CN107370747A - A kind of method and device for preventing malicious file from propagating - Google Patents
A kind of method and device for preventing malicious file from propagating Download PDFInfo
- Publication number
- CN107370747A CN107370747A CN201710691531.3A CN201710691531A CN107370747A CN 107370747 A CN107370747 A CN 107370747A CN 201710691531 A CN201710691531 A CN 201710691531A CN 107370747 A CN107370747 A CN 107370747A
- Authority
- CN
- China
- Prior art keywords
- target file
- file
- server
- terminal
- malicious
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 80
- 230000001902 propagating effect Effects 0.000 title abstract 2
- 241000700605 Viruses Species 0.000 claims abstract description 87
- 230000005540 biological transmission Effects 0.000 claims abstract description 4
- 230000008569 process Effects 0.000 claims description 31
- 238000002955 isolation Methods 0.000 claims description 30
- 238000012545 processing Methods 0.000 claims description 21
- 238000004891 communication Methods 0.000 claims description 20
- 230000008439 repair process Effects 0.000 claims description 3
- 230000003612 virological effect Effects 0.000 abstract 2
- 238000010586 diagram Methods 0.000 description 8
- 230000007480 spreading Effects 0.000 description 8
- 238000004590 computer program Methods 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Embodiment of the invention discloses that a kind of method and device for preventing malicious file from propagating, proxy server in this method is receiving being uploaded to server or after the solicited message of server downloading object file of terminal transmission, obtains the file destination.The file destination is checked, so as to judge the security of the file destination.Only when the file destination does not carry malicious virus, just the file destination can be uploaded onto the server or be sent to terminal according to solicited message.And when the file destination is malicious file, then the file destination is put into viral isolated area.File destination can not be run in viral isolated area, also it can not upload onto the server or be sent to terminal, so as to prevent the propagation of malicious file, malicious file is eliminated to server and the security threat of terminal, while also prevent malicious file to attack proxy server in itself.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method and a device for preventing malicious files from spreading.
Background
A network proxy refers to a device that allows one network terminal (typically a client) to make an indirect connection with another network terminal (typically a server) through this service. Some network devices such as gateways and routers have a network proxy function. In a network proxy, a client first creates a connection with a proxy server and then requests to create a connection to the server or to obtain a specified resource (e.g., a file) for the server, according to the proxy protocol used by the proxy server.
However, when a user uploads a file to the cloud server, if the uploaded file is a malicious file, the malicious file uploaded to the cloud server may not only affect the performance of the cloud server, but also cause the spread of the malicious file. Meanwhile, when a user downloads a file from the cloud server, if the downloaded file is a malicious file, the terminal downloading the file is also attacked by the malicious file.
In the process of implementing the embodiment of the invention, the inventor finds that in the existing process of transmitting the file between the terminal of the user and the server, the transmitted file is easily a malicious file, so that the propagation of the malicious file is caused, and the security of the terminal of the user and the server is threatened.
Disclosure of Invention
The technical problem to be solved by the invention is how to solve the problem that in the process of transmitting files between the terminal of the user and the server, the transmitted files are easily malicious files, so that the propagation of the malicious files is caused, and the security of the terminal of the user and the server is threatened.
In view of the above technical problems, an embodiment of the present invention provides a method for preventing malicious files from spreading, including:
receiving request information of uploading a target file to a server or downloading the target file from the server, which is sent by a terminal;
acquiring the target file according to the request information;
if the target file carries malicious viruses, storing the target file in a virus isolation area;
and if the target file does not carry malicious viruses, uploading the target file to the server or sending the target file to the terminal according to the request information.
Optionally, if the target file carries a malicious virus, storing the target file after the virus isolation region, further includes:
judging whether the target file can be repaired into a safe file without carrying malicious viruses or not, and if so, repairing the target file into the safe file;
and uploading the security file to the server or sending the security file to the terminal according to the request information.
Optionally, the method further comprises:
if the target file cannot be repaired to be the safe file and the request information is that the target file is uploaded to the server, sending first prompt information that the target file is a malicious file and cannot be uploaded to the server to the terminal and sending second prompt information that a worker is requested to process the target file;
if the target file cannot be repaired to be the safe file and the request information is that the target file is downloaded from the server, third prompt information that the target file is a malicious file is sent to the terminal, and fourth prompt information that a worker is requested to process the target file is sent.
Optionally, after the third prompt message that the target file is a malicious file is sent to the terminal, the method further includes:
and if receiving the information for confirming downloading of the target file, sending the target file to the terminal.
Optionally, after the sending of the second prompt message requesting the staff to process the target file or the sending of the fourth prompt message requesting the staff to process the target file, the method further includes:
and if receiving instruction information for deleting the target file, deleting the target file.
