WO2024040977A1 - Virus detection method and apparatus, electronic device, and storage medium - Google Patents

Virus detection method and apparatus, electronic device, and storage medium Download PDF

Info

Publication number
WO2024040977A1
WO2024040977A1 PCT/CN2023/087180 CN2023087180W WO2024040977A1 WO 2024040977 A1 WO2024040977 A1 WO 2024040977A1 CN 2023087180 W CN2023087180 W CN 2023087180W WO 2024040977 A1 WO2024040977 A1 WO 2024040977A1
Authority
WO
WIPO (PCT)
Prior art keywords
virus detection
target file
virus
historical information
file
Prior art date
Application number
PCT/CN2023/087180
Other languages
French (fr)
Chinese (zh)
Inventor
刘遵一
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2024040977A1 publication Critical patent/WO2024040977A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/182Distributed file systems
    • G06F16/1824Distributed file systems implemented using Network-attached Storage [NAS] architecture
    • G06F16/1827Management specifically adapted to NAS
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Definitions

  • the present application relates to the field of computer security, and in particular to a virus detection method, device, electronic equipment and storage medium.
  • Anti-Virus (AV) technology is a technology that protects user data security. It has functions such as real-time monitoring, virus prevention, virus scanning or virus removal, and maintains the security of user computer resources.
  • Network Attached Storage (NAS) anti-virus is a value-added feature in NAS storage systems. It usually cooperates with anti-virus software to protect the data security of files in NAS storage systems, thereby effectively preventing files in NAS storage systems from being infected and tampered with by viruses. , protect the reliable operation of the entire NAS storage system.
  • embodiments of the present application provide a virus detection method.
  • the method includes: obtaining historical information of virus detection corresponding to the target file in the storage system; wherein the historical information of virus detection includes: whether it has been At least one of virus detection, virus detection times, virus detection time, and configuration information of an anti-virus system that performs virus detection; determining whether to perform virus detection on the target file based on the historical information of virus detection corresponding to the target file ; When it is determined that virus detection is to be performed on the target file, send a request to perform virus detection on the target file to the target anti-virus system.
  • the historical information of virus detection corresponding to the target file can characterize the virus detection related information that the content of the target file has experienced; determining whether to perform virus detection on the target file based on the historical information of virus detection corresponding to the target file can be performed in Under the premise of ensuring data security, it avoids repeated virus detection on file contents that have been virus tested, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, , the user can open the target file in time, which improves the read and write performance of the storage system.
  • the historical information of virus detection corresponding to the target file includes the historical information of virus detection in the metadata of the target file, and/or , the historical information of virus detection corresponding to the file fingerprint of the target file in the index library; wherein the index library includes at least one file fingerprint and the historical information of virus detection corresponding to the at least one file fingerprint, and the at least One file fingerprint is associated with one or more files in the storage system, and the history information of virus detection corresponding to the at least one file fingerprint includes the history of virus detection corresponding to each file associated with the at least one file fingerprint. The latest historical information in the message.
  • the historical information of virus detection corresponding to the target file includes: the target file The historical information of virus detection in the metadata; the obtaining the historical information of virus detection corresponding to the target file includes: reading the historical information of virus detection corresponding to the target file in the target file metadata.
  • the historical information of virus detection in the metadata can be used to quickly obtain the historical information of virus detection corresponding to the target file, and then determine whether to perform virus detection on the target file based on the historical information of virus detection in the metadata of the target file.
  • the historical information of virus detection corresponding to the target file includes: in the index database, The historical information of virus detection corresponding to the file fingerprint of the target file; the obtaining the historical information of virus detection corresponding to the target file includes: determining the target file fingerprint of the target file; according to the target file fingerprint, in the Select the historical information of virus detection corresponding to the fingerprint of the target file from the index database.
  • the target file fingerprint is associated with one or more files in the storage system, that is, the contents of the one or more files are exactly the same. If any of the one or more files is confirmed to be safe through virus detection , then the contents of other files can also be considered safe, and virus detection does not need to be repeated on other files; therefore, the historical information of virus detection corresponding to the fingerprint of the target file is queried in the index database, and the virus detection corresponding to the fingerprint of the target file is The historical information determines whether to perform virus detection on the target file, which can avoid repeated virus detection on the file content that has already experienced virus detection on the premise of ensuring data security, thereby saving network bandwidth overhead, saving virus detection time, and improving This improves virus detection efficiency; in addition, when an online virus detection task is triggered, users can open the target file in time, improving the read and write performance of the storage system.
  • the historical information of virus detection corresponding to the target file includes: historical information of virus detection, and historical information of virus detection corresponding to the file fingerprint of the target file in the index database; and determining whether to detect the target based on the historical information of virus detection corresponding to the target file.
  • Performing virus detection on the file includes: determining the target file fingerprint of the target file when the historical information of virus detection in the target file metadata does not meet the first preset condition; based on the target file fingerprint, The historical information of virus detection corresponding to the fingerprint of the target file is selected from the index library; when the historical information of virus detection corresponding to the fingerprint of the target file does not meet the second preset condition, it is determined that the target file is Virus detection.
  • determining whether to perform virus detection on the target file is based on the historical information of virus detection in the target file metadata and the historical information of virus detection corresponding to the fingerprint of the target file in the index database, which can avoid virus detection on the premise of ensuring data security.
  • Repeated virus detection is performed on file contents that have already undergone virus detection, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, the user can open the target file in time, Improved the read and write performance of the storage system.
  • the method further includes: obtaining feedback from the target anti-virus system on the The result of virus detection on the target file; based on the result of virus detection, the historical information of virus detection corresponding to the target file is updated.
  • updating the historical information of virus detection corresponding to the target file according to the virus detection results can ensure that the historical information of virus detection corresponding to the target file is the latest historical information of virus detection, so that when the virus detection task is triggered next time, based on The latest virus detection history information determines whether to perform virus detection on the target file.
  • the method further includes: historical information of virus detection corresponding to the fingerprint of the target file satisfies the third In the case of two preset conditions, it is determined not to perform virus detection on the target file, and the historical information of virus detection in the metadata of the target file is updated.
  • the historical information of virus detection corresponding to the fingerprint of the target file satisfies the second preset condition, it indicates that the file content corresponding to the fingerprint of the target file has experienced virus detection and there is no virus, that is, the content of the target file has experienced virus detection. and there is no virus, you can update the historical information of virus detection in the target file metadata, thereby ensuring that the historical information of virus detection in the target file metadata is the latest historical information of virus detection, so that it can pass the next time the virus detection task is triggered.
  • the historical virus detection information in the target file metadata quickly determines whether the target file needs to be virus detected, or whether the target file fingerprint needs to be obtained.
  • inventions of the present application provide a virus detection device.
  • the device includes: an acquisition module for acquiring historical information of virus detection corresponding to the target file in the storage system; wherein the historical information of virus detection It includes: at least one of: whether it has experienced virus detection, the number of virus detections, the virus detection time, and the configuration information of the anti-virus system that performs virus detection; a determination module for based on the historical information of virus detection corresponding to the target file, Determine whether to perform virus detection on the target file; a request module, configured to send a request to perform virus detection on the target file to the target anti-virus system when it is determined to perform virus detection on the target file.
  • the historical information of virus detection corresponding to the target file can characterize the virus detection related information that the content of the target file has experienced; determining whether to perform virus detection on the target file based on the historical information of virus detection corresponding to the target file can be performed in Under the premise of ensuring data security, it avoids repeated virus detection on file contents that have been virus tested, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, , the user can open the target file in time, which improves the read and write performance of the storage system.
  • the historical information of virus detection corresponding to the target file includes the historical information of virus detection in the metadata of the target file, and/or , the historical information of virus detection corresponding to the file fingerprint of the target file in the index library; wherein the index library includes at least one file fingerprint and the historical information of virus detection corresponding to the at least one file fingerprint, and the at least One file fingerprint is associated with one or more files in the storage system, and the history information of virus detection corresponding to the at least one file fingerprint includes the history of virus detection corresponding to each file associated with the at least one file fingerprint. The latest historical information in the message.
  • the historical information of virus detection corresponding to the target file includes: the target file The historical information of virus detection in the metadata; the acquisition module is also used to read the historical information of virus detection corresponding to the target file in the target file metadata.
  • the historical information of virus detection in the metadata can quickly obtain the historical information of virus detection corresponding to the target file. Based on the historical information of virus detection in the metadata of the target file, determine whether to perform virus detection on the target file, which can ensure data security. This avoids repeated virus detection on file content that has already undergone virus detection, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, the user can open it in time Target files improve the read and write performance of the storage system.
  • the historical information of virus detection corresponding to the target file includes: in the index database, The historical information of virus detection corresponding to the file fingerprint of the target file; the acquisition module is also used to: determine the target file fingerprint of the target file; select the target file in the index database according to the target file fingerprint. Historical information of virus detection corresponding to the target file fingerprint.
  • the target file fingerprint is associated with one or more files in the storage system, that is, the contents of the one or more files are exactly the same. If any of the one or more files is confirmed to be safe through virus detection , then the contents of other files can also be considered safe, and virus detection does not need to be repeated on other files; therefore, the historical information of virus detection corresponding to the fingerprint of the target file is queried in the index database, and the virus detection corresponding to the fingerprint of the target file is of Historical information determines whether to perform virus detection on the target file, which can avoid repeated virus detection on file contents that have already undergone virus detection while ensuring data security, thereby saving network bandwidth overhead, saving virus detection time, and improving efficiency. Virus detection efficiency; in addition, when an online virus detection task is triggered, users can open the target file in time, improving the storage system's read and write performance.
  • the historical information of virus detection corresponding to the target file includes: Historical information of virus detection, and historical information of virus detection corresponding to the file fingerprint of the target file in the index database; the determination module is also used for: virus detection in the metadata of the target file If the historical information does not meet the first preset condition, determine the target file fingerprint of the target file; select the historical information of virus detection corresponding to the target file fingerprint in the index database according to the target file fingerprint; When the historical information of virus detection corresponding to the fingerprint of the target file does not meet the second preset condition, it is determined to perform virus detection on the target file.
  • determining whether to perform virus detection on the target file is based on the historical information of virus detection in the target file metadata and the historical information of virus detection corresponding to the fingerprint of the target file in the index database, which can avoid virus detection on the premise of ensuring data security.
  • Repeated virus detection is performed on file contents that have already undergone virus detection, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, the user can open the target file in time, Improved the read and write performance of the storage system.
  • the device further includes: a result feedback module for obtaining the target anti-virus The system feeds back the result of virus detection on the target file; an update module is used to update the historical information of virus detection corresponding to the target file according to the result of virus detection.
  • updating the historical information of virus detection corresponding to the target file according to the virus detection results can ensure that the historical information of virus detection corresponding to the target file is the latest historical information of virus detection, so that when the virus detection task is triggered next time, based on The latest virus detection history information determines whether to perform virus detection on the target file.
  • the device further includes: a metadata update module, which detects viruses corresponding to the fingerprint of the target file. If the historical information satisfies the second preset condition, it is determined not to perform virus detection on the target file, and the historical information on virus detection in the metadata of the target file is updated.
