[go: up one dir, main page]

CN106203105B - File management method and device - Google Patents

File management method and device Download PDF

Info

Publication number
CN106203105B
CN106203105B CN201610483699.0A CN201610483699A CN106203105B CN 106203105 B CN106203105 B CN 106203105B CN 201610483699 A CN201610483699 A CN 201610483699A CN 106203105 B CN106203105 B CN 106203105B
Authority
CN
China
Prior art keywords
file
memory space
treated
files
malicious
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201610483699.0A
Other languages
Chinese (zh)
Other versions
CN106203105A (en
Inventor
苗汇泉
宁敢
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201610483699.0A priority Critical patent/CN106203105B/en
Publication of CN106203105A publication Critical patent/CN106203105A/en
Application granted granted Critical
Publication of CN106203105B publication Critical patent/CN106203105B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Whether, the invention discloses a kind of file management method and device, which includes: judgment module, is scanned for the memory space to mobile device, judge in the memory space comprising file to be treated;Configuration module, for creating file in the memory space, and the file to be treated is put into the file in the case where judgement is comprising file to be treated;Processing module, for being handled according to instruction the file stored in the file;Wherein, the judgment module is for judging whether the memory space includes apocrypha and/or malicious file;And in the case where judging that the memory space includes apocrypha and/or malicious file, by the memory space apocrypha and/or malicious file be determined as file to be treated.The file that can effectively restore or consult the storage of mobile device original using technical solution of the present invention avoids the problem that operation can not carry out.

Description

文件管理方法和装置File management method and device

本申请为基于母案《文件管理方法和装置》的分案申请,母案《文件管理方法和装置》的申请号为CN201210393609.0、公开号为CN102915359A。This application is a divisional application based on the parent case "Document Management Method and Device", the application number of the parent case "Document Management Method and Device" is CN201210393609.0, and the publication number is CN102915359A.

技术领域technical field

本发明涉及计算机领域,具体涉及一种文件管理方法和装置。The present invention relates to the field of computers, in particular to a file management method and device.

背景技术Background technique

随着计算机技术在社会生活中各个领域的广泛运用,恶意程序(Malwar,malicious software,指任何故意创建用来执行未经授权并通常是有害行为的软件程序)也如同其附属品一样接踵而来。由于这些恶意程序所具有的感染性、复制性及破坏性,其已成为困扰计算机使用的一个重大问题。With the widespread use of computer technology in various fields of social life, malicious programs (Malwar, malicious software, refers to any software program that is intentionally created to perform unauthorized and usually harmful behaviors) also follow like its accessories. . Due to the infectivity, replication and destructiveness of these malicious programs, they have become a major problem that plagues computer usage.

因此,在网络威胁日益增长的今天,更新病毒特征码成为企业及网民每天必备的工作,从每周一次到每天一次,直至时刻更新,用户期望通过病毒特征码的匹配来避免计算机设备被恶意程序所影响。而传统杀毒软件是将病毒库放在客户端计算机,在客户端进行文件的分析工作,在扫描过程中会反复在本地病毒库中进行比对,占用大量系统资源,并且随着病毒库的不断升级,病毒库的容量越来越大,分析文件时所耗费的时间也越来越长,导致客户端计算机的系统资源占用过多,性能降低,因此,反病毒行业必须寻找新的技术突破。Therefore, in today's growing network threats, updating virus signatures has become an essential task for enterprises and netizens every day. From once a week to once a day, until they are updated at any time, users expect to avoid malicious computer equipment by matching virus signatures. affected by the program. In traditional antivirus software, the virus database is placed on the client computer, and the files are analyzed on the client side. During the scanning process, the local virus database is repeatedly compared, which occupies a large amount of system resources. With the upgrade, the capacity of the virus database is getting larger and larger, and the time spent in analyzing the files is also getting longer and longer, which leads to excessive occupation of system resources of the client computer and reduced performance. Therefore, the anti-virus industry must find new technological breakthroughs.

