US20080077991A1 - System for eliminating viruses at a web page server - Google Patents
System for eliminating viruses at a web page server Download PDFInfo
- Publication number
- US20080077991A1 US20080077991A1 US11/947,300 US94730007A US2008077991A1 US 20080077991 A1 US20080077991 A1 US 20080077991A1 US 94730007 A US94730007 A US 94730007A US 2008077991 A1 US2008077991 A1 US 2008077991A1
- Authority
- US
- United States
- Prior art keywords
- active element
- web page
- server
- web
- active
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
Abstract
A system for providing anti-virus protection to a web server. A web server is disclosed, comprising: an active element filter for stripping an active element from a web page being stored at the web server such that the active element is not stored at the web server; and an active element insertion system for inserting a new active element into the web page when the web page is requested from the web server, wherein the new active element performs a similar action to that of the active element that was stripped by the active element filter.
Description
- This continuation application claims priority to co-pending U.S. patent application Ser. No. 10/629,178, entitled SYSTEM AND METHOD FOR ELIMINATING VIRUSES AT A WEB PAGE SERVER, filed on Jul. 29, 2003, the contents of which is hereby incorporated by reference.
- 1. Technical Field
- The present invention relates generally to anti-virus systems, and more specifically relates to a system and method that avoids storing and forwarding web pages that can carry viruses.
- 2. Related Art
- Viruses are prevalent today throughout the Internet, and can be spread in many different ways. One technique for spreading viruses is to embed a virus in a web page as an active web page element. Then, when a user loads the web page from a web server, the virus can be launched onto the user's computer. Often, a web page server receives and stores web pages from many different sources and/or authors. Accordingly, identifying these types of viruses can be a difficult and time-consuming process for the web server.
- One way to address this problem is to run virus-checking programs on the web server to scan for viruses and remove any residual viruses. Unfortunately, virus-checking programs provide several drawbacks including: (1) they consume computational resources; (2) that must be run often to be effective; and (3) they are limited by the effectiveness of the scanning program.
- For instance, U.S. Patent Application US 2002/0103783 A1, by Muhlestein, “Decentralized Virus Scanning For Stored Data,” filed on Aug. 1, 2002, which is hereby incorporated by reference, provides a system for scanning requested files for viruses. The invention, however, requires an external computing device that opens requested files and scans for viruses any time there appears to be some risk. Thus, the system potentially consumes a significant amount of time and resources.
- Accordingly, a need exists for a web server system that can eliminate viruses without incurring such computational overhead.
- The present invention addresses the above-mentioned problems, as well as others, by providing a system and method for eliminating viruses at a web server by storing pages without any active web page elements. In a first aspect, the invention provides a web server having anti-virus protection, comprising: an active element filter for stripping active elements from web pages being stored at the web server; and an active element insertion system for inserting active elements into stored web pages when the web page is requested.
- In a second aspect, the invention comprises a method for providing anti-virus protection to a web server, comprising: receiving web pages that are to be stored at the web server; stripping active elements from the web pages being stored at the web server; storing the web pages at the web server; receiving a request for a web page to be served by the web server; determining if active elements are required for the requested web page; inserting active elements into the requested web page if active elements are required; and serving the requested web page.
- In a third aspect, the invention provides a program product stored on recordable medium for providing anti-virus protection to a server, comprising: means for stripping active elements from files being stored at the server; means for determining if active elements are required for a file being requested from the server; and means for inserting an active element into the requested file if an active element is required.
- These and other features of this invention will be more readily understood from the following detailed description of the various aspects of the invention taken in conjunction with the accompanying drawings in which:
-
FIG. 1 depicts a web server having an anti-virus system in accordance with the present invention. -
FIG. 2 depicts a flow diagram of a method of implementing the present invention. - Referring now to the drawings,
FIG. 1 depicts aweb server 10 having a system for eliminating viruses stored in active elements of web pages. In particular,web server 10 includes anactive element filter 14 that strips active elements fromweb pages 22 being stored at theweb server 10. By doing this,web server 10 eliminates the dissemination of viruses launched from active elements in aweb page 24 being served byweb server 10. - An active element may include any type of code fragment that instructs a browser, client, interpreter, virtual machine, processor, etc., to perform some action when the code fragment is encountered. In the exemplary embodiments described herein, active elements are described with reference to JavaScript constructs stored in web pages. However, it should be understood that the invention could apply to any type of active element (e.g., VBScript, Tcl, Perl, Rexx, etc.) stored in any type of servable file. Exemplary uses for JavaScript constructs in a Web environment includes performing actions such as: (1) automatically changing a formatted date on a Web page; (2) causing a linked-to page to appear in a popup window; and (3) causing text or a graphic image to change during a mouse rollover.