  • the historical information of virus detection corresponding to the fingerprint of the target file satisfies the second preset condition, it indicates that the file content corresponding to the fingerprint of the target file has experienced virus detection and does not have viruses, that is, the content of the target file has experienced virus detection and has no viruses. Then the historical information of virus detection in the target file metadata can be updated, thereby ensuring that the historical information of virus detection in the target file metadata is the latest historical information of virus detection, so that the target file metadata can be used when the virus detection task is triggered next time.
  • the historical information of virus detection in the file can quickly determine whether the target file needs to be virus detected, or whether the target file fingerprint needs to be obtained.
  • embodiments of the present application provide an electronic device, including: a processor; a memory for storing instructions executable by the processor; wherein the processor is configured to implement the first aspect when executing the instructions. Or one or more virus detection methods of the first aspect.
  • embodiments of the present application provide a computer-readable storage medium on which computer program instructions are stored.
  • the computer program instructions are executed by a processor, the first aspect or one or more aspects of the first aspect are implemented. virus detection methods.
  • embodiments of the present application provide a computer program product that, when the computer program product is run on a computer, causes the computer to execute the above-mentioned first aspect or one or more viruses of the first aspect. Detection method.
  • Figure 1 shows a schematic diagram of an applicable scenario of a virus detection method according to an embodiment of the present application.
  • Figure 2 shows a flow chart of a virus detection method according to an embodiment of the present application.
  • Figure 3 shows a schematic diagram of an index library according to an embodiment of the present application.
  • Figure 4 shows a schematic diagram of historical information of virus detection corresponding to file fingerprint 1 according to an embodiment of the present application.
  • Figure 5 shows a flow chart of a virus detection method according to an embodiment of the present application.
  • Figure 6 shows a flow chart of a virus detection method according to an embodiment of the present application.
  • Figure 7 shows a flow chart of a virus detection method according to an embodiment of the present application.
  • Figure 8 shows a schematic structural diagram of a virus detection device according to an embodiment of the present application.
  • Figure 9 shows a schematic structural diagram of an electronic device according to an embodiment of the present application.
  • At least one refers to one or more
  • plural refers to two or more.
  • “And/or” describes the association of associated objects, indicating that there can be three relationships, for example, A and/or B, which can mean: including the existence of A alone, the existence of A and B at the same time, and the existence of B alone, where A and B can be singular or plural.
  • the character “/” generally indicates that the related objects are in an “or” relationship.
  • “At least one of the following” or similar expressions thereof refers to any combination of these items, including any combination of a single item (items) or a plurality of items (items).
  • At least one of a, b, or c can mean: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, c can be single or multiple .
  • Figure 1 shows a schematic diagram of an applicable scenario of a virus detection method according to an embodiment of the present application.
  • this scenario may include a storage system 10 and an anti-virus system 20; the storage system 10 and the anti-virus system 20 may be connected through a wired or wireless network.
  • the storage system 10 may include an anti-virus unit for sending a virus detection request to the anti-virus system 20 to trigger virus detection; the virus detection request may include the storage path of the target file or the content of the target file.
  • the storage system 10 may be a NAS storage system; the NAS storage system may include 1-n file systems (File Systems, FS) for storing and organizing data to determine corresponding files based on file path information.
  • the administrator can configure the anti-virus function in the storage system 10 in advance through a graphical management interface or a command-line interface (CLI); when it is necessary to perform virus detection on files in the storage system 10, the anti-virus function
  • the virus unit may send a virus detection request to the anti-virus system 20 .
  • the anti-virus system 20 is used to perform virus detection and anti-virus processing on files.
  • the anti-virus system 20 can be external to the storage system 10 or deployed inside the storage system 10, which is not limited.
  • the anti-virus system 20 can be configured with an anti-virus server (AV Server), which can also be called an anti-virus engine (AV Engine), which can perform virus detection through installed anti-virus software; if the storage system 10 sends
  • AV Server anti-virus server
  • AV Engine anti-virus engine
  • the path of the target file is determined by the anti-virus server through file access protocols, such as Network File System (NFS) protocol, SMB protocol, Common Internet File System (CIFS) protocol, and Internet content adaptation.
  • file access protocols such as Network File System (NFS) protocol, SMB protocol, Common Internet File System (CIFS) protocol, and Internet content adaptation.
  • the anti-virus system 20 may also be configured with an anti-virus agent (Av Agent) to provide agent services for the anti-virus server to obtain information sent by the storage system 10 .
  • Av Agent anti-virus agent
  • this scenario may also include a client 30, which may be a Server Message Block (SMB) client (client); the user may send an operation access request to the storage system 10 through the client 30, thereby Perform operations such as opening, writing, saving, relation or reading on files in the storage system 10 .
  • SMB Server Message Block
  • an online virus detection task for the target file is triggered, also known as real-time scanning (On-Access Scanning); or the administrator can configure a periodic (for example, Perform global or local anti-virus scanning on the files in the storage system 10 during idle periods such as early morning, triggering the storage system 10 to actively perform background virus detection tasks on the target files.
  • a periodic for example, Perform global or local anti-virus scanning on the files in the storage system 10 during idle periods such as early morning, triggering the storage system 10 to actively perform background virus detection tasks on the target files.
  • the storage system 10 Before triggering an online virus detection task on the target file or triggering the storage system 10 to actively perform a background virus detection task on the target file, the storage system 10 will send a request for virus detection on the target file to the anti-virus system 20 , and the anti-virus system 20 will receive it.
  • the content of the target file After receiving the virus detection request, obtain the content of the target file (directly receive the content of the target file sent by the storage system 10, or obtain the content of the target file according to the path of the target file sent by the storage system 10), and perform the obtained target file
  • the content is tested for viruses. Since a large number of files are usually stored in the storage system, when a virus detection task is triggered, the contents of the target files in the storage system 10 need to be transmitted to the anti-virus system 20 , thus consuming a large amount of network input output (IO) transmission bandwidth. and time, and the efficiency is low. In addition, when an online virus detection task is triggered, the user cannot open and access the target file until the anti-virus system 20 completes the virus detection on the target file, which will have a great impact on the read and write performance of the storage system 10 .
  • IO network input output
  • embodiments of the present application provide a virus detection method (see below for detailed description), which can skip file contents that have been virus tested and avoid sending duplicate file contents to The anti-virus system performs virus detection, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, the user can open the target file in time, improving the storage system 10 reading and writing performance.
  • the above application scenarios described in the embodiments of the present application are for the purpose of more clearly explaining the technical solutions of the embodiments of the present application, and do not constitute a limitation on the technical solutions provided by the embodiments of the present application.
  • Those of ordinary skill in the art will know that In view of the emergence of other similar or new scenarios, the technical solutions provided by the embodiments of this application are also applicable to similar technical problems.
  • the virus detection method described in this application is also applicable to other storage systems, such as object-based storage systems, distributed file systems (Distributed File System, HDFS), big data storage systems and other storage systems.
  • Figure 2 shows a flow chart of a virus detection method according to an embodiment of the present application. Illustratively, this method can be executed by the anti-virus unit in Figure 1 above. As shown in Figure 2, the method may include the following steps:
  • the historical information of virus detection corresponding to the target file in the storage system can be obtained; for example, when the user operates and accesses the target file in the storage system, online virus detection on the target file can be triggered.
  • the anti-virus unit obtains the historical information of virus detection corresponding to the target file; for another example, when the storage system is triggered to actively perform a background virus detection task on the target file, the anti-virus unit obtains the historical information of virus detection corresponding to the target file.
  • the storage system may be the storage system 10 shown in FIG. 1 above.
  • the historical information of virus detection corresponding to the target file can represent the information related to virus detection that the content of the target file has experienced; among which, the historical information of virus detection can include: whether it has experienced virus detection, the number of virus detections, the time of virus detection, and the execution of viruses At least one item of configuration information of the detected antivirus system.
  • whether the content of a file has experienced virus detection indicates whether the content of a file has experienced virus detection; for example, whether the content of a file has experienced virus detection indicates that the content of a file has experienced virus detection before the current moment and is determined to be free of viruses, and has not experienced virus detection indicates that a file has not experienced virus detection. 's content has not been tested for viruses before the current moment.
  • the number of virus detections indicates the number of times the contents of a file have been tested for viruses.
  • the virus detection time represents the time when the content of a file has undergone virus detection. For example, it can be the latest virus detection time, that is, the time when the content of the file has undergone virus detection for the latest time.
  • the configuration information of the anti-virus system that performs virus detection represents the configuration information of the anti-virus system that performs virus detection when the content of a file undergoes virus detection.
  • it can be the configuration information of the anti-virus system that performs the latest virus detection;
  • the anti-virus system that performs virus detection may include anti-virus software, and the configuration information of the anti-virus system may be the version number of the anti-virus software.
  • the virus corresponding to the file can be detected.
  • the historical information is updated to the default value; as an example, the default value can include an item that has not experienced virus detection, the number of virus detections is 0, the virus detection time is empty, or the configuration information of the anti-virus system that performs virus detection is empty or multiple items.
  • the historical information of virus detection corresponding to the target file includes the historical information of virus detection in the metadata of the target file. That is, the target file metadata can record whether the content of the target file has experienced virus detection, the number of times the content of the target file has experienced virus detection, the time when the content of the target file has experienced virus detection, and virus detection is performed when the content of the target file has experienced virus detection. At least one item of configuration information of the anti-virus system.
  • the anti-virus unit may read the historical information of virus detection corresponding to the target file in the metadata of the target file.
  • the target file metadata including the configuration information of the anti-virus system that performs virus detection when the content of the target file undergoes virus detection. For example, when the content of the target file has been tested for viruses and it is confirmed that there is no virus, the version number of the anti-virus software that performed the virus detection can be recorded in the target file metadata; if the content of the target file has been tested for viruses again and it is confirmed that there is no virus, After a virus is detected, the version number of the anti-virus software recorded in the target file metadata can be updated according to the version number of the anti-virus software that performs the virus detection.
  • a "scanned" mark and the time of this virus detection can be recorded in the target file metadata.
  • the history information of virus detection in the target file metadata may include whether the content of the target file has experienced virus detection, the time when the content of the target file has experienced virus detection, and the virus detection was performed when the content of the target file has experienced virus detection.
  • Configuration information of the anti-virus system when the target file has been tested for viruses and is confirmed to be free of viruses, the "scanned" mark, the time of this virus detection, and the time when this virus detection was performed can be recorded in the target file metadata.
  • Antivirus system configuration information when the target file has been tested for viruses and is confirmed to be free of viruses, the "scanned" mark, the time of this virus detection, and the time when this virus detection was performed can be recorded in the target file metadata.
  • the historical information of virus detection corresponding to the target file may include historical information of virus detection corresponding to the file fingerprint of the target file in the index database; for example, the anti-virus unit may query in the index database Historical information about virus detections corresponding to the target file's target file fingerprint.
  • the index database includes at least one file fingerprint and historical information of virus detection corresponding to the at least one file fingerprint.
  • the at least one file fingerprint is associated with one or more files in the storage system.
  • the virus corresponding to the at least one file fingerprint The detected historical information includes the latest historical information among the virus detected historical information corresponding to each file associated with the at least one file fingerprint.
  • the file fingerprint of the target file can be calculated based on the content of the target file; where the file fingerprint can be calculated through the existing file Fingerprints are obtained.
  • the file fingerprint of the target file may be recorded in the metadata of the target file.