“云安全(Cloud Security)”计划是网络时代信息安全的最新体现,它融合了并行处理、网格计算、未知病毒行为判断等新兴技术概念,将“云计算”的理念应用到了安全领域。The "Cloud Security" plan is the latest manifestation of information security in the network era. It integrates emerging technology concepts such as parallel processing, grid computing, and unknown virus behavior judgment, and applies the concept of "cloud computing" to the security field.

云查杀是指把病毒库放在服务端,因为服务端的病毒库更新更快、更及时,联网后可以快速的进行查杀的技术。在采用云查杀技术对U盘(移动设备)进行扫描之后,通常的做法是将经过云查杀扫描之后得到的危险(判断为恶意文件)或可疑文件存放在本地计算设备上。Cloud scanning and killing refers to putting the virus database on the server side, because the virus database on the server side is updated faster and more timely, and it can be quickly detected and killed after being connected to the Internet. After the U disk (mobile device) is scanned by the cloud killing technology, the usual practice is to store the dangerous (judged malicious files) or suspicious files obtained after the cloud killing scanning on the local computing device.

由于把对U盘进行云查杀之后得到的危险或可疑文件存放在了本地计算设备上,所以当把U盘从本地计算设备移动到另一台计算设备上时,如果此时要在另一台计算设备上恢复误删的危险或可疑文件,则是办不到的。Since the dangerous or suspicious files obtained after the cloud scanning and killing of the U disk are stored on the local computing device, when the U disk is moved from the local computing device to another computing device, if the It is impossible to recover accidentally deleted dangerous or suspicious files on a single computing device.

针对相关技术中在计算设备侧存储被隔离的文件而导致难以基于移动设备对文件进行后续其他处理的问题,目前尚未提出有效的解决方案。For the problem in the related art that it is difficult to perform other subsequent processing on the file based on the mobile device due to the storage of the isolated file on the computing device side, no effective solution has been proposed so far.

发明内容SUMMARY OF THE INVENTION

鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的文件管理方法和装置。In view of the above problems, the present invention is proposed to provide a file management method and apparatus that overcomes the above problems or at least partially solves the above problems.

依据本发明的一个方面,提供了文件管理方法,该文件管理方法包括:According to one aspect of the present invention, a file management method is provided, the file management method comprising:

对移动设备的存储空间进行扫描,判断存储空间中是否包含需要处理的文件;Scan the storage space of the mobile device to determine whether the storage space contains files that need to be processed;

如果包含需要处理的文件,则在存储空间中创建文件夹,并将需要处理的文件放入文件夹中;If it contains files that need to be processed, create a folder in the storage space and put the files that need to be processed into the folder;

根据指示对文件夹中存储的文件进行处理;Process the files stored in the folder according to the instructions;

其中,判断存储空间中是否包含需要处理的文件包括:Among them, judging whether the storage space contains files that need to be processed includes:

判断存储空间是否包含可疑文件和/或恶意文件;Determine whether the storage space contains suspicious files and/or malicious files;

如果存储空间包含可疑文件和/或恶意文件,则将存储空间中的可疑文件和/或恶意文件确定为需要处理的文件。If the storage space contains suspicious files and/or malicious files, the suspicious files and/or malicious files in the storage space are determined as files that need to be processed.

任选地,在将需要处理的文件放入文件夹中之后,文件管理方法进一步包括:Optionally, after placing the files to be processed into the folder, the file management method further includes:

接收来自用户的指示,根据指示确定对文件夹中的文件需要进行的处理。Receive an instruction from the user, and determine the processing to be performed on the files in the folder according to the instruction.

任选地,在来自用户的指示为恢复文件夹中的文件的情况下,对文件夹中的文件进行处理包括:Optionally, in the case where the instruction from the user is to restore the files in the folder, processing the files in the folder includes:

将文件夹中的文件恢复到原存储位置。Restore the files in the folder to their original storage location.

