A security administrator (hereinafter, referred to also simply as administrator) in a company or organization is expected to suppress fraudulent acquisition, destruction, and so forth of information (hereinafter, referred to also as malignant operation) by malware for example. The malware is a generic term of software that carries out harmful operation, including computer virus.
For example, malware is transmitted in the form of being attached to an e-mail transmitted from an external terminal device (hereinafter, referred to also simply as external terminal) by a malicious person, and is executed in a terminal device that receives the e-mail to infect the terminal device. This allows the malicious person to use the terminal device infected with the malware as a steppingstone to gain unauthorized access to other terminal devices (for example, terminal device that stores confidential information, and so forth) coupled to the terminal device and carry out fraudulent acquisition of information and so forth.
For this reason, the administrator sets a verification device (for example, device having a virtual environment implemented by a virtual machine) that executes software when the software is attached to an e-mail transmitted from an external terminal to a terminal device for example.
When software is attached to an e-mail transmitted from an external terminal to a terminal device, the verification device acquires the e-mail before the e-mail is transmitted to the terminal device. Then, the verification device executes and analyzes the software attached to the acquired e-mail on a debugger (virtual environment) of the verification device. If it is determined that the software is not malware as the result, the verification device transmits the e-mail to which the software is attached to the terminal device. On the other hand, if determining that the software is malware, the verification device discards the e-mail to which the software is attached without transmitting the e-mail to the terminal device for example. This allows the administrator to suppress infection with the malware in the terminal device.
As one example of the related art, Japanese Laid-open Patent Publication No. 2011-233125 and Japanese Laid-open Patent Publication No. 2004-126854 are known.