  • the historical information of virus detection corresponding to each file associated with the file fingerprint is summarized, so that the latest historical information among the historical information of virus detection corresponding to each associated file is used as the file fingerprint.
  • the corresponding historical information of virus detection finally insert the file fingerprint as the key into the index database (key) index record (that is, the historical information of virus detection corresponding to the file fingerprint), thereby establishing an index database; the index database can record whether it has experienced virus detection, the number of virus detections, the time of virus detection, and the time when virus detection was performed. At least one item of configuration information for the antivirus system.
  • Figure 3 shows a schematic diagram of an index database according to an embodiment of the present application.
  • the index database can include multiple file fingerprints, namely file fingerprint 1, file fingerprint 2, and file fingerprint 3...File fingerprint n; wherein, the historical information of virus detection corresponding to each file fingerprint may include whether the file content corresponding to the file fingerprint has experienced virus detection, the time when the file content corresponding to the file fingerprint has experienced virus detection, the file fingerprint The version number of the anti-virus software that performs virus detection when the corresponding file content undergoes virus detection.
  • the historical information of virus detection corresponding to file fingerprint 1 in Figure 3 includes: having experienced virus detection, the virus detection time is T1, and the version number of the anti-virus software that performs virus detection is P1; for another example, the virus detection corresponding to file fingerprint 3
  • the historical information includes: no virus detection has been performed, the virus detection time is empty, and the version number of the anti-virus software that performs virus detection is empty.
  • the file fingerprint of the file will change, the file fingerprint of the file will be recalculated. Fingerprint.
  • the content of a certain file has been tested for viruses and it is determined that a virus exists, the content of the file will also change after anti-virus processing, and the file fingerprint of the file will be recalculated; or if there is a new file in the storage system file, you can calculate the file fingerprint of the newly created file. Then, the historical information of virus detection corresponding to the latest file fingerprint in the index database can be updated; if the latest file fingerprint is not found in the index database, an index with the latest file fingerprint as the key can be inserted into the index database. Record.
  • the information about whether the content of each file associated with the file fingerprint has experienced virus detection can be determined based on the information about whether the content of each file associated with the file fingerprint has experienced virus detection. If the associated files The content of any file in the file has experienced virus detection, that is, the latest information about whether it has experienced virus detection is that it has experienced virus detection, then the historical virus detection information corresponding to the fingerprint of the file includes the information that has experienced virus detection; for example, you can Add a "scanned" mark to the index record corresponding to the fingerprint of the file in the index database; if the contents of each associated file have not experienced virus detection, the historical information of virus detection corresponding to the fingerprint of the file includes "scanned" virus testing information.
  • the latest virus detection time can be selected from the virus detection times corresponding to each file associated with the file fingerprint as the virus detection time corresponding to the file fingerprint.
  • the configuration information of the latest anti-virus system among the configuration information of the anti-virus system that performs virus detection corresponding to each file associated with the file fingerprint can be selected as the configuration information corresponding to the file fingerprint.
  • Configuration information of the anti-virus system that performs virus detection for example, the latest anti-virus software version number among the anti-virus software version numbers that perform virus detection corresponding to each file associated with the file fingerprint can be used as the anti-virus software version number that performs virus detection corresponding to the file fingerprint.
  • the version number of the anti-virus software is a version number of the anti-virus software.
  • Figure 4 shows a schematic diagram of historical information of virus detection corresponding to file fingerprint 1 according to an embodiment of the present application.
  • file B and file C in the storage system are data copies of file A.
  • the contents of file A, file B and file C are all the same.
  • the file fingerprints of file A, file B and file C are the same and are all file fingerprint 1, that is , File fingerprint 1 is associated with file A, file B, and file C in the storage system.
  • the historical information of virus detection corresponding to file A includes that the content of file A has experienced virus detection, the virus detection time is 15:00 on January 1, 2022, and the anti-virus software version number is p1; the historical information of virus detection corresponding to file B is file The content of B has experienced virus detection, the virus detection time is 13:00 on January 1, 2022, and the anti-virus software version number is p2; the historical information of virus detection corresponding to file C is that the content of file C has not experienced virus detection, virus detection The time is empty and the anti-virus software version number is empty.
  • the virus detection history information corresponding to file fingerprint 1 includes information about virus detection; file The virus detection time corresponding to file A is later than the virus detection time corresponding to file B.
  • the virus detection time that is, the latest virus detection time is the virus detection time corresponding to file A
  • the virus detection time corresponding to file fingerprint 1 is 15:00 on January 1, 2022
  • the anti-virus software version number p1 corresponding to file A is relative to the file
  • the anti-virus software version number p2 corresponding to B is updated, that is, the latest anti-virus software version number that performs virus detection is p1, then it can be determined that the anti-virus software version number corresponding to file fingerprint 1 is p1.
  • the historical information of virus detection corresponding to the target file includes the historical information of virus detection in the target file metadata and the historical information of virus detection corresponding to the file fingerprint of the target file in the index database.
  • the types of the historical virus detection information in the target file metadata and the historical virus detection information corresponding to the file fingerprint of the target file in the index database may be the same or different, and are not limited to this.
  • the historical information of virus detection in the target file metadata can include whether it has experienced virus detection, and the historical information of virus detection corresponding to the file fingerprint of the target file can include the virus detection time; for another example, the virus detection in the target file metadata
  • the historical information of the file may include whether it has experienced virus detection, and the historical information of virus detection corresponding to the file fingerprint of the target file may include whether it has experienced virus detection.
  • S202 Determine whether to perform virus detection on the target file according to the historical information of virus detection corresponding to the target file.
  • the historical information of virus detection corresponding to the target file satisfies the preset conditions, it may be determined not to perform virus detection on the target file; if the historical information of virus detection corresponding to the target file does not meet the preset conditions, Confirm that the target file is checked for viruses.
  • the corresponding preset condition may include that the content of the target file has experienced virus detection. For example, if there is a "scanned" mark in the historical information of virus detection corresponding to the target file, indicating that the content of the target file has undergone virus detection, it is determined that the target file will not be virus detected; if the historical information of virus detection corresponding to the target file If there is no "scanned" mark in the file, it means that the target file has been detected for viruses.
  • the corresponding preset condition may include that the interval between the virus detection time and the current moment in the historical information of virus detection corresponding to the target file has not exceeded Preset time interval. If the interval between the virus detection time and the current time in the historical information of virus detection corresponding to the target file does not exceed the preset time interval, it is determined not to perform virus detection on the target file; if the virus detection time in the historical information of virus detection corresponding to the target file is different from the current time.
  • the value of the preset time interval can be set as needed, and there is no limit to this.
  • the corresponding preset condition may include that the number of virus detections in the historical information of virus detection corresponding to the target file does not exceed the preset number of detections. . If the number of virus detections in the historical information of virus detection corresponding to the target file has reached the preset number of detections, it is determined not to perform virus detection on the target file; if the number of virus detections in the historical information of virus detection corresponding to the target file has not reached the preset number of detections, Then it is determined to perform virus detection on the target file; wherein, the value of the preset number of detections can be set as needed and is not limited.
  • the corresponding preset conditions may include the configuration information of the anti-virus system that performs virus detection and the target anti-virus.
  • the configuration information of the system (that is, the anti-virus system currently performing virus detection) is the same.
  • the target file can be skipped and no virus detection will be performed on the target file; if the virus corresponding to the target file If the version number of the anti-virus software in the detected historical information is different from the version number of the anti-virus software currently performing virus detection (for example, the anti-virus software is updated and the version number of the anti-virus software changes), then it is determined that the target file is to be tested for viruses.
  • the corresponding preset conditions can be that the content of the target file has experienced virus detection, and the virus corresponding to the target file
  • the interval between the virus detection time and the current time in the detection history information does not exceed the preset time interval. For example, if there is a "scanned" mark in the historical information of virus detection corresponding to the target file and the interval between the virus detection time and the current time in the historical information of virus detection corresponding to the target file does not exceed the preset time interval, it is determined that the target file is not used.
  • the file is checked for viruses; otherwise, the target file is determined to be checked for viruses.
  • the corresponding preset condition can be the content of the target file.
  • the interval between the virus detection time and the current time in the historical information of virus detection and virus detection corresponding to the target file does not exceed the preset time interval, and the configuration information of the anti-virus system that performs virus detection is the same as the configuration information of the target anti-virus system.
  • the target file corresponds to If the version number of the anti-virus software in the historical information of virus detection is the same as the version number of the anti-virus software currently performing virus detection, it is determined not to perform virus detection on the target file; otherwise, it is determined to perform virus detection on the target file.
  • the storage system may be connected wirelessly or wiredly to one or more anti-virus systems, and may send a request to perform virus detection on the target file to the target anti-virus system if it is determined that the target file is to be virus-detected.
  • the target anti-virus system may be the anti-virus system 20 in Figure 1 mentioned above.
  • the virus detection request may also include the path of the target file or the content of the target file, so that the target anti-virus system can perform virus detection on the target file.
  • the anti-virus unit can send the path of the target file to the target anti-virus system, and the target anti-virus system obtains the target file from the storage system through the file access protocol based on the path of the target file.
  • Virus detection is then performed after the content of the target file is detected to determine whether there is a virus in the content of the target file; for another example, the anti-virus unit can send the content of the target file to the target anti-virus system, and the target anti-virus system directly checks the received target file. Conduct virus detection on the content of the target file to determine whether there is a virus in the content of the target file.
  • virus detection on the target file may be skipped.
  • the user can be directly allowed to operate on the target file.
  • the results of virus detection on the target file fed back by the target anti-virus system can also be obtained; and based on the virus detection results, the history of virus detection corresponding to the target file is updated. information. This way, when the virus detection task is triggered next time, it is determined whether to perform virus detection on the target file based on the latest virus detection history information.
  • the target anti-virus system can report to the anti-virus system.
  • the virus unit reports that the target file does not contain viruses; the anti-virus unit can add a "scanned" mark to the historical virus detection information corresponding to the target file.
  • the target file can be disinfected ( For example, part or all of the content in the target file is deleted, isolated, etc.), and the target file is fed back to the anti-virus unit that the target file contains viruses. Since the content of the target file changes after the anti-virus process, the anti-virus unit can detect the virus in the target file after the anti-virus unit. Delete the "scanned" mark from the corresponding virus detection history information.
  • the target anti-virus system performs virus detection on the target file and the target anti-virus system confirms that the target file does not have a virus, it can feedback to the anti-virus unit that the target file does not have a virus and the time of this virus detection, and the anti-virus unit can Update the virus detection time in the historical information of virus detection corresponding to the target file to the current virus detection time. If the target anti-virus system performs virus detection on the target file and confirms that the target file has a virus, it can disinfect the target file and feedback to the anti-virus unit that the target file has a virus. The anti-virus unit can then match the target file with the virus. The virus detection time in the virus detection history information is updated to the default value.
  • the target anti-virus system performs virus detection on the target file and the target anti-virus system confirms that the target file does not have viruses, it can feedback to the anti-virus unit that the target file does not have viruses and the version of the anti-virus software that performed this virus detection. number; the anti-virus unit can update the version number of the anti-virus software that performs virus detection in the historical information of virus detection corresponding to the target file to the version number of the anti-virus software used for this virus detection. If the target anti-virus system performs virus detection on the target file and confirms that the target file has a virus, it can disinfect the target file and feedback to the anti-virus unit that the target file has a virus. The anti-virus unit can then match the target file to The version number of the anti-virus software that performs virus detection in the virus detection history information is updated to the default value.
