Although the Internet has had great successes in facilitating communications between computer systems and enabling electronic commerce, the computer systems connected to the Internet have been under almost constant attack by hackers seeking to disrupt their operation. Although many different types of attacks have been used, one of the most common types of attacks involves loading onto a computer system a file that contains instructions for performing a malicious behavior. For example, an executable file with a malicious behavior may be sent via an electronic mail message to the computer system. When a user executes that file, the malicious behavior is performed, such as randomly deleting files accessible via the computer system. The malicious behavior of files can vary significantly, with a self-replicating behavior of viruses, worms, and Trojan horses being the most pernicious. Many techniques have been developed to help identify whether the files that are being loaded onto or that are already loaded onto the computer system have a malicious behavior. These techniques are referred to generically as antivirus techniques.
One of the most common ways for the files to get loaded onto a particular computer system is by accessing files via a remote file system. A remote file system allows applications running on a computer system to access files that are stored on another computer system in a manner that is transparent to the applications. The computer system that accesses the file is referred to as a “client computer system,” and the computer system that stores the file is referred to as a “server computer system.” A server computer system can be dedicated to storing and serving of files. Alternatively, a server computer system can store and serve files and can access files stored on another computer system. In such a case, the computer system functions as both a server and client computer system. The computer systems that use a remote file system may also be peer computer systems that each function as a client and server computer system.
Whenever a client computer system downloads a file from a server computer system, there is a chance that the file may have a malicious behavior. Thus, whenever a file is downloaded from a server computer system to the client computer system, the client computer system may execute antivirus software to ensure that the file does not contain malicious behavior. If it does, then the antivirus software would discard the file so that the malicious behavior cannot be performed. A difficulty with such antivirus software is that detecting that a file has a malicious behavior can be computationally expensive and may not be effective at detecting previously unknown malicious behavior.
In addition to wanting to block the download of files with malicious behaviors, an enterprise (e.g., a corporation) may want to prevent users (e.g., employee) of its computer system from downloading certain types of files generally even though they do not have a malicious behavior. For example, a corporation may not want its employees to download MP3 files because of concerns of copyright violations or reduced employee productivity. An enterprise may also want to prevent the download of any files from certain server computer systems. For example, certain server computer systems may be known to have unlicensed copies of files or may have files containing sexually explicit material.
It would be desirable to have a technique for monitoring file access requests of a client computer system to server computer system so that the requests can be allowed or denied based on the file content, the file name path, the requested operation, and so on.