Field of the Invention and Description of Related Art
The present invention relates generally to a virus detection system. More specifically, a system and method for protecting a computer system by using a remote e-mail virus scanning device are disclosed.
Since 1987, when a virus infected ARPANET (Advanced Research Projects Agency Network), a large network used by the Defense Department and many universities, many antivirus programs have become commercially available for installation on computer systems and/or servers. Generally, a virus is a manmade destructive computer program or code that is loaded onto the computer system without the knowledge of the user and runs against the user's wishes and/or knowledge. Most viruses can replicate themselves and a simple virus that can replicate itself over and over is relatively easy to generate. However, even a simple virus can be dangerous as the virus can quickly use much or all of the available memory and possibly bring the computer system to a halt. A particularly dangerous type of virus is one that is capable of transmitting itself across networks and bypassing security systems.
One common type of virus is a macro virus which is encoded as a macro embedded in a document. Many applications, such as Microsoft Word® and Microsoft Excel®, support macro languages which allow the user to embed a macro in a document and have the macro execute each time the document is opened. Once a computer system is infected with a macro virus, the macro virus can embed itself in all future documents created with the associated application.
Another common virus is a master boot record (“MBR”) virus which replaces the computer system's MBR with its own code. The MBR is a small program executed each time a computer boots. Typically, the MBR resides on the first sector of the computer hard disk. Since the MBR executes every time a computer is started, the MBR virus can be very dangerous to the integrity of the computer system. The MBR virus typically enters the computer systems through a floppy disk that is installed in the floppy drive when the computer system is started up. The floppy disk can infect the MBR even if the floppy disk is not bootable.
Worms is another example of a virus although some distinguish between viruses and worms. Worms typically refer to a type of virus that can replicate itself and use memory but cannot attach itself to other programs.
Another type of a destructive program is a Trojan horse which masquerades as a benign application. Unlike typical viruses, Trojan horses do not replicate themselves but can be just as or more destructive. One example of a type of Trojan horse is a program that purports to rid one's computer system of viruses but instead introduces viruses onto the computer system. The term “Trojan horse” comes from a story in Homer's Iliad in which the Greeks gave a giant wooden horse to their enemies, the Trojans, ostensibly as a peace offering. However, after the Trojans bring the horse inside their city walls, the Greek soldiers hidden inside the hollow belly of the wooden horse sneak out of the horse and open the city gates to allow their Greek compatriots to come enter and capture Troy.
It is noted that the term “virus” generally and broadly refers to any destructive or harmful program or code. As used herein, the term virus includes, among others, worms and Trojan horses.
As noted, many antivirus programs have become commercially available for protection against viruses. The antivirus program is typically a utility that searches a hard disk for viruses and removes any that are found. The antivirus program may periodically check the computer system for the best-known types of viruses. Most antivirus programs include an auto-update feature that enables the antivirus program to download profiles of new viruses so that the antivirus program can check for new viruses soon after the new viruses are discovered.
Currently, one of the most popular ways to infect computer systems with viruses is via electronic mail or e-mail message, particularly with e-mail attachments having viruses embedded therein. Such an e-mail attachment is typically an executable file which performs some task, such as a video and/or audio display, and may not appear to contain a virus. However, upon the opening of the e-mail attachment, for example, the computer system becomes infected with the virus.
E-mail has become an extremely popular method of communication, for both business purposes and personal purposes, such as forwarding of various information, documents, and/or executable programs. Many computer users have e-mail accounts through their employers. In addition, many computer users may also have e-mail accounts through an Internet application service provider (ASP), such as YAHOO and HOTMAIL, that provide web-based e-mail application services. Internet ASPs are third-party entities that manage and distribute software-based services and solutions to customers via the Internet from a central data center. ASPs that provide web-based e-mail application service typically maintain each user's e-mail box contents on its servers while the users may download attachments or executable programs to the user's computer systems for access, execution, and/or manipulation. Further, many computer users may also have e-mail accounts through an Internet service provider (ISP) that typically include e-mail services with subscriptions to Internet access.
Some companies that provide e-mail services offer them in combination with virus detecting services. For example, Microsoft Hotmail, an ASP, offers web-based e-mail services with optional delivery of virus protection or anti-virus software service for protecting the computer systems of its members from viruses received via file attachments. In particular, Hotmail's members have the option to scan e-mail attachments with the virus protection software prior to downloading the attachments. According to Microsoft, this option is available to members regardless of the operating system or the geographic location of the member's computer system and addresses e-mail attachments other than in-line graphics presented within the message text. The anti-virus software may be equipped with an automatic repair function for cleaning virus infections.
U.S. West, an ISP, also offers web-based e-mail services with optional virus detection with U.S. WEST Anti-Virus® to its U.S. WEST.net® Internet access subscribers. U.S. WEST Anti-Virus automatically scans e-mail attachments for viruses prior to delivering the e-mail message to the subscriber's in-box. According to U.S. West, the U.S. West Anti-Virus software is continually updated with emergency response to virus outbreaks to ensure provision of up-to-date virus protection. Such a web-based anti-virus e-mail service is provided via a centrally controlled server-based virus and malicious code protection and enables Internet-based security services.
However, an e-mail user must subscribe to the specific web-based e-mail service and access e-mail messages from that specific web-based e-mail service in order to receive e-mail protection service. The e-mail user must log-in or otherwise access and retrieve his/her e-mail messages from the mailbox stored on a server of that web-based e-mail service provider.
Furthermore, with the recent outbreaks of e-mail borne viruses and especially in e-mail attachments, it is desirable to provide a system and method to prevent the outbreak of the virus while the e-mail message is in transit before the e-mail message reaches the end user at a destination e-mail address.