- The filtering process may strip out active elements from web pages in any manner, e.g., with a software program that identifies and removes JavaScript constructs. In a typical browser application, the number of different types of JavaScript constructs is relatively small, e.g., 6-12. Accordingly, identifying and eliminating the constructs is a relatively trivial task. Once filtered, the stripped
web page 23 is stored inweb page storage 26. If no active elements exist in aweb page 22 that is to be stored, then no filtering is required, and theweb page 22 is simply stored inweb page storage 16. If active elements exist that are needed when the page is stored, these can be noted by XML or similar replacement elements. - When the
web server 10 receives arequest 26 for aweb page 23, e.g., from a client or other server, retrievingsystem 18 fetches theweb page 23 fromweb page storage 16. Retrievingsystem 18 then determines if theweb page 23 requires any active elements. This determination can be made by looking for predetermined additions to each page, or by finding stored requests, such as the XML elements noted above, and replacing these elements with programmed active elements known to be ‘safe.’ If no active elements are required, then the web page is served. If one or more active elements are required, then they are added in by activeelement insertion system 20. - Active elements can be added to the
web page 23 in any manner. In one exemplary embodiment, the active elements could be stored in compiledserver code 28. This implementation has the advantage of providing heightened security since no one can construct and leave active files with active elements on the server other than the authors of the server themselves. As an alternative embodiment, the active elements can be stored infiles 30 separate from theweb page storage 16, and accessed by activeelement insertion system 20. As noted above, the number of different type of active elements in a browser application is relatively small. Accordingly, implementing the activeelement insertion system 20 is a fairly simple operation for one skilled in the art. - In order to insert active elements back into
web page 23, activeelement insertion system 20 will typically need to first examine the attributes ofweb page 23. For example, suppose that it is desired to bring every page of a certain type to a front-most window on the client's computer. A bring-to-front JavaScript element could be added to every page being sent to clients by adding it as an ‘onLoad’ request at the start of every HTML page using the activeelement insertion system 20. If this type of element is needed for only certain pages, this could be identified either by something unique to these pages such as something special about their names, or it could be determined by placing XML code such as <newElement>Bring-To-Front</newElement> in the proper pages and then replacing this with ‘safe’ active code using the activeelement insertion system 20. Once the active elements are inserted, theweb page 24 containing the active elements is served to the requesting entity. Accordingly, it is impossible to infect theweb server 10 with a virus stored in an active element of a web page. - Referring now to
FIG. 2 , a flow diagram of a method of implementing the invention is shown. At step S1, the server receives a web page to be stored. At step S2, the server filters out any active elements from the web page, and stores the web page at step S3. At step S4, the server receives a request for a web page, and fetches the web page from storage at step S5. Next, at step S6, a determination is made whether there are active elements required for the requested page. If no active elements are required, the web page is served at step S8. Otherwise, if active elements are required, then the server adds back the active elements at step S7, and serves the web page with the active elements inserted at step S8. - It is understood that the systems, functions, mechanisms, methods, and modules described herein can be implemented in hardware, software, or a combination of hardware and software. They may be implemented by any type of computer system or other apparatus adapted for carrying out the methods described herein. A typical combination of hardware and software could be a general-purpose computer system with a computer program that, when loaded and executed, controls the computer system such that it carries out the methods described herein. Alternatively, a specific use computer, containing specialized hardware for carrying out one or more of the functional tasks of the invention could be utilized. The present invention can also be embedded in a computer program product, which comprises all the features enabling the implementation of the methods and functions described herein, and which—when loaded in a computer system—is able to carry out these methods and functions. Computer program, software program, program, program product, or software, in the present context mean any expression, in any language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after either or both of the following: (a) conversion to another language, code or notation; and/or (b) reproduction in a different material form.
- The foregoing description of the preferred embodiments of the invention has been presented for purposes of illustration and description. They are not intended to be exhaustive or to limit the invention to the precise form disclosed, and obviously many modifications and variations are possible in light of the above teachings. Such modifications and variations that are apparent to a person skilled in the art are intended to be included within the scope of this invention as defined by the accompanying claims.
Claims (12)
1. A web server having anti-virus protection, comprising:
an active element filter for stripping an active element from a web page being stored at the web server such that the active element is not stored at the web server; and
an active element insertion system for inserting a new active element into the web page when the web page is requested from the web server, wherein the new active element performs a similar action to that of the active element that was stripped by the active element filter.
