1. Field of the Invention
This invention pertains in general to computer security, and more specifically to techniques for enabling scanning of protected components of electronic messages for computer viruses or other malicious software.
2. Background Art
Computer systems are continually threatened by a risk of attack from malicious computer code, such as viruses, worms, and Trojan horses. As used herein, “malicious computer code” or “malicious code” is any code that enters a computer without an authorized user's knowledge and/or without an authorized user's consent. Malicious code may or may not include the ability to replicate itself and compromise other computer systems. For example, malicious code may attach itself to files stored by a computer system or use a network to infect other clients through password cracking, buffer overflow attacks, e-mail distribution, etc.
Malicious code can infect a computer in a number of manners. For example, a user might insert an infected disk or other medium into a computer so that the computer becomes infected when the disk files are accessed. Computers connected to networks are also vulnerable to attack. In a network-based attack, malicious code can be transmitted to the computer as an executable program, for example in an attachment to an electronic message. In this example, the malicious code might attack the computer when the user clicks on the electronic message attachment, or the attachment might open automatically when the user reads, or in certain cases previews, the electronic message. In addition, malicious code can even be embedded within the text of the electronic message itself.
Antivirus prevention/detection software can be installed on computers in an attempt to prevent malicious code attacks. For example, antivirus-scanning software scans computer files, including electronic message attachments and electronic messages, to detect the presence of malicious code. When scanning an archive or container of files, such as a .zip file, which might be transmitted to a user as a component of an electronic message, the antivirus scanning software must open up the archive and scan its contents. More recently, however, malicious code has been embedded within an archive or other type of electronic message component that is encrypted and requires entry of a password to open the archive. In some recent cases, the password needed to open the archive has been embedded in the text of the electronic message itself, or some other similar location. In the case of a protected archive that requires entry of a password to be opened, the antivirus scanning software scans the electronic message, but is unable to open the archive to scan its contents without having access to the password. Thus, the antivirus software is unable to detect and eliminate the threat of malicious code that may be hiding within the protected archive.
Therefore, there is a need in the art for a technique that will allow antivirus software to quickly and effectively access and analyze the contents of protected components of electronic messages.