  • the historical information of virus detection corresponding to the target file can represent the relevant information of virus detection experienced by the content of the target file; determining whether to perform virus detection on the target file can be based on the historical information of virus detection corresponding to the target file.
  • it avoids repeated virus detection on file contents that have been virus tested, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when triggering online virus detection tasks At this time, the user can open the target file in time, which improves the read and write performance of the storage system.
  • the virus detection method in the embodiment of the present application will be described below by taking the historical information of virus detection corresponding to the target file, including the historical information of virus detection in the metadata of the target file, as an example.
  • Figure 5 shows a flow chart of a virus detection method according to an embodiment of the present application.
  • the method may be executed by the anti-virus unit in Figure 1 described above.
  • the virus detection method includes:
  • target file metadata may refer to the relevant expressions in step 201 in Figure 2 above.
  • S502 Determine whether to perform virus detection on the target file according to the historical information of virus detection corresponding to the target file.
  • the historical information of virus detection in the target file metadata satisfies the preset conditions, it may be determined not to perform virus detection on the target file; if the historical information of virus detection corresponding to the target file does not meet the preset conditions. Next, confirm to perform virus detection on the target file.
  • the result of virus detection on the target file fed back by the target anti-virus system can also be obtained; and based on the result of virus detection, the virus in the metadata of the target file can be updated.
  • Detection history information For example, after the target anti-virus system performs virus detection on the target file, one or more items of whether there is a virus in the target file, the time of the virus detection, or the configuration information of the target anti-virus system can be fed back to the anti-virus unit. , the anti-virus unit updates the historical information of virus detection in the target file metadata based on the feedback information.
  • the historical information of virus detection in the target file metadata is read, and the historical information of virus detection corresponding to the target file is quickly obtained; considering that after a file has been virus tested and confirmed to be virus-free, if If the content of the file has not changed, then the content of the file is still safe, and the file does not need to be repeatedly tested for viruses; therefore, it is determined whether to perform virus testing on the target file based on the historical information of virus detection in the metadata of the target file.
  • Testing can avoid repeated virus testing on file contents that have already undergone virus testing on the premise of ensuring data security, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when triggering online During virus detection tasks, users can open target files in time, which improves the read and write performance of the storage system.
  • the virus detection time experienced by the content of the target file can be read in the target file metadata. If the interval between the virus detection time experienced by the content of the target file and the current moment exceeds the preset time interval, it is determined that the target file will be infected with viruses. detection, and sends a request to the target antivirus system to perform virus detection on the target file. If the interval between the virus detection time experienced by the content of the target file and the current moment does not exceed the preset time interval, it can be determined that the target file will not be virus detected.
  • the configuration information of the anti-virus system that performs virus detection can be read in the target file metadata. If the configuration information of the anti-virus system that performs virus detection is different from the configuration information of the target anti-virus system, it is determined to perform virus detection on the target file. and sends a request to the target antivirus system to perform virus detection on the target file. If the configuration information of the anti-virus system that performs virus detection is the same as the configuration information of the target anti-virus system, it can be determined that the target file will not be detected for viruses.
  • the historical information of virus detection in the target file metadata includes whether the content of the target file has experienced virus detection, the time when the content of the target file has experienced virus detection, and the prevention method of performing virus detection when the content of the target file has experienced virus detection.
  • the configuration information of the virus system Take the configuration information of the virus system as an example. Whether the target file has experienced virus detection, virus detection time, and the configuration information of the anti-virus system that performs virus detection can be read in the target file metadata; for example, you can read whether there is a "scanned" mark in the target file metadata.
  • the file is checked for viruses and a request is sent to the target antivirus system to check the target file for viruses.
  • the virus detection method in the embodiment of the present application will be described below by taking the historical information of virus detection corresponding to the target file including the historical information of virus detection corresponding to the file fingerprint of the target file in the index database as an example.
  • Figure 6 shows a flow chart of a virus detection method according to an embodiment of the present application.
  • the method may be executed by the anti-virus unit in Figure 1 described above.
  • the virus detection method includes:
  • the target file fingerprint of the target file can be read in the target file metadata
  • a target file's target file fingerprint can be calculated based on the content in the target file.
  • the method of calculating the fingerprint of the target file can use existing technology, which will not be described again here; for example, a hash code can be used to generate the fingerprint of the target file.
  • index database For the specific description of the index database, please refer to the relevant expressions in step 201 in Figure 2 above.
  • the fingerprint of the target file can be used as a key to perform a query in the index database to obtain the historical information of virus detection corresponding to the fingerprint of the target file.
  • an index record with the target file fingerprint as the key can be inserted into the index database.
  • the historical information of virus detection corresponding to the fingerprint of the target file in the index record is set to the default value.
  • S603. Determine whether to perform virus detection on the target file based on the historical information of virus detection corresponding to the fingerprint of the target file.
  • the historical information of virus detection corresponding to the fingerprint of the target file satisfies the preset conditions, it may be determined not to perform virus detection on the target file; when the historical information of virus detection corresponding to the fingerprint of the target file does not meet the preset conditions. Next, confirm to perform virus detection on the target file.
  • the result of virus detection on the target file fed back by the target anti-virus system can also be obtained; and based on the result of virus detection, the index database and the target file can be updated.
  • Historical information of virus detection corresponding to file fingerprints For example, after the target anti-virus system performs virus detection on the target file, one or more items of whether there is a virus in the target file, the time of the virus detection, or the configuration information of the target anti-virus system can be fed back to the anti-virus unit. , the anti-virus unit updates the historical information of virus detection corresponding to the fingerprint of the target file in the index database based on the feedback information.
  • the historical information of virus detection corresponding to the target file fingerprint is queried in the index database; considering that the target file fingerprint is associated with one or more files in the storage system, that is, the one or more files The contents are exactly the same. If any one of the one or more files is confirmed to be safe through virus detection, the contents of other files can also be considered safe, and virus detection does not need to be repeated for other files; therefore, according to the target
  • the historical virus detection information corresponding to the file fingerprint determines whether to perform virus detection on the target file. This can avoid repeated virus detection on file contents that have already undergone virus detection while ensuring data security, thereby saving network bandwidth overhead and saving money. It shortens virus detection time and improves virus detection efficiency; in addition, when an online virus detection task is triggered, users can open the target file in time, improving the read and write performance of the storage system.
  • the historical information of virus detection corresponding to the fingerprint of the target file in the index database including whether it has experienced virus detection; for example, you can use the fingerprint of the target file as the key to query in the index database to obtain the fingerprint corresponding to the target file.
  • the index database takes the historical information of virus detection corresponding to the fingerprint of the target file in the index database, including the time of virus detection; for example, you can query the index database using the fingerprint of the target file as the key to obtain the virus detection corresponding to the fingerprint of the target file. time; if the interval between the virus detection time corresponding to the target file fingerprint and the current time exceeds the preset time interval, determine to perform virus detection on the target file, and send a request to perform virus detection on the target file to the target anti-virus system. If the interval between the virus detection time corresponding to the fingerprint of the target file and the current time does not exceed the preset time interval, it is determined that the target file will not be tested for viruses.
  • the target file fingerprint can be used as the key to query in the index database, Obtain the configuration information of the anti-virus system that performs virus detection corresponding to the fingerprint of the target file. If the configuration information of the anti-virus system that performs virus detection corresponding to the fingerprint of the target file is different from the configuration information of the target anti-virus system, it is determined that the target file should be infected with viruses. detection, and sends a request to the target antivirus system to perform virus detection on the target file. If the configuration information of the anti-virus system that performs virus detection corresponding to the fingerprint of the target file is the same as the configuration information of the target anti-virus system, it can be determined that the target file will not be detected for viruses.
  • the target file can be The fingerprint is the key to query in the index database to obtain whether there is a "scanned" mark in the historical information of virus detection corresponding to the fingerprint of the target file, the virus detection time corresponding to the fingerprint of the target file, and the anti-virus detection time corresponding to the fingerprint of the target file.
  • Configuration information of the virus system if the historical information of virus detection corresponding to the target file fingerprint has a "scanned" mark, the interval between the virus detection time corresponding to the target file fingerprint and the current time does not exceed the preset time interval, and the target file fingerprint If the corresponding configuration information of the anti-virus system that performs virus detection is the same as the configuration information of the target anti-virus system, then it is determined not to perform virus detection on the target file; otherwise, it is determined to perform virus detection on the target file, and the target file is sent to the target anti-virus system. File virus detection request.
  • the following takes the historical information of virus detection corresponding to the target file, including the historical information of virus detection in the metadata of the target file, and the historical information of virus detection corresponding to the file fingerprint of the target file in the index database as an example.
  • Virus detection methods are explained.
  • Figure 7 shows a flow chart of a virus detection method according to an embodiment of the present application. Illustratively, this method can be executed by the anti-virus unit in Figure 1 above. As shown in Figure 7, the virus detection method includes:
  • This step is the same as the above-mentioned step S501 in Figure 5 and will not be described again.
  • the method of determining the target file fingerprint of the target file may refer to the relevant expressions in step S601 in FIG. 6 above.
  • the target file fingerprint of the target file can also be determined when the historical information of virus detection in the target file metadata satisfies the first preset condition. For example, the target file may not have undergone virus detection for a long time. In order to further ensure data security, the target file fingerprint can still be determined when the "scanned" mark is recorded in the metadata, so as to further determine whether the target file has been detected. Get tested for viruses.
  • the first preset condition may be that there is a "scanned" mark in the target file's metadata. If there is a "scanned” mark in the target file's metadata, it means that the target file has been tested for viruses and is confirmed to be free of viruses. , the target file does not need to be virus detected; if there is no "scanned" mark in the target file metadata, the target file fingerprint is read in the target file metadata.
  • the first preset condition may be that the number of virus detections recorded in the metadata of the target file reaches the preset number of detections. If the number of virus detections recorded in the metadata of the target file reaches the preset number of detections, the target file may not be detected. Perform virus detection on the file; if the number of virus detections recorded in the target file metadata does not reach the preset number of detections, the target file fingerprint can be read in the target file metadata.
  • the first preset condition may be that the interval between the virus detection time recorded in the target file metadata and the current time does not exceed the preset time interval. If the interval between the virus detection time recorded in the target file metadata and the current time is If the preset time interval is not exceeded, the target file does not need to be virus detected; if the interval between the virus detection time recorded in the target file metadata and the current time exceeds the preset time interval, read the target file fingerprint in the target file metadata. .
  • the first preset condition may be that the configuration information of the anti-virus system that performs virus detection recorded in the target file metadata is the same as the configuration information of the target anti-virus system. If the configuration information of the anti-virus system that performs virus detection recorded in the target file metadata If the configuration information of the anti-virus system is the same as the configuration information of the target anti-virus system, the target file does not need to be virus detected; if the configuration information of the anti-virus system that performs virus detection recorded in the target file metadata is different from the configuration information of the target anti-virus system If the information is different, read the target file fingerprint in the target file metadata.