2. The web server of claim 1 , wherein the active elements comprise constructs selected from the group consisting of: JavaScript and VBScript.
3. The web server of claim 1 , wherein the active elements comprise calls to active processes.
4. The web server of claim 1 , wherein the active element insertion system generates new active elements for requested web pages using constructs stored in compiled code of the web server.
5. The web server of claim 1 , wherein the active element insertion system includes a set of files stored with the web server, wherein each file includes an active element that can be inserted into a requested web page.
6. The web server of claim 1 , wherein the active element insertion system determines what active elements are required in a requested web page based on attributes of the web page.
7. A program product stored on recordable medium for providing anti-virus protection to a server, comprising:
means for stripping active elements from files being stored at the server such that the active elements are deleted and not stored on the server with the files;
means for determining if active elements are required for a file being requested from the server; and
means for inserting an active element into the requested file if an active element is required.
8. The program product of claim 7 , wherein the files comprise web pages.
9. The program product of claim 8 , wherein the active elements comprise constructs selected from the group consisting of JavaScript and VBScript.
10. The program product of claim 9 , wherein the means for inserting includes executing compiled code having:
active element constructs; and
rules for inserting the constructs into a requested web page.
11. The program product of claim 10 , wherein the means for inserting determines what active elements are required in the requested web page based on attributes of the requested web page.
12. The program product of claim 8 , wherein the means for inserting includes a set of files stored with the web server, wherein each file includes an active element that can be inserted into a requested web page.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/947,300 US20080077991A1 (en) | 2003-07-29 | 2007-11-29 | System for eliminating viruses at a web page server |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/629,178 US7386719B2 (en) | 2003-07-29 | 2003-07-29 | System and method for eliminating viruses at a web page server |
US11/947,300 US20080077991A1 (en) | 2003-07-29 | 2007-11-29 | System for eliminating viruses at a web page server |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/629,178 Continuation US7386719B2 (en) | 2003-07-29 | 2003-07-29 | System and method for eliminating viruses at a web page server |
Publications (1)
Publication Number | Publication Date |
---|---|
US20080077991A1 true US20080077991A1 (en) | 2008-03-27 |
Family
ID=34103557
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/629,178 Expired - Fee Related US7386719B2 (en) | 2003-07-29 | 2003-07-29 | System and method for eliminating viruses at a web page server |
US11/947,300 Abandoned US20080077991A1 (en) | 2003-07-29 | 2007-11-29 | System for eliminating viruses at a web page server |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/629,178 Expired - Fee Related US7386719B2 (en) | 2003-07-29 | 2003-07-29 | System and method for eliminating viruses at a web page server |
Country Status (1)
Country | Link |
---|---|
US (2) | US7386719B2 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110022559A1 (en) * | 2009-07-24 | 2011-01-27 | Bank Of America Corporation | Browser preview |
US20150007324A1 (en) * | 2013-06-27 | 2015-01-01 | Secureage Technology, Inc. | System and method for antivirus protection |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7509573B1 (en) * | 2004-02-17 | 2009-03-24 | Microsoft Corporation | Anti-virus security information in an extensible markup language document |
US20070011739A1 (en) * | 2005-06-28 | 2007-01-11 | Shay Zamir | Method for increasing the security level of a user machine browsing web pages |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5960170A (en) * | 1997-03-18 | 1999-09-28 | Trend Micro, Inc. | Event triggered iterative virus detection |
US20030101381A1 (en) * | 2001-11-29 | 2003-05-29 | Nikolay Mateev | System and method for virus checking software |
US7313823B2 (en) * | 2000-09-29 | 2007-12-25 | Zhenyu Gao | Anti-alternation system for web-content |
Family Cites Families (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5175765A (en) * | 1989-05-09 | 1992-12-29 | Digital Equipment Corporation | Robust data broadcast over a distributed network with malicious failures |
US5832208A (en) * | 1996-09-05 | 1998-11-03 | Cheyenne Software International Sales Corp. | Anti-virus agent for use with databases and mail servers |
US6605120B1 (en) * | 1998-12-10 | 2003-08-12 | International Business Machines Corporation | Filter definition for distribution mechanism for filtering, formatting and reuse of web based content |
