Linux操作系统的杀毒引擎。The acquiring module is configured to acquire an antivirus engine supporting the Linux operating system according to the relational mapping table established by the mapping module.

B9、根据权利要求B7所述的装置,所述安装单元包括:设置模块、选择模块和安装模块;B9. The device according to claim B7, the installation unit comprising: a setting module, a selection module and an installation module;

所述设置模块,用于设置所述获取单元获取到的所述杀毒引擎之间的优先级关系;The setting module is configured to set the priority relationship between the antivirus engines acquired by the acquisition unit;

所述选择模块,用于根据所述设置模块设置的优先级关系确定出支持所述服务器优先级最高的杀毒引擎;The selection module is configured to determine the antivirus engine that supports the server with the highest priority according to the priority relationship set by the setting module;

所述安装模块,用于将所述选择模块确定出的优先级最高的杀毒引擎安装到所述服务器,以使得所述服务器运行所述优先级最高的杀毒引擎进行病毒查杀。The installation module is configured to install the antivirus engine with the highest priority determined by the selection module on the server, so that the server runs the antivirus engine with the highest priority to scan and kill viruses.

B10、根据权利要求B7所述的装置,所述装置还包括:云引擎杀毒单元;B10. The device according to claim B7, said device further comprising: a cloud engine antivirus unit;

所述云引擎杀毒单元,用于对所述服务器进行云引擎杀毒。The cloud engine antivirus unit is configured to perform cloud engine antivirus on the server.

B11、根据权利要求B7-B10中任一项所述的装置,所述杀毒引擎包括:人工智能引擎QVM和启发式杀毒引擎AVE;B11. The device according to any one of claims B7-B10, the antivirus engine comprising: an artificial intelligence engine QVM and a heuristic antivirus engine AVE;

所述QVM和AVE分别支持乌班图Ubuntu、社区企业操作系统CentOS和红帽RedHat操作系统。Said QVM and AVE respectively support Ubuntu, community enterprise operating system CentOS and Red Hat RedHat operating system.

C12、一种服务器杀毒的系统,所述系统包括:病毒服务器和应用服务器,其中,所述病毒服务器包括如权利要求B7-B11中任一项所述的装置;C12. A system for server antivirus, said system comprising: a virus server and an application server, wherein said virus server comprises the device according to any one of claims B7-B11;

所述病毒服务器,用于检测当前运行的Linux操作系统的版本信息;根据所述版本信息获取支持所述Linux操作系统的杀毒引擎;将所述杀毒引擎发送给所述应用服务器;The virus server is used to detect the version information of the currently running Linux operating system; obtain an antivirus engine supporting the Linux operating system according to the version information; send the antivirus engine to the application server;

所述应用服务器,用于接收并安装所述杀毒引擎,运行所述杀毒引擎进行病毒查杀。The application server is configured to receive and install the antivirus engine, and run the antivirus engine to scan and kill viruses.

在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the foregoing embodiments, the descriptions of each embodiment have their own emphases, and for parts not described in detail in a certain embodiment, reference may be made to relevant descriptions of other embodiments.

可以理解的是,上述方法及装置中的相关特征可以相互参考。另外,上述实施例中的“第一”、“第二”等是用于区分各实施例,而并不代表各实施例的优劣。It can be understood that related features in the above methods and devices can refer to each other. In addition, "first", "second" and so on in the above embodiments are used to distinguish each embodiment, and do not represent the advantages and disadvantages of each embodiment.

所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system, device and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.

在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.

在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.

类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的发明名称(如确定网站内链接等级的装置)中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. It should be understood by those skilled in the art that a microprocessor or a digital signal processor (DSP) can be used in practice to implement some or all of the components in the title of the invention (such as the device for determining the link level in the website) according to the embodiment of the present invention some or all of the features. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.