Optionally, the receiving terminal sends request information for downloading the target file from the server; acquiring the target file according to the request information, wherein the acquisition comprises the following steps:
receiving request information of downloading a target file from a server, which is sent by the terminal, and sending the request information to the server;
and receiving feedback information of the server, and downloading the target file from the server according to the feedback information.
Optionally, the receiving terminal sends request information for uploading the target file to the server; acquiring the target file according to the request information, wherein the acquisition comprises the following steps:
receiving request information which is sent by the terminal and used for uploading the target file to the server;
and acquiring the target file corresponding to the request information.
In a second aspect, an embodiment of the present invention further provides an apparatus for preventing a malicious file from spreading, including:
a receiving module for receiving the request information of uploading or downloading the target file from the server sent by the terminal
The acquisition module is used for acquiring the target file according to the request information;
the first processing module is used for storing the target file in a virus isolation area if the target file carries malicious viruses;
and the second processing module is used for uploading the target file to the server or sending the target file to the terminal according to the request information if the target file does not carry malicious viruses.
Optionally, the first processing module is further configured to determine whether the target file can be repaired to a secure file that does not carry a malicious virus, and if so, repair the target file to the secure file; and uploading the security file to the server or sending the security file to the terminal according to the request information.
Optionally, the first processing module is further configured to:
if the target file cannot be repaired to be the safe file and the request information is that the target file is uploaded to the server, sending first prompt information that the target file is a malicious file and cannot be uploaded to the server to the terminal and sending second prompt information that a worker is requested to process the target file;
if the target file cannot be repaired to be the safe file and the request information is that the target file is downloaded from the server, third prompt information that the target file is a malicious file is sent to the terminal, and fourth prompt information that a worker is requested to process the target file is sent.
Optionally, the first processing module is further configured to send the target file to the terminal if receiving information for confirming downloading of the target file.
The first processing module is further configured to delete the target file if instruction information for deleting the target file is received after sending second prompt information for requesting a worker to process the target file or sending fourth prompt information for requesting the worker to process the target file.
Optionally, the first processing module is further configured to receive request information sent by the terminal to download the target file from a server, and send the request information to the server;
the acquisition module is further used for receiving feedback information of the server and downloading the target file from the server according to the feedback information.
Optionally, the receiving module is further configured to receive request information, sent by the terminal, for uploading the target file to the server;
the obtaining module is further configured to obtain the target file corresponding to the request information.
In a third aspect, an embodiment of the present invention further provides an electronic device, including:
at least one processor, at least one memory, a communication interface, and a bus; wherein,
the processor, the memory and the communication interface complete mutual communication through the bus;
the communication interface is used for information transmission between the electronic equipment and the communication equipment of the server or the communication equipment of the terminal;
the memory stores program instructions executable by the processor, which when called by the processor are capable of performing the methods described above.
In a fourth aspect, embodiments of the invention also provide a non-transitory computer-readable storage medium storing computer instructions that cause the computer to perform the method described above.
The embodiment of the invention provides a method and a device for preventing malicious files from spreading. And checking the target file so as to judge the safety of the target file. And only when the target file does not carry the malicious virus, uploading the target file to a server or sending the target file to a terminal according to the request information. And when the target file is a malicious file, the target file is placed in the virus isolation area. The target file cannot run in the virus isolation area and cannot be uploaded to the server or sent to the terminal, so that propagation of the malicious file is prevented, security threats of the malicious file to the server and the terminal are eliminated, and meanwhile, attacks of the malicious file to the server or the proxy server are prevented.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for preventing propagation of a malicious file according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of the relationship between a terminal, a server and a proxy server according to another embodiment of the present invention;
fig. 3 is a schematic structural diagram of a proxy server according to another embodiment of the present invention;
fig. 4 is a block diagram of an apparatus for preventing propagation of a malicious file according to another embodiment of the present invention;
fig. 5 is a block diagram of an electronic device according to another embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a schematic flowchart of a method for preventing a malicious file from spreading according to this embodiment, and referring to fig. 1, the method includes:
101: receiving request information of uploading a target file to a server or downloading the target file from the server, which is sent by a terminal;
102: acquiring the target file according to the request information;
103: if the target file carries malicious viruses, storing the target file in a virus isolation area;
104: and if the target file does not carry malicious viruses, uploading the target file to the server or sending the target file to the terminal according to the request information.
It should be noted that the method provided by the present embodiment is executed by a proxy server disposed on a communication link between a server and a terminal, or executed by the server, and the present embodiment is not particularly limited to this. It can be understood that the method provided by the embodiment is also applicable to a connecting device for connecting two devices that mutually transmit data, so as to ensure the security of the two devices that mutually transmit data. The malicious viruses in this embodiment include computer viruses, worms, trojans, etc., which are not limited in this embodiment.
