JP2013041486A - Anti-virus terminal, anti-virus method, and anti-virus program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a device and a method of allowing network equipment such as a gateway to take anti-virus measures for a recording medium when the recording medium is inserted into electronic equipment such as a personal computer and a smart phone.SOLUTION: There is provided an anti-virus terminal 10 that transmits data in a connected recording medium (USB memory 30a) to anti-virus equipment (virus engine device 100) after a connection port driver (USB port driver 16) recognizes the recording medium in response to connection of the recording medium and before a file system driver 12 of the anti-virus terminal operates, receives data determined to have no problem as a result of a check made by the anti-virus equipment, and delivers the data to the file system driver 12 of the anti-virus terminal or an application 11 running on the anti-virus terminal.

Description

  The present invention relates to an anti-virus terminal, an anti-virus method, and an anti-virus program for combating a virus that infects a computer.

  Today, an event occurs in which a personal computer or a mobile phone is infected with a virus by accessing a specific Web page or receiving an email. That is, there is a problem that the personal computer receives the virus via the Internet and the personal computer is infected with the virus. In this way, if virus infection is via the Internet, network devices such as UTM (Unified Threat Management) can take measures against the virus before the end personal computer is infected with the virus. Is possible.

  Further, the other path through which a virus may be received is not via such a network, but via a recording medium such as a USB memory connected to a personal computer. That is, when a USB memory infected with a virus is connected to a personal computer, the personal computer is infected with the virus. Therefore, it is known that the contents are checked for viruses when a recording medium such as a USB memory is inserted (for example, Patent Document 1).

JP 2011-013850 A

  However, in the technique such as Patent Document 1, it is necessary to individually install anti-virus software on a personal computer in which a recording medium such as a USB memory is inserted. Basically, since the pattern file for checking the virus is updated, it becomes necessary for each personal computer to individually download the pattern file. Therefore, it is desirable that all personal computers connected to this network can cope with only one anti-virus device in a limited network such as a UTM. In this case, only one anti-virus device needs to download the updated pattern file, and network efficiency is improved.

  In view of such problems, the present invention provides a technique capable of performing virus countermeasures on a recording device when a network device such as a gateway is inserted into an electronic device such as a personal computer or a smartphone. For the purpose.

  The present invention provides the following solutions.

In the invention according to the first aspect, in response to the connection of the recording medium, the connection port driver recognizes the recording medium and before the file system of the anti-virus terminal operates, A data transmission module that transmits the data to the anti-virus device,
A filter driver that receives data determined to have no problem as a result of the check executed by the anti-virus device, and passes the data to the file system at the end of the anti-virus or to an application that operates on the anti-virus terminal; An anti-virus terminal equipped with is provided.

  According to the first aspect of the invention, in response to the connection of the recording medium, after the connection port driver recognizes the recording medium, the connected recording is performed before the file system of the anti-virus terminal operates. Sends the data in the medium to the anti-virus device, receives the data determined as a result of the check performed by the anti-virus device, and receives the data as the file system at the end of the anti-virus or the anti-virus Pass it to the application running on the terminal.

  Therefore, when a recording medium is inserted into an electronic device such as a personal computer or a smartphone, a network device such as a gateway can take a virus countermeasure against the recording medium. This is because data is transferred and the virus is checked before the file system or application is activated, so that it is possible to take measures against viruses without being infected by viruses. . In particular, since it is possible to check for viruses on a network device, it is possible to utilize a pattern file for checking viruses via a network for a recording medium.

  The invention according to the first feature exhibits the same operations and effects not only in the terminal in the category of the invention but also in the method and the program.

  According to the present invention, when a recording medium is inserted into an electronic device such as a personal computer or a smartphone, a virus countermeasure terminal, a virus countermeasure method and a network device such as a gateway capable of performing virus countermeasures on the recording medium, and It is possible to provide an anti-virus program.

FIG. 1 is an overall configuration diagram of an anti-virus system 1. FIG. 2 is a functional block diagram of the virus engine apparatus 100 and the virus countermeasure terminal 10. FIG. 3 is a functional block diagram of the virus engine device 100 and the virus countermeasure terminal 10 according to another embodiment. FIG. 4 is a flowchart of the virus countermeasure process.

  Hereinafter, the best mode for carrying out the present invention will be described with reference to the drawings. This is merely an example, and the technical scope of the present invention is not limited to this.

[System configuration of anti-virus system]
FIG. 1 is a system configuration diagram of an anti-virus system 1 which is a preferred embodiment of the present invention. The anti-virus system 1 includes anti-virus terminals 10a, 10b, 10c (hereinafter simply referred to as “10”), virus engine apparatus 100, pattern file management server 20, recording media 30a, 30b, 30c, 30d such as a USB memory. Hereinafter, it is simply referred to as “30”).