Claims (10)

1.一种服务器杀毒的方法,其特征在于,所述方法包括:1. A method for server antivirus, characterized in that the method comprises: 检测服务器当前运行的Linux操作系统的版本信息;Detect the version information of the Linux operating system currently running on the server; 根据所述版本信息获取支持所述Linux操作系统的杀毒引擎;Obtain an antivirus engine supporting the Linux operating system according to the version information; 将所述杀毒引擎安装到所述服务器,以使得所述服务器运行所述杀毒引擎进行病毒查杀。The antivirus engine is installed on the server, so that the server runs the antivirus engine to scan and kill viruses. 2.根据权利要求1所述的方法,其特征在于,所述根据所述版本信息获取支持所述Linux操作系统的杀毒引擎,包括:2. The method according to claim 1, wherein said acquisition of an antivirus engine supporting said Linux operating system according to said version information comprises: 建立所述Linux操作系统的版本信息与所述杀毒引擎之间的关系映射表,所述关系映射表包括所述版本信息与所述杀毒引擎之间的对应关系;Establishing a relationship mapping table between the version information of the Linux operating system and the antivirus engine, the relationship mapping table including the corresponding relationship between the version information and the antivirus engine; 根据所述关系映射表获取支持所述Linux操作系统的杀毒引擎。An antivirus engine supporting the Linux operating system is acquired according to the relational mapping table. 3.根据权利要求1所述的方法,其特征在于,所述将所述杀毒引擎安装到所述服务器,包括:3. The method according to claim 1, wherein the installation of the antivirus engine on the server comprises: 当获取支持所述Linux操作系统的杀毒引擎数量至少有两个时,将所述至少有两个杀毒引擎安装到所述服务器,以使得所述服务器运行所述至少有两个杀毒引擎以进行多引擎病毒查杀。When the number of antivirus engines supporting the Linux operating system is at least two, the at least two antivirus engines are installed on the server, so that the server runs the at least two antivirus engines for multiple Engine virus detection and killing. 4.根据权利要求1所述的方法,其特征在于,所述将所述杀毒引擎安装到所述服务器,包括:4. The method according to claim 1, wherein the installation of the antivirus engine on the server comprises: 当获取支持所述Linux操作系统的杀毒引擎数量至少有两个时,设置所述杀毒引擎之间的优先级关系;When obtaining at least two antivirus engines supporting the Linux operating system, set the priority relationship between the antivirus engines; 确定出支持所述服务器优先级最高的杀毒引擎;Determine the antivirus engine that supports the server with the highest priority; 将所述优先级最高的杀毒引擎安装到所述服务器,以使得所述服务器运行所述优先级最高的杀毒引擎进行病毒查杀。The antivirus engine with the highest priority is installed on the server, so that the server runs the antivirus engine with the highest priority to scan and kill viruses. 5.根据权利要求1所述的方法,其特征在于,所述杀毒引擎包括:人工智能引擎QVM和启发式杀毒引擎AVE;5. The method according to claim 1, wherein the antivirus engine comprises: an artificial intelligence engine QVM and a heuristic antivirus engine AVE; 所述QVM和AVE分别支持乌班图Ubuntu、社区企业操作系统CentOS和红帽RedHat操作系统。Said QVM and AVE respectively support Ubuntu, community enterprise operating system CentOS and Red Hat RedHat operating system. 6.一种服务器杀毒的装置,其特征在于,所述装置包括:6. A device for server antivirus, characterized in that the device comprises: 检测单元,用于检测服务器当前运行的Linux操作系统的版本信息;The detection unit is used to detect the version information of the Linux operating system currently running on the server; 获取单元,用于根据所述检测单元检测到的所述版本信息获取支持所述Linux操作系统的杀毒引擎;An acquisition unit, configured to acquire an antivirus engine supporting the Linux operating system according to the version information detected by the detection unit; 安装单元,用于将所述获取单元获取到的所述杀毒引擎安装到所述服务器,以使得所述服务器运行所述杀毒引擎进行病毒查杀。