任选地,在来自用户的指示为删除文件夹中的文件的情况下,对文件夹中的文件进行处理包括:Optionally, when the instruction from the user is to delete the files in the folder, processing the files in the folder includes:

将文件夹中的文件删除。Delete the files in the folder.

根据本发明的另一方面,提供了一种文件管理装置,该文件管理装置包括:According to another aspect of the present invention, a file management device is provided, the file management device comprising:

判断模块,用于对移动设备的存储空间进行扫描,判断存储空间中是否包含需要处理的文件;The judgment module is used to scan the storage space of the mobile device to determine whether the storage space contains files that need to be processed;

配置模块,用于在判断包含需要处理的文件的情况下,在存储空间中创建文件夹,并将需要处理的文件放入文件夹中;The configuration module is used to create a folder in the storage space when it is judged that the file to be processed is included, and put the file to be processed into the folder;

处理模块,用于根据指示对文件夹中存储的文件进行处理;The processing module is used to process the files stored in the folder according to the instructions;

其中,判断模块用于判断存储空间是否包含可疑文件和/或恶意文件;并判断存储空间包含可疑文件和/或恶意文件的情况下,将存储空间中的可疑文件和/或恶意文件确定为需要处理的文件。Wherein, the judgment module is used to judge whether the storage space contains suspicious files and/or malicious files; and when judging that the storage space contains suspicious files and/or malicious files, the suspicious files and/or malicious files in the storage space are determined as necessary processed files.

任选地,该文件管理装置进一步包括:Optionally, the file management device further includes:

确定模块,用于在将需要处理的文件放入文件夹中之后,接收来自用户的指示,并根据指示确定对文件夹中的文件需要进行的处理。The determining module is configured to receive an instruction from the user after placing the file to be processed into the folder, and determine the processing to be performed on the file in the folder according to the instruction.

任选地,在来自用户的指示为恢复文件夹中的文件的情况下,处理模块用于将文件夹中的文件恢复到原存储位置。Optionally, when the instruction from the user is to restore the files in the folder, the processing module is configured to restore the files in the folder to the original storage location.

任选地,在来自用户的指示为删除文件夹中的文件的情况下,处理模块用于将文件夹中的文件删除。Optionally, when the instruction from the user is to delete the files in the folder, the processing module is configured to delete the files in the folder.

根据本发明的文件管理方法和装置可以通过对移动设备的存储空间进行扫描,在判断存储空间中有需要处理的文件的情况下,在该移动设备的存储空间中建立文件夹,并将需要处理的文件放入该文件夹中进行处理,由此解决了在计算设备侧存储被隔离的文件而导致难以基于移动设备对文件进行后续其他处理的问题,取得了在移动设备的存储空间中存储需要处理的文件,即使移动设备与其他的计算机连接,同样能够有效恢复或查阅移动设备原存储的文件,避免操作无法进行的问题的有益效果。According to the file management method and device of the present invention, by scanning the storage space of the mobile device, when it is judged that there are files that need to be processed in the storage space, a folder is created in the storage space of the mobile device, and the files that need to be processed are created. The files are put into this folder for processing, which solves the problem that the isolated files are stored on the computing device side, which makes it difficult to perform other subsequent processing on the files based on the mobile device, and achieves the storage space of the mobile device. The processed files, even if the mobile device is connected to other computers, can also effectively restore or consult the files originally stored in the mobile device, and have the beneficial effect of avoiding the problem that the operation cannot be performed.