  • the first preset condition may be that there is a "scanned" mark in the target file metadata, the interval between the virus detection time recorded in the target file metadata and the current moment does not exceed a preset time interval, and the target file
  • the configuration information of the anti-virus system that performs virus detection recorded in the metadata is the same as the configuration information of the target anti-virus system. If there is a "scanned" mark in the target file metadata, and the interval between the recorded virus detection time and the current time is not If the preset time interval exceeds and the configuration information of the anti-virus system that performs virus detection is the same as the configuration information of the target anti-virus system, the target file does not need to be virus detected; otherwise, the target file is read in the target file metadata fingerprint.
  • This step is the same as step S602 in FIG. 6 and will not be described again.
  • the historical information of virus detection corresponding to the fingerprint of the target file satisfies the second preset condition, it is determined not to perform virus detection on the target file, and the history of virus detection in the metadata of the target file is updated. information.
  • the historical information of virus detection in the target file metadata may be updated according to the historical information of virus detection corresponding to the fingerprint of the target file. For example, if there is no "scanned” mark in the metadata of the target file, but there is a "scanned” mark in the historical virus detection information corresponding to the fingerprint of the target file, you can add "scanned” to the metadata of the target file. " mark.
  • the virus detection time recorded in the metadata of the target file can be updated to the virus detection time corresponding to the fingerprint of the target file.
  • the target file can be updated.
  • the historical information of virus detection in the metadata thereby ensuring that the historical information of virus detection in the target file metadata is the latest historical information of virus detection, so that the next time the virus detection task is triggered, the virus detection in the target file metadata can be passed. Historical information can be used to quickly determine whether the target file needs to be tested for viruses, or whether the target file fingerprint needs to be obtained.
  • step S705 after executing the above step S705, feedback from the target anti-virus system can also be obtained.
  • the result of virus detection on the target file and based on the result of virus detection, update the historical information of virus detection in the metadata of the target file, and the historical information of virus detection corresponding to the file fingerprint of the target file in the index database.
  • take the history information of virus detection including whether it has experienced virus detection. For example, you can read whether there is a "scanned" mark in the target file metadata. If there is no "scanned” mark in the target file metadata, determine the target file fingerprint of the target file, and select the target file in the index library. Information about whether the fingerprint corresponds to virus detection; if there is no "scanned” mark in the historical virus detection information corresponding to the fingerprint of the target file in the index database, it is determined that the target file will be virus detected and sent to the target anti-virus system A request to perform virus detection on the target file.
  • take the historical information of virus detection including the time of virus detection.
  • the virus detection time experienced by the content of the target file can be read in the target file metadata. If the interval between the virus detection time recorded in the metadata and the current moment exceeds the preset time interval, the target file fingerprint is determined and indexed Select the virus detection time corresponding to the fingerprint of the target file from the library. If the interval between the virus detection time corresponding to the fingerprint of the target file and the current time exceeds the preset time interval, it is determined to perform virus detection on the target file and send the target file to the target anti-virus system. A request to perform virus detection on the target file.
  • the target file metadata can be updated according to the virus detection time corresponding to the target file fingerprint. Recorded virus detection time.
  • take historical information of virus detection including configuration information of an anti-virus system that performs virus detection.
  • the configuration information of the anti-virus system that performs virus detection can be read in the target file metadata. If the configuration information of the anti-virus system that performs virus detection recorded in the target file metadata is different from the configuration information of the target anti-virus system, then OK Target file fingerprint, and select the configuration information of the anti-virus system that performs virus detection corresponding to the target file fingerprint in the index database. If the configuration information of the anti-virus system for virus detection corresponding to the target file fingerprint is different from the configuration information of the target anti-virus system , then it is determined to perform virus detection on the target file, and a request for virus detection on the target file is sent to the target anti-virus system.
  • the configuration information of the anti-virus system that performs virus detection corresponding to the fingerprint of the target file is the same as the configuration information of the target anti-virus system, it can be determined that the target file will not be detected for viruses; further, the anti-virus system that performs virus detection corresponding to the fingerprint of the target file can be determined.
  • the configuration information of the anti-virus system updates the configuration information of the anti-virus system that performs virus detection recorded in the target file metadata.
  • take the historical information of virus detection including whether it has experienced virus detection, the time of virus detection, and the configuration information of the anti-virus system that performs virus detection.
  • the fingerprint corresponds to the information about whether it has experienced virus detection, the virus detection time and the configuration information of the anti-virus system that performs virus detection. If the virus detection information corresponding to the fingerprint of the target file has a "scanned" mark, the corresponding virus detection The interval between time and the current moment does not exceed the preset time interval or the corresponding execution error If the configuration information of the anti-virus system for virus detection is the same as the configuration information of the target anti-virus system and any one of them is not satisfied, then it is determined to perform virus detection on the target file and a request to perform virus detection on the target file is sent to the target anti-virus system.
  • the virus detection information corresponding to the target file fingerprint has a "scanned" mark, the interval between the corresponding virus detection time and the current time does not exceed the preset time interval, and the corresponding configuration information of the antivirus system that performs virus detection is the same as If the configuration information of the target anti-virus system is the same, it can be determined that the target file will not be virus detected; further, a "scanned" mark can be added to the metadata of the target file, and the virus detection time corresponding to the fingerprint of the target file can be and the corresponding configuration information of the anti-virus system that performs virus detection, and updates the virus detection time and the configuration information of the anti-virus system that performs virus detection in the target file metadata.
  • embodiments of the present application also provide a virus detection device, which can be used to implement the technical solution described in the above method embodiments. For example, each step of the method shown in FIG. 2, FIG. 5, FIG. 6 or FIG. 7 can be performed.
  • Figure 8 shows a schematic structural diagram of a virus detection device according to an embodiment of the present application.
  • the device includes: an acquisition module 801, used to obtain historical information of virus detection corresponding to the target file in the storage system; wherein the historical information of virus detection includes: whether it has experienced virus detection, virus detection At least one of the number of times, virus detection time, and configuration information of the anti-virus system that performs virus detection; the determination module 802 is used to determine whether to perform virus detection on the target file based on the historical information of virus detection corresponding to the target file. Detection; request module 803, configured to send a request for virus detection to the target anti-virus system to the target anti-virus system when it is determined to perform virus detection on the target file.
  • the historical information of virus detection corresponding to the target file can represent the relevant information of virus detection experienced by the content of the target file; determining whether to perform virus detection on the target file based on the historical information of virus detection corresponding to the target file can be performed in Under the premise of ensuring data security, it avoids repeated virus detection on file contents that have been virus tested, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, , the user can open the target file in time, which improves the read and write performance of the storage system.
  • the historical information of virus detection corresponding to the target file includes the historical information of virus detection in the metadata of the target file, and/or the file fingerprint corresponding to the target file in the index database.
  • Multiple files are associated, and the historical information of virus detection corresponding to the at least one file fingerprint includes the latest historical information among the historical information of virus detection corresponding to each file associated with the at least one file fingerprint.
  • the historical information of virus detection corresponding to the target file includes: the historical information of virus detection in the metadata of the target file; the acquisition module 801 is also configured to In the metadata, read the historical information of virus detection corresponding to the target file.
  • the historical information of virus detection corresponding to the target file includes: the historical information of virus detection corresponding to the file fingerprint of the target file in the index database; the acquisition module 801 is also used to : Determine the target file fingerprint of the target file; select the historical information of virus detection corresponding to the target file fingerprint in the index database according to the target file fingerprint.
  • the historical information of virus detection corresponding to the target file includes: the historical information of virus detection in the metadata of the target file, and files in the index database that are related to the target file.
  • the historical information of virus detection corresponding to the fingerprint; the determination module 802 is also used to: determine the historical information of virus detection in the target file metadata when the historical information of virus detection does not meet the first preset condition.
  • Target file fingerprint select the historical information of virus detection corresponding to the target file fingerprint in the index database according to the target file fingerprint; select the target file fingerprint in the index database; If the historical virus detection information corresponding to the file fingerprint does not meet the second preset condition, it is determined to perform virus detection on the target file.
  • the device further includes: a result feedback module, used to obtain the result of virus detection of the target file as fed back by the target anti-virus system; and an update module, used to detect the virus according to the Based on the detection results, the historical information of virus detection corresponding to the target file is updated.
  • a result feedback module used to obtain the result of virus detection of the target file as fed back by the target anti-virus system
  • an update module used to detect the virus according to the Based on the detection results, the historical information of virus detection corresponding to the target file is updated.
  • the device further includes: a metadata update module, which determines not to perform the virus detection on the target file when the historical information of virus detection corresponding to the fingerprint of the target file satisfies the second preset condition. Virus detection and updating the historical virus detection information in the target file metadata.
  • modules in the virus detection device is only a division of logical functions. In actual implementation, they can be fully or partially integrated into a physical entity, or they can also be physically separated.
  • the modules in the device can be implemented in the form of the processor calling software; for example, the device includes a processor, the processor is connected to a memory, instructions are stored in the memory, and the processor calls the instructions stored in the memory to implement any of the above methods. Or realize the functions of each module of the device, where the processor is, for example, a general-purpose processor, such as a central processing unit (Central Processing Unit, CPU) or a microprocessor, and the memory is a memory within the device or a memory outside the device.
  • CPU central processing unit
  • microprocessor a microprocessor
  • the modules in the device can be implemented in the form of hardware circuits, and some or all of the module functions can be implemented through the design of the hardware circuits, which can be understood as one or more processors; for example, in one implementation,
  • the hardware circuit is an application-specific integrated circuit (ASIC).
  • ASIC application-specific integrated circuit
  • the hardware circuit is It can be realized by programmable logic device (PLD), taking Field Programmable Gate Array (FPGA) as an example, which can include a large number of logic gate circuits, and the logic gate circuits are configured through configuration files. connection relationships to realize the functions of some or all of the above modules. All modules of the above device may be fully implemented by the processor calling software, or all may be implemented by hardware circuits, or part of the modules may be implemented by the processor calling software, and the remaining part may be implemented by hardware circuits.
  • PLD programmable logic device
  • FPGA Field Programmable Gate Array
  • the processor is a circuit with signal processing capabilities.
  • the processor may be a circuit with instruction reading and execution capabilities, such as a CPU, a microprocessor, and a graphics processor. (graphics processing unit, GPU), digital signal processor (digital signal processor, DSP), neural network processing unit (NPU), tensor processing unit (TPU), etc.; in another
  • the processor can realize certain functions through the logical relationship of the hardware circuit. The logical relationship of the hardware circuit is fixed or can be reconstructed.
  • the processor is a hardware circuit implemented by ASIC or PLD, such as FPGA.
  • the process of the processor loading the configuration file and realizing the hardware circuit configuration can be understood as the process of the processor loading instructions to realize the functions of some or all of the above modules.
  • each module in the above device can be one or more processors (or processing circuits) configured to implement the methods of the above embodiments, such as: CPU, GPU, NPU, TPU, microprocessor, DSP, ASIC, FPGA , or a combination of at least two of these processor forms.
  • processors or processing circuits
  • all or part of the modules in the above device may be integrated together, or may be implemented independently, which is not limited.
  • the virus detection device can be set up independently, can be integrated in other devices, or can be implemented through software or a combination of software and hardware.
  • the virus detection device can be the anti-virus unit in Figure 1 and can be integrated into the storage system 10 in Figure 1 above.
  • the virus detection device may also be a device or system with data processing capabilities, or may be provided in components or chips in some devices or systems.
