1. Field of the Invention
The present invention relates to detection and removal of a malicious code inserted into a file, and more particularly, to an apparatus and method for safely removing a malicious code from a document or image file, or reporting the probable presence of a malicious code inserted into it when the malicious code cannot be removed.
2. Discussion of Related Art
In recent times there have been various attempts to insert a malicious code into a document file by using vulnerabilities in word processors (e.g., Microsoft Office, Haansoft Hangul, etc.).
Conventionally, a malicious code inserted into a document file is detected by comparison of its signature with those of well-known malicious codes registered in a database (DB). In this case, a malicious code having no signature may be undetectable. Also, since recent malicious codes employ packers and polymorphism to avoid well-known signatures used for detection and vaccination, the conventional signature-based malicious code detection technology has become even more limited.