1. Field of the Invention
The present invention relates to computer security, and more particularly, to an apparatus and method for filtering electronic messages according to characteristics of their content.
2. Background Information
The use of computerized communications is increasingly common at all levels of society. In order for a person or business to be completely connected they have to be able to send and receive electronic mail. In addition, electronic transfer of information is fast outstripping other means. Along with accessability, however, comes exposure. The ability to send or receive mail, for example, from or to anyplace in the world also provides the ability for unscrupulous parties to send out private information or send in unwanted data or executables.
What is needed in such an environment is a way to filter incoming and outgoing messages. This information can be used to simply monitor the traffic on the system, or it may be used in conjunction with restrictive features of the system to prevent transmission or acceptance of certain types of messages. For example, such a filter could be used to prevent any normal text (natural language as opposed to program or data files that happen to be textual in nature) messages from going outside the company. This enforces a policy that all outgoing mail must be encoded. As another example, only normal text messages are allowed in to a mail system. This would prevent delivery of messages such as binary files which may contain viruses. Where the only communications the system expects should contain primarily natural language (such as an electronic mail system) the need is to be able to recognize and accept any natural language file and reject all others.
Conventional systems employ a variety of affimative filters. This type of filter is designed to recognize one particular file type. For example, filters have been written to detect PGP and MIME encrypted packets. By definition such a filter will not detect any other file type, and a site must activate a separate filter for every file type they are interested in catching. A company thus embodies its security policy in the set of filters activated on their electronic messaging systems. A system employing this conglomeration of filters is limited in several ways. Currently, a large quantity of file formats exist, and new ones are added regularly. When a new type is added, a system employing an array of conventional filters will fail to detect the new file type until a new filter is constructed to recognize it. In addition, a system filtering for more than one file type experiences increases in costly overhead by having to process every message through a growing chain of multiple single-purpose filters. What is needed is a generalized filter which is not bound by a particular file type.