In a network gateway apparatus (e.g., a Web proxy server, router, or firewall), it is often desirable to test streaming data for malware such as viruses, Trojan horses, worms, spyware, adware, keyloggers, etc. Blocking malware as network traffic passes through a gateway apparatus helps to reduce the risk that harmful malware will reach a user's desktop.
Testing network traffic for malware takes time, however. Unfortunately, conventional gateway apparatuses and applications require that an entire executable file be read before testing for malware can begin. The resulting latency negatively impacts performance and degrades the quality of the user experience.
It is thus apparent that there is a need in the art for an improved method and apparatus for detecting malware in network traffic.