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, in order to be able to understand the technical means of the present invention more clearly, it can be implemented according to the content of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and easy to understand , the following specific embodiments of the present invention are given.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are for the purpose of illustrating preferred embodiments only and are not to be considered limiting of the invention. Also, the same components are denoted by the same reference numerals throughout the drawings. In the attached image:

图1示出了根据本发明一个实施例的文件管理方法的流程图;1 shows a flowchart of a file management method according to an embodiment of the present invention;

图2示出了根据本发明一个实施例的文件管理方法执行结果的示意图;以及FIG. 2 is a schematic diagram showing the execution result of the file management method according to an embodiment of the present invention; and

图3示出了根据本发明一个实施例文件管理装置的框图。FIG. 3 shows a block diagram of a file management apparatus according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided so that the present disclosure will be more thoroughly understood, and will fully convey the scope of the present disclosure to those skilled in the art.

根据本发明的实施例,提供了一种文件管理方法。According to an embodiment of the present invention, a file management method is provided.

如图1所示,文件管理方法包括:As shown in Figure 1, the file management method includes:

步骤S101,对移动设备的存储空间进行扫描,判断存储空间中是否包含需要处理的文件;Step S101, scan the storage space of the mobile device, and determine whether the storage space contains files that need to be processed;

步骤S103,如果包含需要处理的文件,则在存储空间中创建文件夹,并将需要处理的文件放入文件夹中;Step S103, if the file to be processed is contained, a folder is created in the storage space, and the file to be processed is placed in the folder;

步骤S105,根据指示对文件夹中存储的文件进行处理。Step S105, process the files stored in the folder according to the instruction.

其中,判断存储空间中是否包含需要处理的文件包括:Among them, judging whether the storage space contains files that need to be processed includes:

判断存储空间是否包含可疑文件和/或恶意文件;Determine whether the storage space contains suspicious files and/or malicious files;

如果存储空间包含可疑文件和/或恶意文件,则将存储空间中的可疑文件和/或恶意文件确定为需要处理的文件。If the storage space contains suspicious files and/or malicious files, the suspicious files and/or malicious files in the storage space are determined as files that need to be processed.

并且,在将需要处理的文件放入文件夹中之后,文件管理方法进一步包括:And, after putting the files to be processed into the folder, the file management method further includes:

接收来自用户的指示,根据指示确定对文件夹中的文件需要进行的处理。Receive an instruction from the user, and determine the processing to be performed on the files in the folder according to the instruction.

此外,在来自用户的指示为恢复文件夹中的文件的情况下,对文件夹中的文件进行处理包括:In addition, in the case where the instruction from the user is to restore the files in the folder, the processing of the files in the folder includes:

将文件夹中的文件恢复到原存储位置。Restore the files in the folder to their original storage location.

而且,在来自用户的指示为删除文件夹中的文件的情况下,对文件夹中的文件进行处理包括:Moreover, when the instruction from the user is to delete the files in the folder, the processing of the files in the folder includes:

将文件夹中的文件删除。Delete the files in the folder.

例如,将移动设备连接到一台计算设备上,服务器联网后扫描用户U盘(移动设备)上的文件,查到文件的md5对应的文件等级;其中,服务器扫描查询后台文件等级,后台保存有不同的文件的md5及对应的文件等级。文件等级主要是根据程序文件内的静态特征,如经由信息-摘要算法(Message-Digest Algorithm 5,简称md5)运算得出的md5验证码,或SHA1码,或循环冗余校验(Cyclic Redundancy Check,简称CRC)码等可唯一标识原程序的特征码,也可以是程序文件内的静态特征串。For example, after connecting the mobile device to a computing device, the server scans the files on the user's U disk (mobile device) after networking, and finds the file level corresponding to the md5 of the file; among them, the server scans and queries the background file level, and the background saves The md5 of different files and the corresponding file level. The file level is mainly based on the static characteristics in the program file, such as the md5 verification code obtained by the Message-Digest Algorithm 5 (referred to as md5) operation, or the SHA1 code, or the Cyclic Redundancy Check (Cyclic Redundancy Check). , CRC for short) code, etc., which can uniquely identify the original program, or it can be a static feature string in the program file.