  The virus engine apparatus 100 is communicably connected to a public line network 3 such as the Internet network, and is communicably connected to the pattern file management server 20 via the public line network 3. The anti-virus terminal 10 may be communicably connected to the virus engine apparatus 100 via a LAN (Local Area Network) via a wired or wireless connection.

  The anti-virus terminal 10 may be a general computer called a user terminal, and is an information device or an electrical appliance having functions to be described later. The anti-virus terminal 10 is, for example, a general computer such as a personal computer 10a, a slate terminal 10b, a smartphone 10c, a mobile phone, a network device, a computer, a netbook terminal, an electronic book terminal, an electronic dictionary terminal, a portable music player, and a television. It may be a typical information appliance.

  It is desirable that the virus engine apparatus 100 functions as a LAN firewall on the premise that the virus engine apparatus 100 is a gateway having functions to be described later. Virus engine apparatus 100 may be a network device such as a router (including a mobile router) or a home server.

  The pattern file management server 20 is a server that manages a pattern file used by the anti-virus engine 110 operating on the virus engine apparatus 100. The pattern file management server 20 may be a server that also has a general Web server function.

  The recording medium 30 is a data storage device that provides data by being connected to the anti-virus terminal 10, and may be a USB memory 30a, a memory card 30b, a disk-type recording medium (DVD-ROM or the like) 30d, or the like. . The recording medium 30 may be a device device such as an external hard disk 30c, a mobile phone capable of storing data, a memory storage type music player, in addition to the PCMCIA and the SD card.

  As shown in FIG. 1, data that may be infected by a virus is assumed to flow through the network 55 or via the recording medium 30 57 and 58. Since the virus engine apparatus 100 has a firewall function, the inflow of viruses via the network 55 can be avoided by the anti-virus engine 110 of the virus engine apparatus 100. However, when data flows in from the recording medium 30, the data flows into the anti-virus terminal 10 before the virus engine device 100, so that the anti-virus terminal 10 may be infected. A countermeasure against virus infection from the recording medium 30 will be described below.

[Description of each function]
FIG. 2 is a diagram showing the relationship between the function blocks of the virus engine apparatus 100 and the virus countermeasure terminal 10a and the respective functions. The hardware configuration of each device will also be described.

  The anti-virus terminal 10 is a terminal that needs anti-virus measures, and has a control unit, a data storage unit, a data communication unit, an input / output unit, and a recording medium connection port unit. Any of a product, a portable terminal, and a business terminal may be used.

  The control unit includes a CPU (Central Processing Unit), a RAM (Random Access Memory), a ROM (Read Only Memory), and the like. A wireless device or the like conforming to the IMT-2000 standard such as a third generation mobile communication system is included (may be a wired LAN connection). Further, the data storage unit includes one or both of an HDD (Hard Disk Drive) and an SSD (Solid State Drive). Further, the input / output unit includes a display unit such as a liquid crystal monitor that displays an image, and an input unit such as a keyboard, a touch panel, and a voice input that accept input from the user.

  The anti-virus terminal 10 includes a recording medium connection port unit that can be connected to the recording medium 30. The recording medium connection port unit is operated by a different port driver for each of the USB memory 30a, the memory card 30b, and the like. Hereinafter, a case where the recording medium 30 uses the USB memory 30a will be described. However, the present invention can be similarly applied to other recording media 30. When the recording medium 30 is the USB memory 30a, the recording medium connection port unit operates with the USB port driver 16.

  The anti-virus terminal 10 implements the USB port driver 16, the data transmission module 15, the USB storage class module 14, the filter driver 13, the file system driver 12, and the application 11 by reading a predetermined program into the control unit. The USB port driver 16 is a hardware module in a lower layer related to the USB port. In the functional block diagram of the anti-virus terminal 10a in FIG. 2, each block is higher in software (as it approaches the application 11). Realize the function.

  The USB storage class module 14 is a driver program that recognizes and controls a device connected to the USB as a storage device after the USB port driver 16 recognizes the device.

  The filter driver 13 is a program that receives a request to the file system driver 12 halfway and receives virus-checked data from the virus engine apparatus 100.

  The file system driver 12 is a program for enabling the stored data to be controlled by the file system when the USB storage class module 14 recognizes it as a storage device.

  The application 11 is an application program that runs on the anti-virus terminal 10a. Normally, the application 11 handles data using the file system driver 12.

  As shown in FIG. 3, depending on the type of the operating system of the anti-virus terminal 10a, the configuration of each module described above may be different. In the example of FIG. 3, the USB storage class module 14 is not provided, but the user mode driver framework 17 is provided above the file system driver 12.

  The user mode driver framework 17 is a driver capable of supporting in a user mode a device connected by USB. In response to a call from the application 11, the user mode driver framework 17 transmits a request for data of the connected USB to the file system driver 12 and passes the data to the application 11.