  • the virus detection device can be an integrated storage management platform (Integrated Storage Management, DEVICE MANAGER), cloud server, desktop computer, portable computer, network server, service cluster, personal digital assistant (PDA), mobile phone, tablet computer , wireless terminal equipment, embedded equipment, medical equipment or other equipment with data processing functions, or components or chips in these equipment.
  • integrated storage management platform Integrated Storage Management, DEVICE MANAGER
  • cloud server desktop computer
  • portable computer portable computer
  • network server service cluster
  • PDA personal digital assistant
  • mobile phone tablet computer
  • wireless terminal equipment wireless terminal equipment
  • embedded equipment embedded equipment
  • medical equipment or other equipment with data processing functions or components or chips in these equipment.
  • An embodiment of the present application also provides an electronic device, including: a processor; a memory for storing instructions executable by the processor; wherein the processor is configured to implement the method of the above embodiment when executing the instructions. For example, each step of the method shown in FIG. 2, FIG. 5, FIG. 6 or FIG. 7 can be performed.
  • Figure 9 shows a schematic structural diagram of an electronic device according to an embodiment of the present application.
  • the electronic device may include: at least one processor 901, a communication line 902, a memory 903 and at least one communication interface 904.
  • the processor 901 can be a general central processing unit, a microprocessor, an application-specific integrated circuit, or one or more integrated circuits used to control the execution of the program of the present application; the processor 901 can also include multiple general-purpose processors.
  • the structural computing architecture for example, can be a combination of at least two of CPU, GPU, microprocessor, DSP, ASIC, and FPGA; as an example, the processor 901 can be CPU+GPU or CPU+ASIC or CPU+FPGA.
  • Communication line 902 may include a path that carries information between the above-mentioned components.
  • the communication interface 904 uses any device such as a transceiver to communicate with other devices or communication networks, such as Ethernet, RAN, wireless local area networks (WLAN), etc.
  • a transceiver to communicate with other devices or communication networks, such as Ethernet, RAN, wireless local area networks (WLAN), etc.
  • WLAN wireless local area networks
  • the memory 903 may be a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a random access memory (random access memory (RAM)) or other type that can store information and instructions.
  • a dynamic storage device can also be an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disk storage, optical disc storage (including compressed optical discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), disk storage media or other magnetic storage devices, or can be used to carry or store desired program code in the form of instructions or data structures and can be used by a computer Any other medium for access, but not limited to this.
  • EEPROM electrically erasable programmable read-only memory
  • CD-ROM compact disc read-only memory
  • CD-ROM compact disc read-only memory
  • optical disc storage including compressed optical discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.
  • the memory may exist independently and be connected to the processor through a communication line 902 . Memory can also be integrated with the processor.
  • the memory provided by the embodiment of the present application may generally be non-volatile.
  • the memory 903 is used to store computer execution instructions for executing the solution of the present application, and is controlled by the processor 901 for execution.
  • the processor 901 is used to execute computer execution instructions stored in the memory 903, thereby implementing the methods provided in the above embodiments of the application; for example, the method shown in the above-mentioned Figure 2, Figure 5, Figure 6 or Figure 7 can be executed. Each step.
  • the computer-executed instructions in the embodiments of the present application may also be called application codes, which are not specifically limited in the embodiments of the present application.
  • the processor 901 may include one or more CPUs, for example, CPU0 in Figure 9; the processor 901 may also include one CPU, and any one of GPU, ASIC, and FPGA, for example, CPU0+ in Figure 9 GPU0 or CPU 0+ASIC0 or CPU0+FPGA0.
  • the electronic device may include multiple processors, such as processor 901 and processor 907 in FIG. 9 .
  • processors can be a single-CPU processor, a multi-CPU processor, or a heterogeneous computing architecture including multiple general-purpose processors.
  • a processor here may refer to one or more devices, circuits, and/or processing cores for processing data (eg, computer program instructions).
  • the electronic device may also include an output device 905 and an input device 906.
  • the output device 905 communicates with the processor 901 and can display information in a variety of ways.
  • the output device 905 may be a liquid crystal display (LCD), a light emitting diode (LED)
  • the display device may be a cathode ray tube (CRT) display device, a projector, etc., for example, it may be a display device such as a vehicle-mounted HUD, AR-HUD, or monitor.
  • Input device 906 communicates with processor 901 and can receive user input in a variety of ways.
  • the input device 906 may be a mouse, a keyboard, a touch screen device, a sensing device, or the like.
  • Embodiments of the present application provide a computer-readable storage medium on which computer program instructions are stored.
  • the methods in the above embodiments are implemented. For example, each step of the method shown in FIG. 2, FIG. 5, FIG. 6 or FIG. 7 can be implemented.
  • Embodiments of the present application provide a computer program product, which may, for example, include computer readable code, or a non-volatile computer readable storage medium carrying computer readable code; when the computer program product is run on a computer When, the computer is caused to execute the method in the above embodiment. For example, each step of the method shown in FIG. 2, FIG. 5, FIG. 6 or FIG. 7 can be implemented.
  • Computer-readable storage media may be tangible devices that can retain and store instructions for use by an instruction execution device.
  • the computer-readable storage medium may be, for example, but not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the above. More specific examples (non-exhaustive list) of computer-readable storage media include: portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM) or Flash memory), Static Random Access Memory (SRAM), Compact Disk Read Only Memory (CD-ROM), Digital Versatile Disk (DVD), Memory Stick, Floppy Disk, Mechanical Coding Device, such as a printer with instructions stored on it.
  • RAM random access memory
  • ROM read-only memory
  • EPROM erasable programmable read-only memory
  • Flash memory Static Random Access Memory
  • CD-ROM Compact Disk Read Only Memory
  • DVD Digital Versatile Disk
  • Memory Stick
  • Computer-readable storage media are not to be construed as transient signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (e.g., light pulses through fiber optic cables), or through electrical wires. transmitted electrical signals.
  • Computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to various computing/processing devices, or to an external computer or external storage device over a network, such as the Internet, a local area network, a wide area network, and/or a wireless network.
  • the network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers, and/or edge servers.
  • a network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage on a computer-readable storage medium in the respective computing/processing device .
  • Computer program instructions for performing the operations of this application may be assembly instructions, instruction set architecture (ISA) instructions, machine instructions, machine-related instructions, microcode, firmware instructions, state setting data, or instructions in one or more programming languages.
  • the computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server implement.
  • the remote computer can be connected to the user's computer through any kind of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computer (such as an Internet service provider through the Internet). connect).
  • LAN local area network
  • WAN wide area network
  • an external computer such as an Internet service provider through the Internet. connect
  • an electronic circuit such as a programmable logic circuit, a field programmable gate array (FPGA), or a programmable logic array (PLA)
  • the electronic circuit can Computer readable program instructions are executed to implement various aspects of the application.
  • These computer-readable program instructions may be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing apparatus, thereby producing a machine that, when executed by the processor of the computer or other programmable data processing apparatus, , resulting in an apparatus that implements the functions/actions specified in one or more blocks in the flowchart and/or block diagram.
  • These computer-readable program instructions can also be stored in a computer-readable storage medium. These instructions cause the computer, programmable data processing device and/or other equipment to work in a specific manner. Therefore, the computer-readable medium storing the instructions includes An article of manufacture that includes instructions that implement aspects of the functions/acts specified in one or more blocks of the flowcharts and/or block diagrams.
  • Computer-readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other equipment, causing a series of operating steps to be performed on the computer, other programmable data processing apparatus, or other equipment to produce a computer-implemented process , thereby causing instructions executed on a computer, other programmable data processing apparatus, or other equipment to implement the functions/actions specified in one or more blocks in the flowcharts and/or block diagrams.
  • each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions that embody one or more elements for implementing the specified logical function(s).
  • Executable instructions may occur out of the order noted in the figures. For example, two consecutive blocks may actually execute substantially in parallel, or they may sometimes execute in the reverse order, depending on the functionality involved.
  • each block of the block diagram and/or flowchart illustration, and combinations of blocks in the block diagram and/or flowchart illustration can be implemented by special purpose hardware-based systems that perform the specified functions or acts. , or can be implemented using a combination of specialized hardware and computer instructions.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present application relates to a virus detection method and apparatus, an electronic device, and a storage medium. The method comprises: acquiring historical information of virus detection corresponding to a target file in a storage system; according to the historical information of virus detection corresponding to the target file, determining whether to carry out virus detection on the target file; if it is determined that virus detection is to be carried out on the target file, sending a request for carrying out virus detection on the target file to a target anti-virus system. In this way, whether virus detection is to be carried out on a target file is determined according to historical information of virus detection corresponding to the target file, and on the premise of ensuring data security, virus detection can be prevented from being repeatedly carried out on file content already subjected to virus detection, so that the network bandwidth overhead is saved, the virus detection time is saved, and the virus detection efficiency and the read-write performance of storage systems are improved.

Description

一种病毒检测方法、装置、电子设备及存储介质A virus detection method, device, electronic equipment and storage medium 技术领域Technical field
本申请涉及计算机安全领域,尤其涉及一种病毒检测方法、装置、电子设备及存储介质。The present application relates to the field of computer security, and in particular to a virus detection method, device, electronic equipment and storage medium.
背景技术Background technique
防病毒(Anti Virus,AV)技术是一种保护用户数据安全的技术,具有实时监控、防范病毒、扫描病毒或清除病毒等功能,维护用户计算机资源的安全。网络连接存储(Network Attached Storage,NAS)防病毒作为NAS存储系统中的一个增值特性,通常与防病毒软件协作保护NAS存储系统中文件的数据安全,从而有效防止NAS存储系统的文件被病毒感染篡改,保护整个NAS存储系统的可靠运行。Anti-Virus (AV) technology is a technology that protects user data security. It has functions such as real-time monitoring, virus prevention, virus scanning or virus removal, and maintains the security of user computer resources. Network Attached Storage (NAS) anti-virus is a value-added feature in NAS storage systems. It usually cooperates with anti-virus software to protect the data security of files in NAS storage systems, thereby effectively preventing files in NAS storage systems from being infected and tampered with by viruses. , protect the reliable operation of the entire NAS storage system.
然而,现有对NAS防病毒的方式会消耗大量的网络带宽,以及消耗大量的时间,效率较低。However, existing anti-virus methods for NAS consume a large amount of network bandwidth and time, and are inefficient.
发明内容Contents of the invention
有鉴于此,提出了一种病毒检测方法、装置、电子设备及存储介质。In view of this, a virus detection method, device, electronic equipment and storage medium are proposed.
第一方面,本申请的实施例提供了一种病毒检测方法,所述方法包括:获取存储系统中目标文件对应的病毒检测的历史信息;其中,所述病毒检测的历史信息包括:是否经历过病毒检测、病毒检测次数、病毒检测时间、执行病毒检测的防病毒系统的配置信息中的至少一项;根据所述目标文件对应的病毒检测的历史信息,确定是否对所述目标文件进行病毒检测;在确定对所述目标文件进行病毒检测的情况下,向目标防病毒系统发送对所述目标文件进行病毒检测的请求。In a first aspect, embodiments of the present application provide a virus detection method. The method includes: obtaining historical information of virus detection corresponding to the target file in the storage system; wherein the historical information of virus detection includes: whether it has been At least one of virus detection, virus detection times, virus detection time, and configuration information of an anti-virus system that performs virus detection; determining whether to perform virus detection on the target file based on the historical information of virus detection corresponding to the target file ; When it is determined that virus detection is to be performed on the target file, send a request to perform virus detection on the target file to the target anti-virus system.
