Identifying threats in electronic messages

Assignee

• Ironport Systems, Inc. · US

Inventors

• Craig Sprosts · San Francisco, US
• Scot Kennedy · San Francisco, US
• Daniel J. Quinlan · Sunnyvale, US
• Larry S. Rosenstein · Santa Clara, US
• Charles Slater · Sunnyvale, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L61/4511
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Early detection of computer viruses and other message-borne threats is provided by applying heuristic tests to message content and examining sender reputation information when no virus signature information is available. As a result, a messaging gateway can suspend delivery of messages early in a virus outbreak, providing sufficient time for updating an anti-virus checker that can strip virus code from the messages. A dynamic and flexible threat quarantine queue is provided with a variety of exit criteria and exit actions that permits early release of messages in other than first in, first-out order. A message scanning method is described in which early exit from parsing and scanning can occur by matching threat rules only to selected message elements and stopping rule matching as soon as a match on one message element exceeds a threat threshold.