1. Field of the Invention
The present invention relates generally to data processing, and more particularly but not exclusively to detection of computer viruses.
2. Description of the Background Art
Computer viruses, worms, Trojans, and spyware are examples of malicious codes that have plagued computer systems throughout the world. Although there are technical differences between each type of malicious code, malicious codes are collectively referred to as “viruses.” For example, commercially available “antivirus software” is designed to scan a computer for viruses as well as worms and other malicious codes.
Traditional antivirus techniques are file-based that require random access of object files. Although very effective in purely file access environments, the random access nature of these file-based techniques makes them relatively difficult to apply to stream-based data. A file-based antivirus needs to buffer a file before it can scan the file for viruses. Depending on implementation details, this may lead to relatively low throughput and large memory requirement. Unfortunately, with the advent of the Internet, detection and blocking of viruses embedded in network data streams have become very important. Packet level scanning solutions that monitor packet level behavior rather than virus bodies encoded and encapsulated in data streams may not be effective enough to deal with the latest threats. Packet level scanning solutions that rely exclusively on special-purpose hardware for scanning may not be flexible enough for low end applications and may not be able to handle compressed data.