首先,在服务器中,设文件对应的文件等级码数值为10-20是白的(即安全文件,或称为可信文件),文件对应的文件等级码数值为30是未知的(即可疑文件),不在白名单(白名单可以是可信任文件的列表),也不在黑名单(黑名单可以是恶意文件的列表),文件对应的文件等级码数值为50-70都是黑的(即恶意文件)。当U盘连接云数据库时,根据文件的md5可以查询到该码数值。First of all, in the server, if the value of the file level code corresponding to the file is 10-20, it is white (that is, a safe file, or called a trusted file), and the value of the file level code corresponding to the file is 30, which is unknown (that is, a suspicious file). ), not in the whitelist (the whitelist can be a list of trusted files), nor in the blacklist (the blacklist can be a list of malicious files), the file level code value corresponding to the file is 50-70, which are all black (that is, malicious document). When the U disk is connected to the cloud database, the code value can be queried according to the md5 of the file.

然后把找到的危险(恶意)或可疑文件放入隔离区(即在移动设备的存储空间中创建的文件夹)中。应当注意,在一些实施例中,可疑文件也可以不放入隔离区。The found dangerous (malicious) or suspicious files are then placed in quarantine (i.e. a folder created in the storage space of the mobile device). It should be noted that, in some embodiments, suspicious files may also not be placed in the quarantine area.

对于u盘扫描后台采用的等级,主要是根据后台收集到的某个文件的PE文件的等级,若非PE文件的等级>=30,则是可疑文件;若PE文件等级>=50,则是危险(恶意)文件;若PE文件的等级=70,则是木马文件。The level used in the background of the u disk scanning is mainly based on the level of the PE file of a certain file collected in the background. If the level of the non-PE file is >=30, it is a suspicious file; if the level of the PE file is >=50, it is dangerous (Malicious) file; if the level of the PE file = 70, it is a Trojan horse file.

如图2所示,为对移动设备中的文件的扫描结果。当一台计算设备上插入移动设备时,云查杀扫描并确认文件有异常时,包括文件为可疑文件、危险文件或木马文件。As shown in Figure 2, it is the scanning result of the file in the mobile device. When a mobile device is plugged into a computing device, Cloud Antivirus scans and confirms that the file is abnormal, including whether the file is a suspicious file, a dangerous file or a Trojan horse file.

例如,在图2中,文件名为auto.bat的文件为可疑文件,文件名为setup-guiying.exe和文件名为pucgc5951飓风.exe的文件为木马文件。For example, in Figure 2, the file named auto.bat is a suspicious file, the file named setup-guiying.exe and the file named pucgc5951 hurricane.exe are Trojan horse files.

用户可以选择暂不处理、立即处理或立即处理并全面扫描U盘等指令。The user can choose not to process it temporarily, process it immediately, or process it immediately and scan the U disk comprehensively.

当用户选择“立即处理”指令后,在u盘创建“隔离文件”的文件夹,将需要处理的文件放入到“隔离文件”的文件夹中进行处理。When the user selects the "Process Immediately" command, a "quarantine file" folder is created on the USB flash drive, and the files to be processed are placed in the "quarantine file" folder for processing.

如果被放入隔离区中的危险或可疑文件被误报或误处理,并且需要恢复该危险或可疑文件时,直接从该隔离区把该危险或可疑文件恢复到其原始位置。If a dangerous or suspicious file placed in the quarantine area is falsely reported or mishandled, and the dangerous or suspicious file needs to be restored, restore the dangerous or suspicious file directly from the quarantine area to its original location.

根据本发明的实施例,提供了一种文件管理装置。According to an embodiment of the present invention, a file management apparatus is provided.

