1. Field
Embodiments of the present invention generally relate to computer security and computer network security. In particular, embodiments of the present invention relate to content filtering of remote file-system access protocol streams.
2. Description of the Related Art
Various remote file-system access protocols provide client applications with the ability to read and write to files on and to request services from server programs in a computer network. For example, the Server Message Block (SMB) protocol can be used over the Internet on top of the TCP/IP protocol or on top of other network protocols, such as Internetwork Packet Exchange (IPX) and NetBEUI, to access files at a remote server as well as other resources, including printers, mailslots, and named pipes. Thus, a client application can read, create, and update files on the remote server. It can also communicate with any server program that is set up to receive an SMB client request.
Common Internet File System (CIFS) defines a standard remote file-system access protocol for use over the Internet, enabling groups of users to work together and share documents across the Internet or within corporate intranets. CIFS is an open, cross-platform technology based on the native file-sharing protocols built into Microsoft® Windows® and other popular Personal Computer (PC) operating systems, and supported on dozens of other platforms.
Unfortunately, the use of such remote file-system access protocols introduces insecurities as (i) the complexities of these protocols have made it difficult to perform content filtering, such as malware scanning, on the files when transferred through a network gateway; (ii) most network equipment vendors have chosen to simply provide access control functionality to their gateways to control read and write access to files and/or specific shared resources while leaving any complex filtering to be performed on the server; and (iii) users sharing folders or other resources from their personal desktop machines may not have appropriate filtering applications (e.g., antivirus software) installed, and therefore malicious programs can potential spread to or from such shared folders or resources.