If the target file does not carry malicious viruses, uploading the target file to the server or sending the target file to the terminal according to the request information, wherein the method comprises the following steps:
if the target file does not carry malicious viruses and the request information is that the target file is uploaded to a server, uploading the target file to the server;
and if the target file does not carry malicious viruses and the request information is that the target file is downloaded from a server, sending the target file to the terminal.
For example, fig. 2 shows a schematic diagram of a relationship among a terminal, a server, and a proxy server in this embodiment, referring to fig. 2, when a terminal 201 (a mobile phone or a computer) uploads a file to a cloud server 203, according to a path a in fig. 2, the terminal 201 sends a target file to be uploaded to a proxy server 202, and the proxy server uploads the target file to the cloud server 203. In the method provided by this embodiment, after the target file is uploaded to the proxy server 202, the proxy server 202 scans the target file to determine whether the target file is a malicious file, and if not, the target file is uploaded to the cloud server 203, otherwise, the target file is stored in a virus isolation area to prevent the target file from being spread. When the terminal downloads the target file from the cloud server 203, after receiving the request for downloading the target file sent by the terminal 201, the proxy server 202 downloads the target file from the cloud server 203 according to a path B in fig. 2, scans the target file, determines whether the target file is a malicious file, and sends the target file to the terminal 201 if the target file is not the malicious file, otherwise, stores the target file in a virus isolation area, and prevents the target file from being spread.
It can be understood that, if the request information for uploading the target file to the server sent by the terminal is received, the request information carries the identification information of the terminal and the identification information of the target file, and the terminal sends the target file to the proxy server. If the request information of downloading the target file from the server, which is sent by the terminal, is received, the request information carries the identification information of the terminal and the identification information of the target file to be downloaded. Electric power
A malicious virus is a set of computer instructions or program code that is inserted into a program that destroys computer functions or data, can affect computer use, and can replicate itself. Malicious files are files that carry the computer under consideration. And in the process of judging whether the target file is a malicious file, scanning the target file, checking whether the target file contains malicious viruses, if so, judging that the target file is the malicious file, and if not, judging that the target file is not the malicious file. The process of determining whether the target file is a malicious file may be executed by a antivirus engine or antivirus software on the proxy server, which is not specifically limited in this embodiment.
The virus isolation area is a special folder for storing files, the files in the isolation area cannot run, and viruses in the isolation area cannot run or infect other parts of the system of the equipment where the viruses are located.
In order to prevent misoperation caused by direct deletion of a malicious file, in this embodiment, after the target file is identified as the malicious file, the target file is stored in a virus isolation area. And judging whether the target file can be repaired in the virus isolation area, if so, repairing the target file into a safe file, and then sending the safe file to a terminal or uploading the safe file to a server. If the target file cannot be repaired, the relevant staff is informed to process the target file, for example, the target file is deleted.
The embodiment provides a method for preventing malicious files from spreading, wherein a proxy server in the method acquires a target file after receiving request information of uploading or downloading the target file to or from a server, which is sent by a terminal. And checking the target file so as to judge the safety of the target file. And only when the target file does not carry the malicious virus, uploading the target file to a server or sending the target file to a terminal according to the request information. And when the target file is a malicious file, the target file is placed in the virus isolation area. The target file cannot run in the virus isolation area and cannot be uploaded to the server or sent to the terminal, so that propagation of the malicious file is prevented, security threats of the malicious file to the server and the terminal are eliminated, and meanwhile, the malicious file is prevented from attacking the proxy server.
Further, on the basis of the foregoing embodiment, if the target file carries a malicious virus, the storing the target file after the virus isolation area further includes:
judging whether the target file can be repaired into a safe file which does not carry the malicious virus, if so, repairing the target file into the safe file;
and uploading the security file to the server or sending the security file to the terminal according to the request information.
It should be noted that, whether the malicious file can be repaired or not is checked, and the repair of the malicious file can be implemented by corresponding software. For example, the software checks the malicious file for the location of the malicious virus, and if the header of the malicious file is embedded with the virus, the malicious file is determined to be unrepairable. If the malicious virus is implanted into the malicious file and the operation of the malicious file is not influenced after the malicious virus is deleted, the malicious file is judged to be repaired. And if the malicious file can be repaired, repairing the malicious file to obtain a repaired security file. It can be understood that after the malicious file is repaired, the repaired security file can be transferred out of the virus isolation area, and then the security file is uploaded to a server or sent to a terminal.
It can be understood that when the request information is to upload the target file to the server, the repaired security file is uploaded to the server. And if the request information is to download the target file to the terminal, sending the repaired security file to the terminal.