如图3所示,文件管理装置包括:As shown in Figure 3, the file management device includes:

判断模块31,用于对移动设备的存储空间进行扫描,判断存储空间中是否包含需要处理的文件;The judgment module 31 is used to scan the storage space of the mobile device, and determine whether the storage space contains files that need to be processed;

配置模块32,用于在判断包含需要处理的文件的情况下,在存储空间中创建文件夹,并将需要处理的文件放入文件夹中;The configuration module 32 is used to create a folder in the storage space when it is judged that the file to be processed is included, and put the file to be processed into the folder;

处理模块33,用于根据指示对文件夹中存储的文件进行处理。The processing module 33 is configured to process the files stored in the folder according to the instruction.

其中,判断模块31用于判断存储空间是否包含可疑文件和/或恶意文件;并判断存储空间包含可疑文件和/或恶意文件的情况下,将存储空间中的可疑文件和/或恶意文件确定为需要处理的文件。Wherein, the judgment module 31 is used to judge whether the storage space contains suspicious files and/or malicious files; and when judging that the storage space contains suspicious files and/or malicious files, the suspicious files and/or malicious files in the storage space are determined as The file that needs to be processed.

并且,该文件管理装置进一步包括:And, the file management device further includes:

确定模块(图中未示出),用于在将需要处理的文件放入文件夹中之后,接收来自用户的指示,并根据指示确定对文件夹中的文件需要进行的处理。The determining module (not shown in the figure) is configured to receive an instruction from the user after placing the file to be processed into the folder, and determine the required processing for the file in the folder according to the instruction.

此外,在来自用户的指示为恢复文件夹中的文件的情况下,处理模块33用于将文件夹中的文件恢复到原存储位置。In addition, when the instruction from the user is to restore the files in the folder, the processing module 33 is configured to restore the files in the folder to the original storage location.

而且,在来自用户的指示为删除文件夹中的文件的情况下,处理模块33用于将文件夹中的文件删除。Moreover, when the instruction from the user is to delete the files in the folder, the processing module 33 is used to delete the files in the folder.

借助于本发明的技术方案,把例如U盘之类的移动设备连接到任意一台计算设备上,都能够在该台计算设备恢复在该移动设备上先前被误删除的危险(恶意)或可疑文件。With the help of the technical solution of the present invention, a mobile device such as a U disk can be connected to any computing device, and the dangerous (malicious) or suspicious that was previously deleted by mistake on the mobile device can be recovered on the computing device. document.

综上所述,借助于本发明的上述技术方案,通过对移动设备的存储空间进行扫描,在判断存储空间中有需要处理的文件的情况下,在该移动设备的存储空间中建立文件夹,并将需要处理的文件放入该文件夹中进行处理,能够在移动设备的存储空间中存储需要处理的文件,即使移动设备与其他的计算机连接,同样能够有效恢复或查阅移动设备原存储的文件,避免操作无法进行的问题。To sum up, with the help of the above technical solutions of the present invention, by scanning the storage space of the mobile device, when it is determined that there are files that need to be processed in the storage space, a folder is created in the storage space of the mobile device, Put the files to be processed into this folder for processing, and can store the files to be processed in the storage space of the mobile device. Even if the mobile device is connected to other computers, it can effectively restore or view the files originally stored on the mobile device. , to avoid the problem that the operation cannot be performed.

在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays provided herein are not inherently related to any particular computer, virtual system, or other device. Various general-purpose systems can also be used with teaching based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not directed to any particular programming language. It is to be understood that various programming languages may be used to implement the inventions described herein, and that the descriptions of specific languages above are intended to disclose the best mode for carrying out the invention.

在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. It will be understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it is to be understood that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together into a single embodiment, figure, or its description. This disclosure, however, should not be construed as reflecting an intention that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. The modules or units or components in the embodiments may be combined into one module or unit or component, and further they may be divided into multiple sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method so disclosed may be employed in any combination, unless at least some of such features and/or procedures or elements are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will appreciate that although some of the embodiments described herein include certain features, but not others, included in other embodiments, that combinations of features of different embodiments are intended to be within the scope of the invention within and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的文件管理方法和装置中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。Various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all functions of some or all components in the file management method and apparatus according to the embodiments of the present invention. The present invention can also be implemented as apparatus or apparatus programs (eg, computer programs and computer program products) for performing part or all of the methods described herein. Such a program implementing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such signals may be downloaded from Internet sites, or provided on carrier signals, or in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-described embodiments illustrate rather than limit the invention, and that alternative embodiments may be devised by those skilled in the art without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several different elements and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. do not denote any order. These words can be interpreted as names.