基于上述技术方案,目标文件对应的病毒检测的历史信息可以表征目标文件的内容所经历的病毒检测的相关信息;根据目标文件对应的病毒检测的历史信息确定是否对目标文件进行病毒检测,可以在保证数据安全的前提下,避免对已经进行过病毒检测的文件内容重复进行病毒检测,从而节约了网络带宽开销,节省了病毒检测时间,提升了病毒检测效率;此外,在触发在线病毒检测任务时,用户可以及时打开目标文件,提高了存储系统的读写性能。Based on the above technical solution, the historical information of virus detection corresponding to the target file can characterize the virus detection related information that the content of the target file has experienced; determining whether to perform virus detection on the target file based on the historical information of virus detection corresponding to the target file can be performed in Under the premise of ensuring data security, it avoids repeated virus detection on file contents that have been virus tested, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, , the user can open the target file in time, which improves the read and write performance of the storage system.
根据第一方面,在所述第一方面的第一种可能的实现方式中,所述目标文件对应的病毒检测的历史信息包括所述目标文件元数据中的病毒检测的历史信息,和/或,索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;其中,所述索引库中包括至少一个文件指纹及所述至少一个文件指纹对应的病毒检测的历史信息,所述至少一个文件指纹与所述存储系统中的一个或多个文件相关联,所述至少一个文件指纹对应的病毒检测的历史信息包括与所述至少一个文件指纹相关联的各文件对应的病毒检测的历史信息中最新的历史信息。According to the first aspect, in a first possible implementation manner of the first aspect, the historical information of virus detection corresponding to the target file includes the historical information of virus detection in the metadata of the target file, and/or , the historical information of virus detection corresponding to the file fingerprint of the target file in the index library; wherein the index library includes at least one file fingerprint and the historical information of virus detection corresponding to the at least one file fingerprint, and the at least One file fingerprint is associated with one or more files in the storage system, and the history information of virus detection corresponding to the at least one file fingerprint includes the history of virus detection corresponding to each file associated with the at least one file fingerprint. The latest historical information in the message.
根据第一方面或第一方面的第一种可能的实现方式,在所述第一方面的第二种可能的实现方式中,所述目标文件对应的病毒检测的历史信息包括:所述目标文件元数据中的病毒检测的历史信息;所述获取目标文件对应的病毒检测的历史信息,包括:在所述目标文件元数据中,读取所述目标文件对应的病毒检测的历史信息。According to the first aspect or a first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the historical information of virus detection corresponding to the target file includes: the target file The historical information of virus detection in the metadata; the obtaining the historical information of virus detection corresponding to the target file includes: reading the historical information of virus detection corresponding to the target file in the target file metadata.
基于上述技术方案,在一个文件经过病毒检测且确认无病毒后,若该文件内容没有发生变化,则该文件内容仍旧是安全的,则可以不对该文件重复进行病毒检测;因此,读取目标文件元数据中的病毒检测的历史信息,快速获取目标文件对应的病毒检测的历史信息,进而根据目标文件元数据中的病毒检测的历史信息确定是否对目标文件进行病毒检测,可以在保 证数据安全的前提下,避免对已经经历过病毒检测的文件内容重复进行病毒检测,从而节约了网络带宽开销,节省了病毒检测时间,提升了病毒检测效率;此外,在触发在线病毒检测任务时,用户可以及时打开目标文件,提高了存储系统的读写性能。Based on the above technical solution, after a file has been virus tested and confirmed to be virus-free, if the file content has not changed, the file content is still safe, and the file does not need to be repeatedly tested for viruses; therefore, reading the target file The historical information of virus detection in the metadata can be used to quickly obtain the historical information of virus detection corresponding to the target file, and then determine whether to perform virus detection on the target file based on the historical information of virus detection in the metadata of the target file. On the premise of ensuring data security, it avoids repeated virus detection on file contents that have already undergone virus detection, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, , the user can open the target file in time, which improves the read and write performance of the storage system.
根据第一方面或第一方面的第一种可能的实现方式,在所述第一方面的第三种可能的实现方式中,所述目标文件对应的病毒检测的历史信息包括:索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;所述获取目标文件对应的病毒检测的历史信息,包括:确定所述目标文件的目标文件指纹;根据所述目标文件指纹,在所述索引库中选取所述目标文件指纹对应的病毒检测的历史信息。According to the first aspect or a first possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the historical information of virus detection corresponding to the target file includes: in the index database, The historical information of virus detection corresponding to the file fingerprint of the target file; the obtaining the historical information of virus detection corresponding to the target file includes: determining the target file fingerprint of the target file; according to the target file fingerprint, in the Select the historical information of virus detection corresponding to the fingerprint of the target file from the index database.
基于上述技术方案,目标文件指纹与存储系统中一个或多个文件相关联,即该一个或多个文件的内容完全相同,若通过病毒检测确认该一个或多个文件中的任一文件是安全的,则其他文件的内容也可以认为是安全的,则可以不对其他文件重复进行病毒检测;因此,在索引库中查询目标文件指纹对应的病毒检测的历史信息,根据目标文件指纹对应的病毒检测的历史信息确定是否对目标文件进行病毒检测,可以在保证数据安全的前提下,避免对已经经历过病毒检测的文件内容重复进行病毒检测,从而节约了网络带宽开销,节省了病毒检测时间,提升了病毒检测效率;此外,在触发在线病毒检测任务时,用户可以及时打开目标文件,提高了存储系统的读写性能。Based on the above technical solution, the target file fingerprint is associated with one or more files in the storage system, that is, the contents of the one or more files are exactly the same. If any of the one or more files is confirmed to be safe through virus detection , then the contents of other files can also be considered safe, and virus detection does not need to be repeated on other files; therefore, the historical information of virus detection corresponding to the fingerprint of the target file is queried in the index database, and the virus detection corresponding to the fingerprint of the target file is The historical information determines whether to perform virus detection on the target file, which can avoid repeated virus detection on the file content that has already experienced virus detection on the premise of ensuring data security, thereby saving network bandwidth overhead, saving virus detection time, and improving This improves virus detection efficiency; in addition, when an online virus detection task is triggered, users can open the target file in time, improving the read and write performance of the storage system.
根据第一方面的第二种可能的实现方式,在所述第一方面的第四种可能的实现方式中,所述目标文件对应的病毒检测的历史信息包括:所述目标文件元数据中的病毒检测的历史信息,和,所述索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;所述根据所述目标文件对应的病毒检测的历史信息,确定是否对所述目标文件进行病毒检测,包括:在所述目标文件元数据中的病毒检测的历史信息不满足第一预设条件的情况下,确定所述目标文件的目标文件指纹;根据所述目标文件指纹,在所述索引库中选取所述目标文件指纹对应的病毒检测的历史信息;在所述目标文件指纹对应的病毒检测的历史信息不满足第二预设条件的情况下,确定对所述目标文件进行病毒检测。According to a second possible implementation manner of the first aspect, in a fourth possible implementation manner of the first aspect, the historical information of virus detection corresponding to the target file includes: historical information of virus detection, and historical information of virus detection corresponding to the file fingerprint of the target file in the index database; and determining whether to detect the target based on the historical information of virus detection corresponding to the target file. Performing virus detection on the file includes: determining the target file fingerprint of the target file when the historical information of virus detection in the target file metadata does not meet the first preset condition; based on the target file fingerprint, The historical information of virus detection corresponding to the fingerprint of the target file is selected from the index library; when the historical information of virus detection corresponding to the fingerprint of the target file does not meet the second preset condition, it is determined that the target file is Virus detection.
基于上述技术方案,根据目标文件元数据中的病毒检测的历史信息和索引库中目标文件指纹对应的病毒检测的历史信息确定是否对目标文件进行病毒检测,可以在保证数据安全的前提下,避免对已经经历过病毒检测的文件内容重复进行病毒检测,从而节约了网络带宽开销,节省了病毒检测时间,提升了病毒检测效率;此外,在触发在线病毒检测任务时,用户可以及时打开目标文件,提高了存储系统的读写性能。Based on the above technical solution, determining whether to perform virus detection on the target file is based on the historical information of virus detection in the target file metadata and the historical information of virus detection corresponding to the fingerprint of the target file in the index database, which can avoid virus detection on the premise of ensuring data security. Repeated virus detection is performed on file contents that have already undergone virus detection, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, the user can open the target file in time, Improved the read and write performance of the storage system.
根据第一方面或第一方面上述各种可能的实现方式,在所述第一方面的第五种可能的实现方式中,所述方法还包括:获取所述目标防病毒系统反馈的对所述目标文件进行病毒检测的结果;根据所述病毒检测的结果,更新所述目标文件对应的病毒检测的历史信息。According to the first aspect or various possible implementations of the first aspect, in a fifth possible implementation of the first aspect, the method further includes: obtaining feedback from the target anti-virus system on the The result of virus detection on the target file; based on the result of virus detection, the historical information of virus detection corresponding to the target file is updated.
基于上述技术方案,根据病毒检测结果更新目标文件对应的病毒检测的历史信息,可以保证目标文件对应的病毒检测的历史信息为最新的病毒检测的历史信息,以便下一次触发病毒检测任务时,基于最新的病毒检测的历史信息确定是否对目标文件进行病毒检测。Based on the above technical solution, updating the historical information of virus detection corresponding to the target file according to the virus detection results can ensure that the historical information of virus detection corresponding to the target file is the latest historical information of virus detection, so that when the virus detection task is triggered next time, based on The latest virus detection history information determines whether to perform virus detection on the target file.
根据第一方面的第四种可能的实现方式,在所述第一方面的第六种可能的实现方式中,所述方法还包括:在所述目标文件指纹对应的病毒检测的历史信息满足第二预设条件的情况下,确定不对所述目标文件进行病毒检测,并更新所述目标文件元数据中的病毒检测的历史信息。According to a fourth possible implementation manner of the first aspect, in a sixth possible implementation manner of the first aspect, the method further includes: historical information of virus detection corresponding to the fingerprint of the target file satisfies the third In the case of two preset conditions, it is determined not to perform virus detection on the target file, and the historical information of virus detection in the metadata of the target file is updated.
基于上述技术方案,目标文件指纹对应的病毒检测的历史信息满足第二预设条件表明目标文件指纹对应的文件内容经历过病毒检测且没有病毒,即目标文件的内容经历过病毒检测 且没有病毒,则可以更新目标文件元数据中的病毒检测的历史信息,从而保证目标文件元数据中的病毒检测的历史信息为最新的病毒检测的历史信息,以便下一次触发病毒检测任务时通过目标文件元数据中的病毒检测的历史信息快速确定是否需要对目标文件进行病毒检测,或者是否需要获取目标文件指纹。Based on the above technical solution, if the historical information of virus detection corresponding to the fingerprint of the target file satisfies the second preset condition, it indicates that the file content corresponding to the fingerprint of the target file has experienced virus detection and there is no virus, that is, the content of the target file has experienced virus detection. and there is no virus, you can update the historical information of virus detection in the target file metadata, thereby ensuring that the historical information of virus detection in the target file metadata is the latest historical information of virus detection, so that it can pass the next time the virus detection task is triggered. The historical virus detection information in the target file metadata quickly determines whether the target file needs to be virus detected, or whether the target file fingerprint needs to be obtained.