US6986051B2 (en) | 2000-04-13 | 2006-01-10 | International Business Machines Corporation | Method and system for controlling and filtering files using a virus-free certificate |
US7127518B2 (en) | 2000-04-17 | 2006-10-24 | Circadence Corporation | System and method for implementing application functionality within a network infrastructure |
TW518864B (en) | 2000-05-12 | 2003-01-21 | Ibm | Methods and system for defeating TCP SYN flooding attacks |
US7398317B2 (en) | 2000-09-07 | 2008-07-08 | Mazu Networks, Inc. | Thwarting connection-based denial of service attacks |
US7346928B1 (en) | 2000-12-01 | 2008-03-18 | Network Appliance, Inc. | Decentralized appliance virus scanning |
US7089589B2 (en) | 2001-04-10 | 2006-08-08 | Lenovo (Singapore) Pte. Ltd. | Method and apparatus for the detection, notification, and elimination of certain computer viruses on a network using a promiscuous system as bait |
US7171688B2 (en) | 2001-06-25 | 2007-01-30 | Intel Corporation | System, method and computer program for the detection and restriction of the network activity of denial of service attack software |
US7047303B2 (en) | 2001-07-26 | 2006-05-16 | International Business Machines Corporation | Apparatus and method for using a network processor to guard against a “denial-of-service” attack on a server or server cluster |
US20030037258A1 (en) | 2001-08-17 | 2003-02-20 | Izchak Koren | Information security system and method` |
US7107619B2 (en) | 2001-08-31 | 2006-09-12 | International Business Machines Corporation | System and method for the detection of and reaction to denial of service attacks |
JP4434551B2 (en) | 2001-09-27 | 2010-03-17 | 株式会社東芝 | Server computer protection device, server computer protection method, server computer protection program, and server computer |
-
2003
- 2003-07-29 US US10/629,178 patent/US7386719B2/en not_active Expired - Fee Related
-
2007
- 2007-11-29 US US11/947,300 patent/US20080077991A1/en not_active Abandoned
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5960170A (en) * | 1997-03-18 | 1999-09-28 | Trend Micro, Inc. | Event triggered iterative virus detection |
US7313823B2 (en) * | 2000-09-29 | 2007-12-25 | Zhenyu Gao | Anti-alternation system for web-content |
US20030101381A1 (en) * | 2001-11-29 | 2003-05-29 | Nikolay Mateev | System and method for virus checking software |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110022559A1 (en) * | 2009-07-24 | 2011-01-27 | Bank Of America Corporation | Browser preview |
US8930805B2 (en) * | 2009-07-24 | 2015-01-06 | Bank Of America Corporation | Browser preview |
US20150007324A1 (en) * | 2013-06-27 | 2015-01-01 | Secureage Technology, Inc. | System and method for antivirus protection |
US9491193B2 (en) * | 2013-06-27 | 2016-11-08 | Secureage Technology, Inc. | System and method for antivirus protection |
Also Published As
Publication number | Publication date |
---|---|
US7386719B2 (en) | 2008-06-10 |
US20050027992A1 (en) | 2005-02-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7096500B2 (en) | Predictive malware scanning of internet data | |
US9235703B2 (en) | Virus scanning in a computer system | |
EP1653318B1 (en) | Document stamping antivirus manifest | |
US8161292B2 (en) | Software virus detection methods, apparatus and articles of manufacture | |
US9356937B2 (en) | Disambiguating conflicting content filter rules | |
US6029256A (en) | Method and system for allowing computer programs easy access to features of a virus scanning engine | |
US8161563B2 (en) | Running internet applications with low rights | |
US6560613B1 (en) | Disambiguating file descriptors | |
US20050081053A1 (en) | Systems and methods for efficient computer virus detection | |
US7966490B2 (en) | Using mobility tokens to observe malicious mobile code | |
US7313652B2 (en) | Multi-level persisted template caching | |
US20090150999A1 (en) | System, method and program product for detecting computer attacks | |
US8572634B2 (en) | Ascertaining domain contexts | |
AU2004235515B2 (en) | A method of, and system for, heuristically determining that an unknown file is harmless by using traffic heuristics | |
KR20060093306A (en) | Local domain name service system and method for providing service using domain name service system | |
US9038161B2 (en) | Exploit nonspecific host intrusion prevention/detection methods and systems and smart filters therefor | |
JP2001159984A (en) | Device and method for preventing denial of service attack | |
US20080077991A1 (en) | System for eliminating viruses at a web page server | |
US9942267B1 (en) | Endpoint segregation to prevent scripting attacks | |
EP1361496A2 (en) | Alteration of executable code module load locations | |
US7100109B1 (en) | Identifying URL references in script included in markup language documents | |
WO2002035325A2 (en) | Method and system for preventing the spread of computer viruses | |
US20040268139A1 (en) | Systems and methods for declarative client input security screening | |
US7739278B1 (en) | Source independent file attribute tracking | |
KR100379915B1 (en) | Method and apparatus for analyzing a client computer |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO PAY ISSUE FEE |