Claims (8)

1. a kind of file management method, for being managed to the file on USB flash disk comprising:
Server carries out cloud killing scanning to the file in USB flash disk memory space, obtains the background grade of scanned document, together When in the server, the corresponding file hierarchies code of setting file, file hierarchies obtained and set file hierarchies code into Whether row comparison judges in the memory space comprising file to be treated;
If creating file in the memory space comprising file to be treated, and by the text to be treated Part is put into the file;
The file stored in the file is handled according to instruction;
Wherein, judge in the memory space whether to include that file to be treated includes:
Judge whether the memory space includes apocrypha and/or malicious file;
If the memory space include apocrypha and/or malicious file, by the memory space apocrypha and/ Or malicious file is determined as file to be treated.
2. file management method according to claim 1, which is characterized in that the file to be treated is being put into institute After stating in file, the file management method further comprises:
Instruction from the user is received, is determined according to the instruction to the file needed processing in the file.
3. file management method according to claim 2, which is characterized in that be designated as restoring the text from the user In the case where file in part folder, carrying out processing to the file in the file includes:
By the file access pattern in the file to former storage location.
4. file management method according to claim 2, which is characterized in that be designated as deleting the text from the user In the case where file in part folder, carrying out processing to the file in the file includes:
File in the file is deleted.
5. a kind of document management apparatus, for being managed to the file on USB flash disk comprising:
Judgment module, server carry out cloud killing scanning to the file in USB flash disk memory space, obtain the backstage text of scanned document Part grade, while in the server, the corresponding file hierarchies code of file, file hierarchies obtained and set file are set Whether grade code compares, judge in the memory space comprising file to be treated;
Configuration module, for creating file in the memory space in the case where judgement is comprising file to be treated, And the file to be treated is put into the file;
Processing module, for being handled according to instruction the file stored in the file;
Wherein, the judgment module is for judging whether the memory space includes apocrypha and/or malicious file;And judge In the case that the memory space includes apocrypha and/or malicious file, by the memory space apocrypha and/or Malicious file is determined as file to be treated.
6. document management apparatus according to claim 5, which is characterized in that further include:
Determining module, for receiving finger from the user after the file to be treated is put into the file Show, and is determined according to the instruction to the file needed processing in the file.
7. document management apparatus according to claim 6, which is characterized in that be designated as restoring the text from the user In the case where file in part folder, the processing module is used for the file access pattern in the file to former storage location.
8. document management apparatus according to claim 6, which is characterized in that be designated as deleting the text from the user In the case where file in part folder, the processing module is used to delete the file in the file.
CN201610483699.0A 2012-10-16 2012-10-16 File management method and device Expired - Fee Related CN106203105B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610483699.0A CN106203105B (en) 2012-10-16 2012-10-16 File management method and device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610483699.0A CN106203105B (en) 2012-10-16 2012-10-16 File management method and device
CN201210393609.0A CN102915359B (en) 2012-10-16 2012-10-16 File management method and device

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201210393609.0A Division CN102915359B (en) 2012-10-16 2012-10-16 File management method and device

Publications (2)

Publication Number Publication Date
CN106203105A CN106203105A (en) 2016-12-07
CN106203105B true CN106203105B (en) 2019-07-09

Family

ID=47613725

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201610483699.0A Expired - Fee Related CN106203105B (en) 2012-10-16 2012-10-16 File management method and device
CN201210393609.0A Active CN102915359B (en) 2012-10-16 2012-10-16 File management method and device