In the method for preventing propagation of the malicious file, whether the file stored in the virus isolation area can be repaired is checked, and if the file can be repaired, the malicious file is repaired into a security file and then sent to the terminal or uploaded to the server. According to the method, even if the uploaded file is a malicious file, the spread of malicious viruses can be prevented by repairing the malicious file.
Further, on the basis of the above embodiments, the method further includes:
if the target file cannot be repaired to be the safe file and the request information is that the target file is uploaded to the server, sending first prompt information that the target file is a malicious file and cannot be uploaded to the server to the terminal and sending second prompt information that a worker is requested to process the target file;
if the target file cannot be repaired to be the safe file and the request information is that the target file is downloaded from the server, third prompt information that the target file is a malicious file is sent to the terminal, and fourth prompt information that a worker is requested to process the target file is sent.
Further, on the basis of the foregoing embodiments, after the sending, to the terminal, the third prompt information that the target file is a malicious file, the method further includes:
and if receiving the information for confirming downloading of the target file, sending the target file to the terminal.
Further, on the basis of the foregoing embodiments, after the sending second prompt information for requesting the staff to process the target file or sending fourth prompt information for requesting the staff to process the target file, the method further includes:
and if receiving instruction information for deleting the target file, deleting the target file.
And when the target file cannot be repaired, sending prompt information to a corresponding terminal or a corresponding worker according to the request information. For example, when a target file of the terminal upload server is a malicious file and the target file cannot be repaired, on one hand, first prompt information indicating that the target file upload server fails (certainly, the reason for the upload failure) needs to be sent to the terminal, and on the other hand, second prompt information indicating that the target file in the virus isolation area is processed in time needs to be sent to a worker. The first prompt message can be displayed on the terminal in a bullet screen mode so as to inform a user that the target file uploading server fails, and the target file is a malicious file. The second prompt message can prompt the staff to process the target file of the virus isolation area in time by sending a mail to a preset mailbox of the staff or sending a short message to a mobile phone of the staff. For example, if the staff member inputs an instruction to delete the target file on the interactive device corresponding to the proxy server, the target file is deleted.
When the terminal downloads the target file from the server, if the proxy server judges that the target file is a malicious file and the target file cannot be repaired, on one hand, third prompt information that the target file is the malicious file needs to be sent to the terminal. For example, the third prompt message is displayed on the terminal in a bullet screen form, prompts the user that the target file is a malicious file, determines whether to download the target file, and sends the information for confirming downloading the target file to the proxy server after the user triggers a button for confirming downloading. On the other hand, fourth prompt information for timely processing of the target file in the virus isolation area and even processing of the target file in the server needs to be sent to the staff. The fourth prompt message can prompt the staff to process the target file of the virus isolation area in time by sending a mail to a preset mailbox of the staff or sending a short message to a mobile phone of the staff. For example, if the staff member inputs an instruction to delete the target file on the proxy server or the interactive device corresponding to the server, the target file is deleted.
In the method for preventing propagation of a malicious file, in the process that a target file cannot be repaired to a secure file, one side sends corresponding prompt information to a terminal, and the other side sends corresponding prompt information to a worker to notify the worker to timely process the proxy server and the malicious file on the server, so that the worker confirms the malicious file to avoid mistaken deletion of the target file, and the timely processing of the target file also avoids occupation of storage resources by the target file.
Further, on the basis of the above embodiments, the receiving terminal receives request information for downloading the target file from the server; acquiring the target file according to the request information, wherein the acquisition comprises the following steps:
receiving request information of downloading a target file from a server, which is sent by the terminal, and sending the request information to the server;
and receiving feedback information of the server, and downloading the target file from the server according to the feedback information.
When the terminal downloads the target file from the server, the terminal transmits request information for downloading the target file to the proxy server. After receiving the request information, the proxy server sends the request information to the server, the server sends feedback information carrying the download address of the target file to the proxy server according to the identification information of the target file carried in the request information, and the proxy server can download the target file according to the download address in the feedback information.
Further, on the basis of the above embodiments, the receiving terminal sends request information for uploading a target file to a server; acquiring the target file according to the request information, wherein the acquisition comprises the following steps:
receiving request information which is sent by the terminal and used for uploading the target file to the server;
and acquiring the target file corresponding to the request information.
When the terminal uploads the target file to the server, the terminal sends request information for uploading the target file to the proxy server, and simultaneously sends the target file to be uploaded to the server to the proxy server.
In the method for preventing propagation of a malicious file, after the target file is acquired in different manners in two processes of downloading the target file from the server and uploading the target file to the server, the target file is checked, so that whether the target file is a malicious file is determined.