The installation unit is configured to install the antivirus engine acquired by the acquisition unit on the server, so that the server runs the antivirus engine to perform virus scanning and killing. 7.根据权利要求6所述的装置,其特征在于,所述获取单元包括:映射模块和获取模块;7. The device according to claim 6, wherein the acquiring unit comprises: a mapping module and an acquiring module; 所述映射模块,用于建立所述检测单元检测到的所述Linux操作系统的版本信息与所述杀毒引擎之间的关系映射表,所述关系映射表包括所述版本信息与所述杀毒引擎之间的对应关系;The mapping module is configured to establish a relationship mapping table between the version information of the Linux operating system detected by the detection unit and the antivirus engine, and the relationship mapping table includes the version information and the antivirus engine Correspondence between; 所述获取模块,用于根据所述映射模块建立的所述关系映射表获取支持所述Linux操作系统的杀毒引擎。The acquiring module is configured to acquire an antivirus engine supporting the Linux operating system according to the relational mapping table established by the mapping module. 8.根据权利要求6所述的装置,其特征在于,所述安装单元包括:设置模块、选择模块和安装模块;8. The device according to claim 6, wherein the installation unit comprises: a setting module, a selection module and an installation module; 所述设置模块,用于设置所述获取单元获取到的所述杀毒引擎之间的优先级关系;The setting module is configured to set the priority relationship between the antivirus engines acquired by the acquisition unit; 所述选择模块,用于根据所述设置模块设置的优先级关系确定出支持所述服务器优先级最高的杀毒引擎;The selection module is configured to determine the antivirus engine that supports the server with the highest priority according to the priority relationship set by the setting module; 所述安装模块,用于将所述选择模块确定出的优先级最高的杀毒引擎安装到所述服务器,以使得所述服务器运行所述优先级最高的杀毒引擎进行病毒查杀。The installation module is configured to install the antivirus engine with the highest priority determined by the selection module on the server, so that the server runs the antivirus engine with the highest priority to scan and kill viruses. 9.根据权利要求6-8中任一项所述的装置,其特征在于,所述杀毒引擎包括:人工智能引擎QVM和启发式杀毒引擎AVE;9. The device according to any one of claims 6-8, wherein the antivirus engine comprises: an artificial intelligence engine QVM and a heuristic antivirus engine AVE; 所述QVM和AVE分别支持乌班图Ubuntu、社区企业操作系统CentOS和红帽RedHat操作系统。Said QVM and AVE respectively support Ubuntu, community enterprise operating system CentOS and Red Hat RedHat operating system. 10.一种服务器杀毒的系统,其特征在于,所述系统包括:病毒服务器和应用服务器,其中,所述病毒服务器包括如权利要求6-9中任一项所述的装置;10. A server antivirus system, characterized in that the system comprises: a virus server and an application server, wherein the virus server comprises the device according to any one of claims 6-9; 所述病毒服务器,用于检测当前运行的Linux操作系统的版本信息;根据所述版本信息获取支持所述Linux操作系统的杀毒引擎;将所述杀毒引擎发送给所述应用服务器;The virus server is used to detect the version information of the currently running Linux operating system; obtain an antivirus engine supporting the Linux operating system according to the version information; send the antivirus engine to the application server; 所述应用服务器,用于接收并安装所述杀毒引擎,运行所述杀毒引擎进行病毒查杀。The application server is configured to receive and install the antivirus engine, and run the antivirus engine to scan and kill viruses.
CN201410578896.1A 2014-10-24 2014-10-24 Server virus killing method, device and system Pending CN104318159A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410578896.1A CN104318159A (en) 2014-10-24 2014-10-24 Server virus killing method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410578896.1A CN104318159A (en) 2014-10-24 2014-10-24 Server virus killing method, device and system