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN201210393609.0A Active CN102915359B (en) 2012-10-16 2012-10-16 File management method and device

Country Status (1)

Country Link
CN (2) CN106203105B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102930209B (en) * 2012-10-16 2016-04-27 北京奇虎科技有限公司 The document handling method of movable storage device and document handling apparatus
CN104994060B (en) * 2015-05-15 2019-03-19 百度在线网络技术(北京)有限公司 It is a kind of to provide the method and apparatus of verifying for logging in for user
CN107577940A (en) * 2017-08-07 2018-01-12 北京金山安全管理系统技术有限公司 Virus scan method and apparatus
CN108875373B (en) * 2017-12-29 2021-04-20 北京安天网络安全技术有限公司 Mobile storage medium file control method, device and system and electronic equipment
CN109063472A (en) * 2018-05-30 2018-12-21 太仓鸿策拓达科技咨询有限公司 Security of Network Database toxicological operation protective system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101079689A (en) * 2006-05-26 2007-11-28 上海晨兴电子科技有限公司 Method and device for virus scanning and processing of the data received by mobile phone

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101924761B (en) * 2010-08-18 2013-11-06 北京奇虎科技有限公司 Method for detecting malicious program according to white list
CN101930515B (en) * 2010-08-27 2012-11-21 奇智软件(北京)有限公司 System and method for safely decompressing compressed file
CN102411629A (en) * 2011-12-21 2012-04-11 Tcl集团股份有限公司 File scanning method and device based on android system
CN102592080B (en) * 2011-12-26 2015-11-11 北京奇虎科技有限公司 flash malicious file detection method and device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101079689A (en) * 2006-05-26 2007-11-28 上海晨兴电子科技有限公司 Method and device for virus scanning and processing of the data received by mobile phone

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
智能手机反病毒引擎设计及其重要模块的实现;陈敏;《中国优秀硕士学位论文全文数据库》;20110415(第4期);第1-81页

Also Published As

Publication number Publication date
CN106203105A (en) 2016-12-07
CN102915359B (en) 2016-08-10
CN102915359A (en) 2013-02-06

Similar Documents

Publication Publication Date Title
US10511616B2 (en) Method and system for detecting and remediating polymorphic attacks across an enterprise
US10216934B2 (en) Inferential exploit attempt detection
US8739284B1 (en) Systems and methods for blocking and removing internet-traversing malware
US8806625B1 (en) Systems and methods for performing security scans
US9135443B2 (en) Identifying malicious threads
US8176556B1 (en) Methods and systems for tracing web-based attacks
US8561180B1 (en) Systems and methods for aiding in the elimination of false-positive malware detections within enterprises
CN110659484B (en) System and method for generating a request for file information to perform an anti-virus scan
EP2663944B1 (en) Malware detection
CN103207970B (en) Virus document scan method and device
JP2014508363A (en) System and method for performing anti-malware metadata lookup
CN106203105B (en) File management method and device
US20090113548A1 (en) Executable Download Tracking System
JP6170900B2 (en) File processing method and apparatus
US8448243B1 (en) Systems and methods for detecting unknown malware in an executable file
WO2014082599A1 (en) Scanning device, cloud management device, method and system for checking and killing malicious programs
CN103679027A (en) Searching and killing method and device for kernel level malware
CN103279707A (en) Method, device and system for actively defending against malicious programs
US10089469B1 (en) Systems and methods for whitelisting file clusters in connection with trusted software packages
US8572730B1 (en) Systems and methods for revoking digital signatures
US10726129B2 (en) Persistence probing to detect malware
US10880316B2 (en) Method and system for determining initial execution of an attack
CN102930209B (en) The document handling method of movable storage device and document handling apparatus
RU2510530C1 (en) Method for automatic generation of heuristic algorithms for searching for malicious objects
US8918873B1 (en) Systems and methods for exonerating untrusted software components

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220727

Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190709