Fig. 3 is a schematic structural diagram of the proxy server provided in this embodiment, and referring to fig. 3, the proxy server includes a file scanning engine, a virus library, and an engine update engine. For example, after downloading a file (target file) from a cloud server, the proxy server scans the file by using a file scanning engine in combination with a virus sample (or cloud scanning) stored in a virus library and the scanning engine, and determines whether the file carries a malicious virus.
And the virus library and the engine updating engine are used for updating the virus library and the scanning engine according to the updating rule. The time for the virus library and the engine updating engine to acquire the new virus library or the new engine can be set through the user updating module. The engine and the virus library updating service are used for providing a new engine or virus for the virus library and the engine updating engine, so that the virus library and the engine updating engine update the virus library and the engine of the proxy server after acquiring the new engine or virus.
It can be understood that the proxy server further comprises a user configuration module and a configuration processing module, so as to configure the parameters related to the terminal of the user and the proxy server, and ensure that the connection relationship between the terminal and the proxy server can be smoothly established. And the scanning and updating display module is used for displaying the scanning progress of the file scanning by the proxy server.
Fig. 4 shows a block diagram of an apparatus for preventing propagation of a malicious file according to an embodiment of the present invention, and referring to fig. 4, the apparatus for preventing propagation of a malicious file according to the embodiment includes a receiving module 401, an obtaining module 402, a first processing module 403, and a second processing module 404, wherein,
a receiving module 401, configured to receive request information for uploading or downloading a target file from a server, where the request information is sent by a terminal
An obtaining module 402, configured to obtain the target file according to the request information;
a first processing module 403, configured to store the target file in a virus isolation area if the target file carries a malicious virus;
a second processing module 404, configured to upload the target file to the server or send the target file to the terminal according to the request information if the target file does not carry malicious viruses.
The apparatus for preventing propagation of a malicious file provided in this embodiment is suitable for the method for preventing propagation of a malicious file provided in the foregoing embodiment, and details are not repeated here.
The embodiment provides a device for preventing malicious files from spreading, wherein a server or a proxy server in the device acquires a target file after receiving request information of uploading or downloading the target file to or from the server, which is sent by a terminal. And checking the target file so as to judge the safety of the target file. And only when the target file does not carry the malicious virus, uploading the target file to a server or sending the target file to a terminal according to the request information. And when the target file is a malicious file, the target file is placed in the virus isolation area. The target file cannot run in the virus isolation area and cannot be uploaded to the server or sent to the terminal, so that propagation of the malicious file is prevented, security threats of the malicious file to the server and the terminal are eliminated, and meanwhile, attacks of the malicious file to the server or the proxy server are prevented.
In a third aspect, fig. 5 is a block diagram illustrating a structure of an electronic apparatus provided in the present embodiment.
Referring to fig. 5, the electronic device includes: a processor (processor)501, a memory (memory)502, a communication Interface (Communications Interface)503, and a bus 504;
wherein,
the processor 501, the memory 502 and the communication interface 503 complete mutual communication through the bus 504;
the communication interface 503 is used for information transmission between the electronic device and the communication device of the server or the communication device of the terminal;
the processor 501 is configured to call program instructions in the memory 502 to perform the methods provided by the above-mentioned method embodiments, for example, including: receiving request information of uploading a target file to a server or downloading the target file from the server, which is sent by a terminal; acquiring the target file according to the request information; if the target file carries malicious viruses, storing the target file in a virus isolation area; and if the target file does not carry malicious viruses, uploading the target file to the server or sending the target file to the terminal according to the request information.
In a fourth aspect, the present embodiment provides a non-transitory computer-readable storage medium storing computer instructions that cause the computer to perform the method provided by the above method embodiments, for example, including: receiving request information of uploading a target file to a server or downloading the target file from the server, which is sent by a terminal; acquiring the target file according to the request information; if the target file carries malicious viruses, storing the target file in a virus isolation area; and if the target file does not carry malicious viruses, uploading the target file to the server or sending the target file to the terminal according to the request information.
The present embodiments disclose a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the methods provided by the above-described method embodiments, for example, comprising: receiving request information of uploading a target file to a server or downloading the target file from the server, which is sent by a terminal; acquiring the target file according to the request information; if the target file carries malicious viruses, storing the target file in a virus isolation area; and if the target file does not carry malicious viruses, uploading the target file to the server or sending the target file to the terminal according to the request information.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the method embodiments may be implemented by hardware related to program instructions, and the program may be stored in a computer readable storage medium, and when executed, the program performs the steps including the method embodiments; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
The above-described embodiments of the electronic device and the like are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may also be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only used for illustrating the technical solutions of the embodiments of the present invention, and are not limited thereto; although embodiments of the present invention have been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.