Publications (1)

Publication Number Publication Date
CN104318159A true CN104318159A (en) 2015-01-28

Family

ID=52373390

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410578896.1A Pending CN104318159A (en) 2014-10-24 2014-10-24 Server virus killing method, device and system

Country Status (1)

Country Link
CN (1) CN104318159A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106302533A (en) * 2016-09-30 2017-01-04 广州特道信息科技有限公司 Big data safety management system and method
CN108804925A (en) * 2015-05-27 2018-11-13 安恒通(北京)科技有限公司 method and system for detecting malicious code

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008276774A (en) * 2007-04-27 2008-11-13 Beijing Kingsoft Software Co Ltd Device and method for on-line virus scanning
CN102147737A (en) * 2010-02-09 2011-08-10 深圳市金蝶中间件有限公司 Method for supporting multi-operating system by system service and device
CN102523215A (en) * 2011-12-15 2012-06-27 北京海云捷迅科技有限公司 Virtual machine (VM) online antivirus system based on KVM virtualization platform
CN202551099U (en) * 2012-03-07 2012-11-21 北京宇航系统工程研究所 On-line multi-engine cloud network searching and destroying architecture
CN103034805A (en) * 2011-09-30 2013-04-10 腾讯科技(深圳)有限公司 Method and device for multi-engine virus searching and killing

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008276774A (en) * 2007-04-27 2008-11-13 Beijing Kingsoft Software Co Ltd Device and method for on-line virus scanning
CN102147737A (en) * 2010-02-09 2011-08-10 深圳市金蝶中间件有限公司 Method for supporting multi-operating system by system service and device
CN103034805A (en) * 2011-09-30 2013-04-10 腾讯科技(深圳)有限公司 Method and device for multi-engine virus searching and killing
CN102523215A (en) * 2011-12-15 2012-06-27 北京海云捷迅科技有限公司 Virtual machine (VM) online antivirus system based on KVM virtualization platform
CN202551099U (en) * 2012-03-07 2012-11-21 北京宇航系统工程研究所 On-line multi-engine cloud network searching and destroying architecture

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108804925A (en) * 2015-05-27 2018-11-13 安恒通(北京)科技有限公司 method and system for detecting malicious code
CN108804925B (en) * 2015-05-27 2022-02-01 北京百度网讯科技有限公司 Method and system for detecting malicious code
CN106302533A (en) * 2016-09-30 2017-01-04 广州特道信息科技有限公司 Big data safety management system and method

Similar Documents

Publication Publication Date Title
CN103632096B (en) A kind of method and apparatus that safety detection is carried out to equipment
CN103390130B (en) Based on the method for the rogue program killing of cloud security, device and server
CN103632100B (en) Method and device for website vulnerability detection
CN104980309B (en) website security detection method and device
CN103685258B (en) A kind of method and apparatus of quick scans web sites loophole
CN103001947B (en) A kind of program processing method and system
US20110277033A1 (en) Identifying Malicious Threads
CN104008340A (en) Virus scanning and killing method and device
JP2014508363A (en) System and method for performing anti-malware metadata lookup
CN102982281B (en) Program state testing method and system
CN103020520A (en) Enterprise-based document security detection method and system
CN106384048A (en) Threat message processing method and device
CN103049697B (en) For the file test method and system of enterprise
CN103679027A (en) Searching and killing method and device for kernel level malware
WO2014082599A1 (en) Scanning device, cloud management device, method and system for checking and killing malicious programs
CN103034808A (en) Scanning method, equipment and system and cloud management method and equipment
CN103559447A (en) Detection method, detection device and detection system based on virus sample characteristics
CN102999720A (en) Program identification method and system
CN105095758B (en) Screen locking applied program processing method, device and mobile terminal
CN107623693B (en) Domain name resolution protection method and device, system, computing device, and storage medium
CN105791250B (en) Application detection method and device
CN103713945B (en) The recognition methods of game and device
CN104504339B (en) Virtualize safety detection method and system
CN104318159A (en) Server virus killing method, device and system
CN103095698B (en) Client software repair method, device and communication system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20161214

Address after: 100015 Jiuxianqiao Chaoyang District Beijing Road No. 10, building 15, floor 17, layer 1701-26, 3

Applicant after: BEIJING QI'ANXIN SCIENCE & TECHNOLOGY CO., LTD.

Address before: 100088 Beijing city Xicheng District xinjiekouwai Street 28, block D room 112 (Desheng Park)

Applicant before: Beijing Qihoo Technology Co., Ltd.

Applicant before: Qizhi Software (Beijing) Co., Ltd.

RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20150128