1. Field of the Invention
The present invention relates to the field of computer security and integrity within an electronic messaging environment, and in particular, to a system and method for controlling damage caused by and for containing the spread of software viruses, worms, or other destructive applications in an electronic messaging system.
2. Description of the Related Art
Electronic messaging began in the early 1970s during the development of the Advanced Research Projects Agency Network (ARPANET), a computer networking project funded by the United States government, designed to share computing, and the predecessor of today's Internet. At the outset, electronic messaging was not even contemplated as a potential application for ARPANET, though Ray Tomlinson's e-mail system would soon become the biggest use of ARPANET.
Early e-mail systems provided little more than a mechanism for exchanging text messages. If a user wished to exchange binary files such as executable applications, he or she would use the File Transfer Protocol (FTP). As the use of e-mail grew, network users began to develop ways to send files as attachments; however, e-mail systems were not well suited for transporting binary data because some binary files contained characters or control sequences that confused the e-mail transport and delivery systems. This prompted the development of programs such as “uuencode” that could convert binary files into text files that could then be sent within e-mails.
Over the years, e-mail systems have evolved to become more attuned to the demands of users, making common tasks easier to accomplish and creating complex systems that can be customized for the particular demands of an individual or company. For example, one of the most common tasks a user encounters is entering the recipients (e.g., destination addresses) of e-mail messages. The present version of Microsoft Outlook eases the task by including a directory of e-mail users and includes a Visual Basic extension that permits developers to create customized e-mail applications.
Along with the flexibility of modern e-mail systems comes added risks. Using modern e-mail clients such as Microsoft Outlook, users can send applications as attachments to e-mail messages. By making it easy for users to execute attached applications, modern electronic messaging systems prove easy targets for malicious applications such as electronic viruses, worms, and other destructive programs. The terms “virus” and “worm” are used herein to generically refer to those malicious applications and destructive programs.
A recent outbreak that took the world by storm was the “I Love You” worm. This Visual Basic code, when executed, looks through a user's address book and sends an e-mail message with a copy of the worm to each user in that address book. The worm spread rapidly, clogging e-mail servers throughout the world and forcing large corporations to shut down e-mail servers for an entire day. Network Associates, a major provider of anti-virus, network security and management software, estimates that the worm caused approximately $6.7 billion in damages throughout the world.
Once a virus has been identified, there are many anti-virus applications that can help enterprises detect and prevent outbreaks; however, when a new virus is released, users are vulnerable until the new virus has been analyzed and incorporated into the virus databases of the anti-virus applications.
Conventional anti-virus software scans e-mail attachments looking for applications that match a virus fingerprint. It can take hours before a fingerprint can be determined, tested, and then made available to anti-virus software customers and if Internet access is adversely impacted by a virus, then it may be extremely difficult to download the anti-virus software update.