US Patent:
20110258702, Oct 20, 2011
Inventors:
Matthew Olney - Columbia MD, US
Patrick Mullen - Sykesville MD, US
Lurene Grenier - Severna Park MD, US
Nigel Houghton - Potomac Falls VA, US
Ryan Pentney - Columbia MD, US
Assignee:
Sourcefire, Inc. - Columbia MD
International Classification:
G06F 21/00
Abstract:
A system includes a processor. The processor is configured to receive network traffic that includes a data block. The processor will generate a unique identifier (UID) for the file that includes a hash value corresponding to the file. The processor will determine whether the file is indicated as good or bad with the previously-stored UID. The processor will call a file-type specific detection nugget corresponding to the file's file-type to perform a full file inspection to detect whether the file is good or bad and store a result of the inspection together with the UID of the file, when the file is determined to be not listed in the previously-stored UIDs. The processor will not call the file-type specific detection nugget when the file's indicator is “good” or “bad” in the previously-stored UIDs. The processor will issue an alert about the bad file when the file's indicator is “bad”.