  The virus engine apparatus 100 includes a control unit, a data storage unit, and a data communication unit, and includes an anti-virus engine 110. The anti-virus engine 110 receives a pattern file from the pattern file management server 20 and performs a virus check on each file and data in order to avoid a virus that may flow through the public network 3.

  The control unit 101 includes a CPU (Central Processing Unit), a RAM (Random Access Memory), a ROM (Read Only Memory), and the like. The data communication unit 103 includes a wired or wireless communication device. , HDD (Hard Disk Drive), SSD (Solid State Drive), or the like.

  The control unit 101 reads a predetermined program and cooperates with the data communication unit 103 to realize a data input module 120, a communication selection module 121, and a data transmission / reception module 122. Further, the data transmission / reception module 122 includes a TCP communication module 123 that performs TCP communication with the anti-virus terminal 10 and a UDP communication module 124 that performs UDP communication with the anti-virus terminal 10.

[Antivirus processing]
FIG. 4 is a flowchart of virus countermeasure processing executed by the virus countermeasure terminal 10 and the virus engine apparatus 100. Based on this flowchart, virus countermeasure processing will be described.

  First, when the recording medium 30 (for example, USB memory 30a) is connected to the anti-virus terminal 10, the USB port driver 16 detects this (step S01). If detected (step S01: “YES”), the process proceeds to step S02. If not detected (step S01: “NO”), the process waits.

  Next, when the USB port driver 16 recognizes a device connected to the USB, the data transmission module 15 acquires data in the USB memory before the file system driver 12 operates (step S02), and this data is stored as a virus. It transmits to the engine apparatus 100 (step S02).

  Here, since the transmitted data is data before being recognized by the file system, it may be data recognized as a data block before being recognized as a file.

  Next, the data receiving module 112 of the virus engine apparatus 100 receives the data in the USB memory, and the anti-virus engine 110 executes a virus check (step S04). It is determined whether or not there is a problem with virus infection. If it is determined that there is no problem with infection (step S05: “NO”), the checked data transmission module 111 sends the data to the filter driver 13 of the anti-virus terminal 10. Send to. If it is determined that there is a problem with the infection (step S05: “YES”), the virus engine apparatus 100 does not transmit the data to the anti-virus terminal 10, but notifies, for example, that the virus is infected. Is transmitted to the anti-virus terminal 10.

  When the filter driver 13 receives the confirmed data (step S06), the filter driver 13 delivers the data to the file system driver 12 so that the application 11 can handle the data (step S07).

  In the case of the module configuration as in the example of FIG. 3, the data transmitted from the checked data transmission module 111 may be received by the user mode driver framework 17 and the confirmed data may be taken over by the application 11. .

  In the above example, the virus engine apparatus 100 determines whether or not the data read from the USB memory or the like is infected with a virus. However, it may be determined whether or not there is spyware.

  The means and functions described above are realized by a computer (including a CPU, an information processing apparatus, and various terminals) reading and executing a predetermined program. The program is provided in a form recorded on a computer-readable recording medium such as a flexible disk, CD (CD-ROM, etc.), DVD (DVD-ROM, DVD-RAM, etc.), for example. In this case, the computer reads the program from the recording medium, transfers it to the internal storage device or the external storage device, stores it, and executes it. The program may be recorded in advance in a storage device (recording medium) such as a magnetic disk, an optical disk, or a magneto-optical disk, and provided from the storage device to a computer via a communication line.

  As mentioned above, although embodiment of this invention was described, this invention is not limited to these embodiment mentioned above. The effects described in the embodiments of the present invention are only the most preferable effects resulting from the present invention, and the effects of the present invention are limited to those described in the embodiments of the present invention. is not.

  1 anti-virus system, 3 public network, 10 anti-virus terminal, 100 virus engine device

Claims (3)

In response to the connection of the recording medium, after the connection port driver recognizes the recording medium, the data in the connected recording medium is transmitted to the anti-virus device before the file system of the anti-virus terminal operates. A data transmission module to
A filter driver that receives data determined to have no problem as a result of the check executed by the anti-virus device, and passes the data to the file system at the end of the anti-virus or to an application that operates on the anti-virus terminal;
Anti-virus terminal equipped with. In response to the connection of the recording medium, after the connection port driver recognizes the recording medium, the data in the connected recording medium is transmitted to the anti-virus device before the file system of the anti-virus terminal operates. And steps to
Receiving data determined to have no problem as a result of the check executed by the anti-virus device, and transferring the data to an anti-virus file system or an application running on the anti-virus terminal;
Antivirus methods including In anti-virus terminal,
In response to the connection of the recording medium, after the connection port driver recognizes the recording medium, the data in the connected recording medium is transmitted to the anti-virus device before the file system of the anti-virus terminal operates. Data transmission module,
A filter driver that receives data determined to have no problem as a result of the check executed by the anti-virus device and passes the data to a file system driver of the anti-virus terminal or an application operating on the anti-virus terminal;
Antivirus program to function as

Images