A computer virus is a typical example of an unauthorized job or data. For example, as an apparatus for suppressing computer virus infection, Japanese Patent Laid-Open No. 6-350784 discloses a facsimile apparatus which, when detecting that a received file is contaminated with a computer virus, erases the contaminated file, and transmits a warning to the file transmitter. Also, Japanese Patent Laid-Open No. 11-119927 discloses a printer apparatus which receives printing data and a program language, and detects and removes a computer virus mixed in the program language.
Recently, some computer peripheral apparatuses such as printers have a virus check function and can be operated in either a virus check preference mode in which data processing is performed after virus check is performed for a received job, and a data processing preference mode (high-speed processing mode) in which virus check is performed after data processing for a received job is completed.
If, however, an apparatus having the high-speed processing mode as described above intermittently receives in this high-speed processing mode a job contaminated by a computer virus which poses a problem in the apparatus itself, damage to the apparatus may become enormous.
For example, a control program of a printer or multifunction apparatus often has a strong authorization capable of directly controlling hardware such as a printer controller and video controller. Therefore, damage can be given to the apparatus by hiding harmful data in a job and causing the control program to process the job. Practical examples of such an attack from a malicious third party will be described below.
A first example is internal data destruction by a print job transmitted from a client PC (personal computer) to a printer. As shown in FIG. 11, a printer normally reads out data such as a font stored in a specific area of an internal hard disk of the printer, in accordance with a command contained in printing data (PDL JOB) transferred from a client PC, and rasterizes the data inside a controller. The first attack example abuses this mechanism. That is, as shown in FIG. 12, the first attack example hides harmful data which looks like font data in a print job, and causes the printer to write this data in a specific area of the internal hard disk of the printer, thereby destroying data such as fonts and programs stored in the specific area.
A second example is an indiscriminate transmission attack by a job transmitted from a client PC to a multifunction apparatus. This attack will be explained by taking facsimile transmission from a multifunction apparatus A to a multifunction apparatus B as an example. As shown in FIG. 13, this is usually done by the multifunction apparatus A by reading an address designation command contained in a facsimile transmission job (SEND job) received from a client PC. The second attack example misuses this mechanism. That is, as shown in FIG. 14, the second attack embeds a harmful code in the address designation command of the facsimile transmission job, and forces the multifunction apparatus A to transmit the same job to all data in an address notebook stored in the multifunction apparatus A. If a transmission destination is a multifunction apparatus of the same type, the same processing may be recurrently repeated to allow the harmful code to propagate in a broad range in a moment.
A third example is internal data destruction by a storage job transmitted from a client PC to a multifunction apparatus. As shown in FIG. 15, a multifunction apparatus can normally store data in a specific area (box) of an internal hard disk of the apparatus, in accordance with a storage destination control command, which is contained in a storage job (BOX JOB) transferred from a client PC. The third attack example misuses this mechanism. That is, as shown in FIG. 16, the third attack example hides a harmful code in the storage destination control command contained in the storage job, thereby overwriting all stored data in the box while erasing the data.