1. Field of the Invention
The present invention relates to the protection of computer systems. More particularly, the present invention relates to a system and method for protecting computer systems from malicious files.
2. Description of the Related Art
E-mails are often sent with attachments. These e-mail attachments can be malicious.
To prevent a user's computer system from becoming infected from malicious e-mail attachments, client side or gateway based proxies intercept e-mails having potentially malicious attachments and redirect the attachments to a scanning engine. The scanning engine determines whether the attachment contains malicious code using any one of a number of techniques well known to those of skill in the art. Upon a determination that the attachment is non-malicious, the e-mail including attachment is released to the user.
Depending upon the particular scanning technique employed as well as the number of attachments being scanned by the scanning engine, determining whether the attachment contains malicious code can require a significant amount of time. Thus, the delay in the e-mail including attachment reaching the designated user can be significant. However, because the user is typically not expecting the e-mail and delays in e-mail transmission are common, the delay in the e-mail including attachment typically goes unnoticed by the user or at least does not cause any concern to the user.
The instantaneous nature of an instant messaging (IM) environment makes detection and cleaning of malicious code fundamentally different than the detection and cleaning of malicious code in the e-mail environment. Specifically, unlike an e-mail user, an IM user is typically actively engaged in a real-time exchange, e.g., conversation, when an IM attachment is sent to the IM user. Thus, the IM user expects the IM attachment without delay.
For this reason, use of traditional e-mail attachment interception and scanning techniques for an IM attachment are inconsistent with an IM user's expectation of receiving of the IM attachment in real-time and are therefore disconcerting to the IM user. Accordingly, traditional e-mail attachment interception and scanning techniques are not suitable for detection and cleaning of malicious code in IM attachments.