1. Field of the Invention
The present invention relates generally to data processing networks, and more particularly to virus scanning in a data processing network.
2. Description of Related Art
A computer virus is an intrusive program that infects computer files by inserting in those files copies of itself. When a file containing a virus is executed, the virus may replicate and infect other files, and cause damaging side effects.
As data networks become more open to permit a multiplicity of diverse users to share access to files, the networks are subjected to an increasing threat from viruses. The threat has been addressed by restricting the origin of files to trusted sources, and by using virus checker software to scan the files before the files are executed.
Virus checking software has been installed in a variety of locations within a data network. Users are familiar with virus checking software that runs as a background task on personal computers and workstations. This virus checking software has the disadvantage that it may be disabled or in need of updating to recognize new viruses.
Due to the relative difficulty of maintaining virus checking software on workstations in a network, the virus checkers have been installed in proxy servers and file servers in the network. A proxy server can function as a gatekeeper or filter for files received or transmitted by a group of workstations. A proxy server having a virus checker is an effective means for virus protection for services, such as electronic mail, that are insensitive to transmission delay due to the time that the virus checker needs for scanning the files received or transmitted. The scanning time, however, is relatively long compared to the time for data access in a file server. Therefore, it is often expedient to forego virus checking when accessing a file in a file server. This approach demands that any file contained in the file server must have been scanned for possible viruses before reading from the file. The file server, for example, contains a virus checker utility that scans for viruses. When a user closes a file after any write access to the file, the file is scanned for possible viruses that may have been introduced during the user's write access, before any other user is permitted to open the file. If the virus checker in the file server detects a virus in a file, the file remains locked by the operating system of the file server until the infected file is deleted or disinfected.
As described in Frank S. Caccavale, U.S. patent application Ser. No. 09/804,320, filed Mar. 12, 2001, entitled “Using a Virus Checker in One File Server to Check for Viruses in Another File Server,” Publication No. US-2002-0129277-A1, incorporated herein by reference, when a network client accesses a file in a network file server, the network file server invokes a conventional virus checker program in an NT file server to transfer pertinent file data from the network file server to random access memory in the NT file server to perform an anti-virus scan. Users may interact with the virus checker program in the usual fashion, to select file types to check, and actions to perform when a virus is detected. This method eliminates the need for porting the virus checker program to the network file server, and avoids maintenance problems when the virus checker program is updated or upgraded. Moreover, a kernel mode driver in the NT file server may provide an indirect interface to the virus checker program for initiating an anti-virus scan. Therefore, the driver supports a wide variety of virus checker programs and ensures continued operation when the virus checker program is upgraded.