1. Statement of the Technical Field
The present invention relates to computer virus detection and sanitation and more particularly to on-line content screening and sanitation.
2. Description of the Related Art
The growth of public networks such as the Internet has driven corresponding, but exponentially increasing growth in the generation and distribution of content across the public network. Initially, content had been formatted in one of a handful of content formats and distributed accordingly. Still, with the advent of the World Wide Web and the Web browser, a movement emerged in which content distributed over the Internet could be uniformly formatted using markup tags as in the hypertext markup language (HTML). Nevertheless, as it became apparent that the substance of content ought to remain separate from the formatting and presentation elements of content, new formatting technologies evolved. Thus, the idea of transforming content from one format to another followed.
In the field of global data communications, the sharing of content can be achieved by expressing that data using the extensible markup language (XML). Once expressed in XML, content can be sampled by multiple interested parties before ultimately becoming consumed. For example, XML content can be sampled by a transcoding engine and transformed using extensible stylesheet (XSL) or XPath technologies into a renderable XML-based grammar such as XHTML or WAP/WML. This renderable XML ultimately can be consumed by a client browser or a pervasive device. Hence, transcoding systems can provide a cost effective and efficient means for re-purposing formatted content in support of application data interchange.
Historically, HTML forms provided a mechanism for forms based input through which interactive Web applications could receive and process user input. HTML based Web forms, however, did not separate the purpose of the form from the presentation of a form. To address this clear deficiency, XForms were created in which the presentation of the form and the content of the form remained separate. XForms include separate sections which describe what the form ought to do, and how the form ought to appear. Thus, XForms decouple data, purpose/logic and presentation of a form.
Notably, XForms while having provided many advantages to application developers, also provide some advantages to malicious hackers. Specifically, XForms have been recognized as a vulnerability which can be exploited to gain unauthorized access to an otherwise protected enterprise. In that regard, a common content-based hack-attack leverages the structure and use of forms through which the hacker can route masqueraded data to enterprise servers co-located within the enterprise.
In particular, using XForms, hackers can stealthly submit malicious code into an otherwise protected enterprise through a seemingly innocuous form input element. Traditionally, the responsibility of protecting the enterprise from external hack-attacks had been left largely to individual trusted users in the enterprise. Yet, in view of notably successful hack-attacks such as the “Code Red” worm, it has become clear that the problem of protecting the enterprise from an external content-based hack-attack may soon escalate to the level where the protection of the enterprise cannot be left to individual users.
In the context of virus protection, many anti-virus technology vendors have recognized the advantage of providing centralized anti-virus functionality. Other anti-virus technology vendors have developed anti-virus programs which trap virus-laden downloads in transit between the file source and the enterprise. Still, conventional anti-virus technologies wholly ignore the transfer of content through form based input elements. Moreover, conventional anti-virus technologies lack malicious content cleansing functionality.
Thus, it would be desirable to relieve individual users from the task of monitoring and controlling content flow to and from the enterprise in order to detect and cleanse malicious content. Specifically, it would be advantageous firstly to monitor content before the content enters the enterprise, and secondly, to modify malicious content in an manner so as to transform the malicious content into non-malicious content. Finally, it would be desirable to view and use malicious content instead of merely blocking the entrance of malicious content into the enterprise.