1. Field of the Invention
The invention relates to an information field, and more particularly, to a method for detecting and killing computer viruses by using multiple antivirus engines and related device.
2. Description of the Prior Art
As the progress of this information society, computers and networks become more and more important. Computer viruses cause damages and cost of computer resources. Computer viruses not only cause a huge cost of resources and money, but possibly introduce a disaster of the entire society.
The computer virus is computer instructions or program code, which is able to reproduce itself and is inserted into the computer execution procedure for ruining the functions of the computer, damaging data, or disrupting the computer. The computer virus is often parasitic, infectious, non-obvious, damaging, and various, and can be classified into worms, trojans, and script viruses.
In order to detect and kill computer viruses efficiently, many computer security providers develop antivirus software. The core of the antivirus software is an antivirus engine. The development of the antivirus engine is a professional technology having high technology entering gap, long development period, and high maintaining cost.
In the related art, the antivirus engine is the core of the entire antivirus software and antivirus applications. Please refer to FIG. 1 showing a block diagram of a conventional antivirus engine. The antivirus engine 110 comprises a file analyzing module 111, a virus scanning module 112, and a signature storage module 113. The corresponding processing procedure comprises:
The antivirus engine 110 receives an input from the application module 120 (the access route to the file).
And then, the file analyzing module 111 detects the type of the file and performs some pre-processing procedure on the file. For example, upon receiving a compressed file, the file analyzing module 111 firstly decompresses the compressed file. Upon receiving an encoded file, the file analyzing module 111 firstly decodes the encoded file.
After the analysis of the file, the file analyzing module 111 sends the information associated with the file to the virus scanning module 112. The virus scanning module 112 loads the signature storage module 113 to utilize the virus signatures for scanning the analyzed file in order to determine whether the analyzed file matches the virus signatures inside the virus signature database.
At last, the scanned information of the file returns to the application module 120.
Currently, the most common virus detection is achieved through a signature-based detection, checksum detection, manner detection, and software simulation detection.
As the progress of the antivirus technique, the cloud killing virus technique is introduced. At first, the cloud computing is a development of parallel computing, distributing computing, and network computing. It's a result of combining virtualizing, IaaS (Infrastructure as a Service), and PaaS (Platform as a Service) concepts. In general, the cloud computing is achieved by the cloud computing service provider. The cloud computing service provider establishes a cloud storage and computing center. Users link to the “cloud” through the network to utilize the “cloud” as a data storage and an application service center. The cloud killing is an application in the antivirus field of the cloud computing technique. In the cloud killing virus technique, a client end is not required to retain the virus signature database. The virus signature information is stored in the cloud. In the scanning procedure, the users obtain the characteristics of the file and send the characteristics of the file to the cloud. The cloud performs the matching procedure on the characteristics of the file and the virus signature database. At last, the matching result is sent back to the client end.
Applicants found the related art has following problems:
Computer viruses have more frequently been designed for profit. And the virus changes fast and its technology becomes higher and higher. Therefore, a single antivirus engine cannot detect all of the viruses. This is the reason why the current security software often adopts a multiple antivirus engine solution.
However, in a current design of multiple antivirus engines, how to support multiple antivirus engine killing, achieve a smart antivirus engine allocating strategy, and provide enough supports in different applications has not been solved in the related art.