Field
The field of the application relates to computer network and computer systems, and more particularly, to systems and methods for detecting electronic content in a computer network or computer system.
Background
The generation and spreading of computer viruses are major problems in computer systems and computer networks. A computer virus is a program that is capable of attaching to other programs or sets of computer instructions, replicating itself, and/or performing unsolicited or malicious actions on a computer system. Viruses may be embedded in email attachments, files downloaded from Internet, and macros in MS Office files. The damage that can be done by a computer virus may range from mild interference with a program, such as a display of unsolicited messages or graphics, to complete destruction of data on a user's hard drive or server.
To provide protection from viruses, most organizations have installed virus scanning software on computers in their network. However, these organizations may still be vulnerable to a virus attack until every host in their network has received updated anti-virus software. With new attacks reported almost weekly, organizations are constantly exposed to virus attacks, and spend significant resources ensuring that all hosts are constantly updated with new anti-virus information. For example, with existing content detection software, a user may have to request for a download of a new virus signature in order to enable the content detection software to detect new virus that has been created since the last update. If a user delays in downloading the new virus signature, the content detection software would be unable to detect the new virus. Also, with existing content detection systems, new virus signatures are generally not made available shortly after they are discovered. As such, a computer may be subjected to attack by the new virus until the new virus signature is available and is downloaded by a user.
Besides virus attacks, many organizations also face the challenge of dealing with inappropriate content, such as email spam, misuse of networks in the form of browsing or downloading inappropriate content, and use of the network for non-productive tasks. Many organizations are struggling to control access to appropriate content without unduly restricting access to legitimate material and services. Currently, the most popular solution for blocking unwanted web activity is to block access to a list of banned or blacklisted web sites and pages based on their URLs. However, as with virus scanning, the list of blocked URL requires constant updating. If a user delays in downloading the list of URL, or if the list of URL is not made available soon enough, the content detection software would be unable to detect undesirable content, such as web pages.
Many email spam elimination systems also use blacklists (spammer lists) to eliminate unwanted email messages. These systems match incoming email messages against a list of mail servers that have been pre-identified to be spam hosts, and prevent user access of messages from these servers. However, as with virus scanning, the spammer list also requires constant updating. If a user delays in downloading the spammer list, or if the spammer list is not made available soon enough, the content detection software would be unable to detect undesirable content.
Another problem with existing content detection software is that the downloading procedure that is required to update virus signatures, blocked URL list, and spammer list, may take a long time, and may consume a significant amount of resources at the local computer in which the content detection software is installed. Also, detecting undesirable content by using the local computer to process the downloaded detection information (e.g., virus signatures, blocked URLs, spammer identifications) may use up a significant amount of resources at the local computer, thereby degrading the performance of the local computer. For example, while the local computer is performing a process to detect a virus, a user of the local computer may experience a decrease in processing speed of the local computer when using the local computer to perform another task, such as, word processing, computer-aided drawing, or web surfing.
Accordingly, improved systems and methods for detecting content of computer and network traffic would be useful.