Claims (16)
1. A method of preventing the spread of malicious files, comprising:
receiving request information of uploading a target file to a server or downloading the target file from the server, which is sent by a terminal;
acquiring the target file according to the request information;
if the target file carries malicious viruses, storing the target file in a virus isolation area;
and if the target file does not carry malicious viruses, uploading the target file to the server or sending the target file to the terminal according to the request information.
2. The method of claim 1, wherein if the target file carries a malicious virus, storing the target file after a virus quarantine area, further comprises:
judging whether the target file can be repaired into a safe file without carrying malicious viruses or not, and if so, repairing the target file into the safe file;
and uploading the security file to the server or sending the security file to the terminal according to the request information.
3. The method as recited in claim 2, further comprising:
if the target file cannot be repaired to be the safe file and the request information is that the target file is uploaded to the server, sending first prompt information that the target file is a malicious file and cannot be uploaded to the server to the terminal and sending second prompt information that a worker is requested to process the target file;
if the target file cannot be repaired to be the safe file and the request information is that the target file is downloaded from the server, third prompt information that the target file is a malicious file is sent to the terminal, and fourth prompt information that a worker is requested to process the target file is sent.
4. The method according to claim 3, wherein after sending the third prompt that the target file is a malicious file to the terminal, the method further comprises:
and if receiving the information for confirming downloading of the target file, sending the target file to the terminal.
5. The method of claim 3, wherein after sending the second prompt for requesting the staff to process the target document or sending the fourth prompt for requesting the staff to process the target document, the method further comprises:
and if receiving instruction information for deleting the target file, deleting the target file.
6. The method according to claim 1, wherein the receiving terminal sends a request message for downloading the target file from the server; acquiring the target file according to the request information, wherein the acquisition comprises the following steps:
receiving request information of downloading a target file from a server, which is sent by the terminal, and sending the request information to the server;
and receiving feedback information of the server, and downloading the target file from the server according to the feedback information.
7. The method according to claim 1, wherein the receiving terminal sends request information for uploading the target file to the server; acquiring the target file according to the request information, wherein the acquisition comprises the following steps:
receiving request information which is sent by the terminal and used for uploading the target file to the server;
and acquiring the target file corresponding to the request information.
8. An apparatus for preventing propagation of malicious files, comprising:
the receiving module is used for receiving request information of uploading or downloading the target file from the server, which is sent by the terminal;
the acquisition module is used for acquiring the target file according to the request information;
the first processing module is used for storing the target file in a virus isolation area if the target file carries malicious viruses;
and the second processing module is used for uploading the target file to the server or sending the target file to the terminal according to the request information if the target file does not carry malicious viruses.
9. The apparatus according to claim 8, wherein the first processing module is further configured to determine whether the target file can be repaired to a secure file that does not carry a malicious virus, and if so, repair the target file to the secure file; and uploading the security file to the server or sending the security file to the terminal according to the request information.
10. The apparatus of claim 9, wherein the first processing module is further configured to:
if the target file cannot be repaired to be the safe file and the request information is that the target file is uploaded to the server, sending first prompt information that the target file is a malicious file and cannot be uploaded to the server to the terminal and sending second prompt information that a worker is requested to process the target file;
if the target file cannot be repaired to be the safe file and the request information is that the target file is downloaded from the server, third prompt information that the target file is a malicious file is sent to the terminal, and fourth prompt information that a worker is requested to process the target file is sent.
11. The apparatus according to claim 9, wherein the first processing module is further configured to send the target file to the terminal if receiving information confirming downloading of the target file after sending third prompt information that the target file is a malicious file to the terminal.
12. The apparatus according to claim 9, wherein the first processing module is further configured to delete the target file if instruction information for deleting the target file is received after sending second prompt information for requesting a worker to process the target file or sending fourth prompt information for requesting a worker to process the target file.
13. The apparatus according to claim 8, wherein the receiving module is further configured to receive request information sent by the terminal to download the target file from a server, and send the request information to the server;
the acquisition module is further used for receiving feedback information of the server and downloading the target file from the server according to the feedback information.
14. The apparatus according to claim 8, wherein the receiving module is further configured to receive request information sent by the terminal to upload the target file to the server;
the obtaining module is further configured to obtain the target file corresponding to the request information.
15. An electronic device, comprising:
at least one processor, at least one memory, a communication interface, and a bus; wherein,
the processor, the memory and the communication interface complete mutual communication through the bus;
the communication interface is used for information transmission between the electronic equipment and the communication equipment of the server or the communication equipment of the terminal;
the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of any of claims 1-7.
