Advances in computers have proliferated the usage of computers, especially in a business environment. In a typical business environment, an integrated network may enable resources to be shared among a plurality of users. In an example, a document may be saved on a centralized server in order to facilitate collaboration between users geographically dispersed. In another example, software updates may be centrally saved and be accessible to users throughout the company. Because of widespread computer usage, for some companies, the volume of data that may be shared has become quite large.
To facilitate discussion, FIG. 1 shows a simple block diagram of a network environment. A network environment 100 may include a plurality of computer clients (102, 104, and 106). The plurality of computer clients may be trying to access a set of shared resources 112 through a server 110, which may be employed to handle a client's request for access to set of shared resources 112. To access the shared resources, the plurality of computer clients may employ a plurality of communication channels 108. In an example, computer client 102 may employ a file transfer protocol (FTP) to download an application program from set of shared resources 112. In another example, computer client 102 may employ a hypertext transfer protocol (HTTP) to access a document stored in set of shared resources 112.
Although an integrated network may enable shared resources to be dispersed more easily, an integrated network may also facilitate the spread of malicious code (e.g., viruses, malware, etc.). In an example, a document infected by a virus is uploaded onto an integrated network. Accordingly, any computer client that may access the infected document may be at risk. Thus, in an integrated network environment, malicious code may easily and quickly spread throughout the network, creating havoc not only to the network but also to the individual computers that may be attached to the network.
Many content security solutions have been implemented by companies in an attempt to prevent the spread of malicious codes. For example, a dedicated scanner may be attached to a server. When a computer client's access request is received by the server, the server may employ the dedicated scanner to scan the requested resource before releasing the resource to the computer client. Unfortunately, dedicated scanners tend to employ proprietary protocols to communicate with servers, thereby causing resources that are not configured to use the specific protocols from being scanned. As a result, a company may implement a plurality of dedicated scanners to handle the different types of protocols or the resource may be released without being scanned.
In addition, some of the resources may be fairly large, thereby requiring a long scanning time. To prevent the dedicated scanner from consuming the processing resource for an extended period of time, a time limit may be implemented. Accordingly, if the time required to scan the resource exceeds the time limit, then a request timeout may occur, preventing the computer client from accessing the resource.
Another content security solution may include installing a scanner inside a gateway, which is disposed between the computer clients and the shared resources. In this solution, the gateway may intercept the access request and the gateway scanner may scan the resource traffic when the server responds to a client's access request. Similar to the dedicated scanner, performance issue may arise if the resource being scanned is too large and a request timeout may occur.
Yet another content security solution may include scanning the shared resources offline by employing a scheduled scanner. Although the scheduled scanner arrangement may be employed to scan both large and small size resources offline, the scheduled scanner is usually not configured to perform real-time scanning. Consider the situation wherein, for example, an access request is received by a server for a resource that has not yet been scanned. Since, the scheduled scanner arrangement does not provide for real-time scanning, the resource that has not yet been scanned may he accessible to the computer client. Accordingly, the computer client may be unnecessarily exposed to potential malware attack. Another shortcoming of scheduled scanner is that the scheduled scanner almost never finishes scanning in a reasonable time period for large-scaled shared resources, thereby making the scheduled scanning arrangement a less-attractive solution.