16. A non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710691531.3A CN107370747A (en) | 2017-08-14 | 2017-08-14 | A kind of method and device for preventing malicious file from propagating |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710691531.3A CN107370747A (en) | 2017-08-14 | 2017-08-14 | A kind of method and device for preventing malicious file from propagating |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107370747A true CN107370747A (en) | 2017-11-21 |
Family
ID=60309763
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710691531.3A Pending CN107370747A (en) | 2017-08-14 | 2017-08-14 | A kind of method and device for preventing malicious file from propagating |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107370747A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108156170A (en) * | 2018-01-03 | 2018-06-12 | 郑州云海信息技术有限公司 | Checking and killing method is isolated in a kind of Cloud Server virus |
| CN108650251A (en) * | 2018-04-27 | 2018-10-12 | 北京奇安信科技有限公司 | A kind of display processing method and device of network security comprehensive situation perception data |
| CN109063472A (en) * | 2018-05-30 | 2018-12-21 | 太仓鸿策拓达科技咨询有限公司 | Security of Network Database toxicological operation protective system |
| CN109194739A (en) * | 2018-09-03 | 2019-01-11 | 中国平安人寿保险股份有限公司 | A kind of file uploading method, storage medium and server |
| CN109933981A (en) * | 2017-12-18 | 2019-06-25 | 中标软件有限公司 | Virus scan optimization method |
| CN111712820A (en) * | 2017-12-21 | 2020-09-25 | 迈克菲有限责任公司 | Method and apparatus for securing a mobile device |
| CN112347041A (en) * | 2020-11-03 | 2021-02-09 | 紫光云引擎科技(苏州)有限公司 | Industrial cloud application store system file uploading security scanning method and system |
| CN112506699A (en) * | 2020-11-25 | 2021-03-16 | 江苏恒信和安电子科技有限公司 | Data security backup method, equipment and system |
| CN112528285A (en) * | 2020-12-18 | 2021-03-19 | 南方电网电力科技股份有限公司 | Security protection method and device for cloud computing platform, electronic equipment and storage medium |
| CN114676434A (en) * | 2020-12-24 | 2022-06-28 | 网神信息技术(北京)股份有限公司 | Method, apparatus, electronic device, medium and program for improving intranet security |
| CN115758360A (en) * | 2022-11-25 | 2023-03-07 | 北京安天网络安全技术有限公司 | File management and storage system |
| CN115952498A (en) * | 2022-12-02 | 2023-04-11 | 北京安天网络安全技术有限公司 | Protection method, device, electronic equipment and storage medium for files in isolated area |
| CN116760819A (en) * | 2023-07-14 | 2023-09-15 | 中电长城网际系统应用广东有限公司 | Computer file network transmission method, computer device and device medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2485724Y (en) * | 2001-03-16 | 2002-04-10 | 联想(北京)有限公司 | Security device for network virus to gate level computer |
| CN1375775A (en) * | 2001-03-16 | 2002-10-23 | 联想(北京)有限公司 | Geteway level computer network virus preventing method and device |
| CN101068204A (en) * | 2006-05-05 | 2007-11-07 | 美国博通公司 | Intermediate network node of communication structure and its execution method |
| CN101141244A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Network encrypted data virus detection and elimination system and proxy server and method |
| CN101414332A (en) * | 2007-10-15 | 2009-04-22 | 鸿富锦精密工业(深圳)有限公司 | Apparatus and method for preventing virus |
| CN101778059A (en) * | 2010-02-09 | 2010-07-14 | 成都市华为赛门铁克科技有限公司 | Mail processing method, gateway equipment and network system |
| CN102622537A (en) * | 2011-01-31 | 2012-08-01 | 中兴通讯股份有限公司 | Method and device for processing virus file |
-
2017
- 2017-08-14 CN CN201710691531.3A patent/CN107370747A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2485724Y (en) * | 2001-03-16 | 2002-04-10 | 联想(北京)有限公司 | Security device for network virus to gate level computer |
| CN1375775A (en) * | 2001-03-16 | 2002-10-23 | 联想(北京)有限公司 | Geteway level computer network virus preventing method and device |
| CN101068204A (en) * | 2006-05-05 | 2007-11-07 | 美国博通公司 | Intermediate network node of communication structure and its execution method |
| CN101141244A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | Network encrypted data virus detection and elimination system and proxy server and method |
| CN101414332A (en) * | 2007-10-15 | 2009-04-22 | 鸿富锦精密工业(深圳)有限公司 | Apparatus and method for preventing virus |
| CN101778059A (en) * | 2010-02-09 | 2010-07-14 | 成都市华为赛门铁克科技有限公司 | Mail processing method, gateway equipment and network system |
| CN102622537A (en) * | 2011-01-31 | 2012-08-01 | 中兴通讯股份有限公司 | Method and device for processing virus file |
Non-Patent Citations (1)
| Title |
|---|
| 数字时代工作室: "《个人用网安全与黑客防范技术》", 31 August 2001 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109933981A (en) * | 2017-12-18 | 2019-06-25 | 中标软件有限公司 | Virus scan optimization method |
| CN111712820A (en) * | 2017-12-21 | 2020-09-25 | 迈克菲有限责任公司 | Method and apparatus for securing a mobile device |
| CN108156170A (en) * | 2018-01-03 | 2018-06-12 | 郑州云海信息技术有限公司 | Checking and killing method is isolated in a kind of Cloud Server virus |
| CN108650251A (en) * | 2018-04-27 | 2018-10-12 | 北京奇安信科技有限公司 | A kind of display processing method and device of network security comprehensive situation perception data |
| CN109063472A (en) * | 2018-05-30 | 2018-12-21 | 太仓鸿策拓达科技咨询有限公司 | Security of Network Database toxicological operation protective system |
| CN109194739A (en) * | 2018-09-03 | 2019-01-11 | 中国平安人寿保险股份有限公司 | A kind of file uploading method, storage medium and server |
| CN112347041A (en) * | 2020-11-03 | 2021-02-09 | 紫光云引擎科技(苏州)有限公司 | Industrial cloud application store system file uploading security scanning method and system |
| CN112506699A (en) * | 2020-11-25 | 2021-03-16 | 江苏恒信和安电子科技有限公司 | Data security backup method, equipment and system |
| CN112528285A (en) * | 2020-12-18 | 2021-03-19 | 南方电网电力科技股份有限公司 | Security protection method and device for cloud computing platform, electronic equipment and storage medium |
| CN114676434A (en) * | 2020-12-24 | 2022-06-28 | 网神信息技术(北京)股份有限公司 | Method, apparatus, electronic device, medium and program for improving intranet security |
| CN115758360A (en) * | 2022-11-25 | 2023-03-07 | 北京安天网络安全技术有限公司 | File management and storage system |
| CN115952498A (en) * | 2022-12-02 | 2023-04-11 | 北京安天网络安全技术有限公司 | Protection method, device, electronic equipment and storage medium for files in isolated area |
| CN116760819A (en) * | 2023-07-14 | 2023-09-15 | 中电长城网际系统应用广东有限公司 | Computer file network transmission method, computer device and device medium |
| CN116760819B (en) * | 2023-07-14 | 2024-01-30 | 中电长城网际系统应用广东有限公司 | Computer file network transmission method, computer device and device medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107370747A (en) | A kind of method and device for preventing malicious file from propagating | |
| CN107748668B (en) | Method and device for upgrading application program | |
| US10581898B1 (en) | Malicious message analysis system | |
| CN105721461B (en) | System and method for utilizing special purpose computer security services | |
| US7904518B2 (en) | Apparatus and method for analyzing and filtering email and for providing web related services | |
| CN108280347A (en) | A kind of method and device of virus scan | |
| EP3038006B1 (en) | System and method for distributed detection of malware | |
| CN101834875B (en) | Method, device and system for defending DDoS (Distributed Denial of Service) attacks | |
| CN104781824A (en) | Dynamic quarantining for malware detection | |
| US9037668B2 (en) | Electronic message manager system, method, and computer program product for scanning an electronic message for unwanted content and associated unwanted sites | |
| CN111651754B (en) | Intrusion detection method and device, storage medium and electronic device | |
| CN107172075B (en) | Communication method, system and readable storage medium based on network isolation | |
| CN111400712A (en) | Virus scanning and killing method, device, device and computer storage medium for files | |
| EP3959632B1 (en) | File storage service initiation of antivirus software locally installed on a user device | |
| US11019082B2 (en) | Protection from malicious and/or harmful content in cloud-based service scenarios | |
| EP2661852A1 (en) | Limiting virulence of malicious messages using a proxy server | |
| CN111355682A (en) | E-mail sending method and E-mail proxy server | |
| CN115941795B (en) | Data transmission method, device, electronic device and storage medium | |
| CN108418844B (en) | Application layer attack protection method and attack protection terminal | |
| CN111212070A (en) | Risk monitoring method and device, computing equipment and medium | |
| CN108133154B (en) | Method and device for storing file | |
| CN111931178B (en) | Host protection method and system based on whitelist and file signature code in industrial environment | |
| CN106789902A (en) | A kind of industry control safety features detection method and device | |
| CN114338646B (en) | File interactive transmission method, device, equipment and storage medium | |
| EP3293924A1 (en) | Message processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171121 |
|
| RJ01 | Rejection of invention patent application after publication |