第二方面,本申请的实施例提供了一种病毒检测装置,所述装置包括:获取模块,用于获取存储系统中目标文件对应的病毒检测的历史信息;其中,所述病毒检测的历史信息包括:是否经历过病毒检测、病毒检测次数、病毒检测时间、执行病毒检测的防病毒系统的配置信息中的至少一项;确定模块,用于根据所述目标文件对应的病毒检测的历史信息,确定是否对所述目标文件进行病毒检测;请求模块,用于在确定对所述目标文件进行病毒检测的情况下,向目标防病毒系统发送对所述目标文件进行病毒检测的请求。In a second aspect, embodiments of the present application provide a virus detection device. The device includes: an acquisition module for acquiring historical information of virus detection corresponding to the target file in the storage system; wherein the historical information of virus detection It includes: at least one of: whether it has experienced virus detection, the number of virus detections, the virus detection time, and the configuration information of the anti-virus system that performs virus detection; a determination module for based on the historical information of virus detection corresponding to the target file, Determine whether to perform virus detection on the target file; a request module, configured to send a request to perform virus detection on the target file to the target anti-virus system when it is determined to perform virus detection on the target file.
基于上述技术方案,目标文件对应的病毒检测的历史信息可以表征目标文件的内容所经历的病毒检测的相关信息;根据目标文件对应的病毒检测的历史信息确定是否对目标文件进行病毒检测,可以在保证数据安全的前提下,避免对已经进行过病毒检测的文件内容重复进行病毒检测,从而节约了网络带宽开销,节省了病毒检测时间,提升了病毒检测效率;此外,在触发在线病毒检测任务时,用户可以及时打开目标文件,提高了存储系统的读写性能。Based on the above technical solution, the historical information of virus detection corresponding to the target file can characterize the virus detection related information that the content of the target file has experienced; determining whether to perform virus detection on the target file based on the historical information of virus detection corresponding to the target file can be performed in Under the premise of ensuring data security, it avoids repeated virus detection on file contents that have been virus tested, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, , the user can open the target file in time, which improves the read and write performance of the storage system.
根据第二方面,在所述第二方面的第一种可能的实现方式中,所述目标文件对应的病毒检测的历史信息包括所述目标文件元数据中的病毒检测的历史信息,和/或,索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;其中,所述索引库中包括至少一个文件指纹及所述至少一个文件指纹对应的病毒检测的历史信息,所述至少一个文件指纹与所述存储系统中的一个或多个文件相关联,所述至少一个文件指纹对应的病毒检测的历史信息包括与所述至少一个文件指纹相关联的各文件对应的病毒检测的历史信息中最新的历史信息。According to the second aspect, in a first possible implementation manner of the second aspect, the historical information of virus detection corresponding to the target file includes the historical information of virus detection in the metadata of the target file, and/or , the historical information of virus detection corresponding to the file fingerprint of the target file in the index library; wherein the index library includes at least one file fingerprint and the historical information of virus detection corresponding to the at least one file fingerprint, and the at least One file fingerprint is associated with one or more files in the storage system, and the history information of virus detection corresponding to the at least one file fingerprint includes the history of virus detection corresponding to each file associated with the at least one file fingerprint. The latest historical information in the message.
根据第二方面或第二方面的第一种可能的实现方式,在所述第二方面的第二种可能的实现方式中,所述目标文件对应的病毒检测的历史信息包括:所述目标文件元数据中的病毒检测的历史信息;所述获取模块,还用于在所述目标文件元数据中,读取所述目标文件对应的病毒检测的历史信息。According to the second aspect or the first possible implementation manner of the second aspect, in the second possible implementation manner of the second aspect, the historical information of virus detection corresponding to the target file includes: the target file The historical information of virus detection in the metadata; the acquisition module is also used to read the historical information of virus detection corresponding to the target file in the target file metadata.
基于上述技术方案,在一个文件经过病毒检测且确认无病毒后,若该文件内容没有发生变化,则该文件内容仍旧是安全的,则可以不对该文件重复进行病毒检测;因此,读取目标文件元数据中的病毒检测的历史信息,快速获取目标文件对应的病毒检测的历史信息,根据目标文件元数据中的病毒检测的历史信息确定是否对目标文件进行病毒检测,可以在保证数据安全的前提下,避免对已经经历过病毒检测的文件内容重复进行病毒检测,从而节约了网络带宽开销,节省了病毒检测时间,提升了病毒检测效率;此外,在触发在线病毒检测任务时,用户可以及时打开目标文件,提高了存储系统的读写性能。Based on the above technical solution, after a file has been virus tested and confirmed to be virus-free, if the file content has not changed, the file content is still safe, and the file does not need to be repeatedly tested for viruses; therefore, reading the target file The historical information of virus detection in the metadata can quickly obtain the historical information of virus detection corresponding to the target file. Based on the historical information of virus detection in the metadata of the target file, determine whether to perform virus detection on the target file, which can ensure data security. This avoids repeated virus detection on file content that has already undergone virus detection, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, the user can open it in time Target files improve the read and write performance of the storage system.
根据第二方面或第二方面的第一种可能的实现方式,在所述第二方面的第三种可能的实现方式中,所述目标文件对应的病毒检测的历史信息包括:索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;所述获取模块,还用于:确定所述目标文件的目标文件指纹;根据所述目标文件指纹,在所述索引库中选取所述目标文件指纹对应的病毒检测的历史信息。According to the second aspect or the first possible implementation manner of the second aspect, in the third possible implementation manner of the second aspect, the historical information of virus detection corresponding to the target file includes: in the index database, The historical information of virus detection corresponding to the file fingerprint of the target file; the acquisition module is also used to: determine the target file fingerprint of the target file; select the target file in the index database according to the target file fingerprint. Historical information of virus detection corresponding to the target file fingerprint.
基于上述技术方案,目标文件指纹与存储系统中一个或多个文件相关联,即该一个或多个文件的内容完全相同,若通过病毒检测确认该一个或多个文件中的任一文件是安全的,则其他文件的内容也可以认为是安全的,则可以不对其他文件重复进行病毒检测;因此,在索引库中查询目标文件指纹对应的病毒检测的历史信息,根据目标文件指纹对应的病毒检测的 历史信息确定是否对目标文件进行病毒检测,可以在保证数据安全的前提下,避免对已经经历过病毒检测的文件内容重复进行病毒检测,从而节约了网络带宽开销,节省了病毒检测时间,提升了病毒检测效率;此外,在触发在线病毒检测任务时,用户可以及时打开目标文件,提高了存储系统的读写性能。Based on the above technical solution, the target file fingerprint is associated with one or more files in the storage system, that is, the contents of the one or more files are exactly the same. If any of the one or more files is confirmed to be safe through virus detection , then the contents of other files can also be considered safe, and virus detection does not need to be repeated on other files; therefore, the historical information of virus detection corresponding to the fingerprint of the target file is queried in the index database, and the virus detection corresponding to the fingerprint of the target file is of Historical information determines whether to perform virus detection on the target file, which can avoid repeated virus detection on file contents that have already undergone virus detection while ensuring data security, thereby saving network bandwidth overhead, saving virus detection time, and improving efficiency. Virus detection efficiency; in addition, when an online virus detection task is triggered, users can open the target file in time, improving the storage system's read and write performance.
根据第二方面的第二种可能的实现方式,在所述第二方面的第四种可能的实现方式中,所述目标文件对应的病毒检测的历史信息包括:所述目标文件元数据中的病毒检测的历史信息,和,所述索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;所述确定模块,还用于:在所述目标文件元数据中的病毒检测的历史信息不满足第一预设条件的情况下,确定所述目标文件的目标文件指纹;根据所述目标文件指纹,在所述索引库中选取所述目标文件指纹对应的病毒检测的历史信息;在所述目标文件指纹对应的病毒检测的历史信息不满足第二预设条件的情况下,确定对所述目标文件进行病毒检测。According to a second possible implementation manner of the second aspect, in a fourth possible implementation manner of the second aspect, the historical information of virus detection corresponding to the target file includes: Historical information of virus detection, and historical information of virus detection corresponding to the file fingerprint of the target file in the index database; the determination module is also used for: virus detection in the metadata of the target file If the historical information does not meet the first preset condition, determine the target file fingerprint of the target file; select the historical information of virus detection corresponding to the target file fingerprint in the index database according to the target file fingerprint; When the historical information of virus detection corresponding to the fingerprint of the target file does not meet the second preset condition, it is determined to perform virus detection on the target file.
基于上述技术方案,根据目标文件元数据中的病毒检测的历史信息和索引库中目标文件指纹对应的病毒检测的历史信息确定是否对目标文件进行病毒检测,可以在保证数据安全的前提下,避免对已经经历过病毒检测的文件内容重复进行病毒检测,从而节约了网络带宽开销,节省了病毒检测时间,提升了病毒检测效率;此外,在触发在线病毒检测任务时,用户可以及时打开目标文件,提高了存储系统的读写性能。Based on the above technical solution, determining whether to perform virus detection on the target file is based on the historical information of virus detection in the target file metadata and the historical information of virus detection corresponding to the fingerprint of the target file in the index database, which can avoid virus detection on the premise of ensuring data security. Repeated virus detection is performed on file contents that have already undergone virus detection, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, the user can open the target file in time, Improved the read and write performance of the storage system.
根据第二方面或第二方面上述各种可能的实现方式,在所述第二方面的第五种可能的实现方式中,所述装置还包括:结果反馈模块,用于获取所述目标防病毒系统反馈的对所述目标文件进行病毒检测的结果;更新模块,用于根据所述病毒检测的结果,更新所述目标文件对应的病毒检测的历史信息。According to the second aspect or the above-mentioned various possible implementations of the second aspect, in the fifth possible implementation of the second aspect, the device further includes: a result feedback module for obtaining the target anti-virus The system feeds back the result of virus detection on the target file; an update module is used to update the historical information of virus detection corresponding to the target file according to the result of virus detection.
基于上述技术方案,根据病毒检测结果更新目标文件对应的病毒检测的历史信息,可以保证目标文件对应的病毒检测的历史信息为最新的病毒检测的历史信息,以便下一次触发病毒检测任务时,基于最新的病毒检测的历史信息确定是否对目标文件进行病毒检测。Based on the above technical solution, updating the historical information of virus detection corresponding to the target file according to the virus detection results can ensure that the historical information of virus detection corresponding to the target file is the latest historical information of virus detection, so that when the virus detection task is triggered next time, based on The latest virus detection history information determines whether to perform virus detection on the target file.
根据第二方面的第四种可能的实现方式,在所述第二方面的第六种可能的实现方式中,所述装置还包括:元数据更新模块,在所述目标文件指纹对应的病毒检测的历史信息满足第二预设条件的情况下,确定不对所述目标文件进行病毒检测,并更新所述目标文件元数据中的病毒检测的历史信息。According to the fourth possible implementation manner of the second aspect, in the sixth possible implementation manner of the second aspect, the device further includes: a metadata update module, which detects viruses corresponding to the fingerprint of the target file. If the historical information satisfies the second preset condition, it is determined not to perform virus detection on the target file, and the historical information on virus detection in the metadata of the target file is updated.
基于上述技术方案,目标文件指纹对应的病毒检测的历史信息满足第二预设条件表明目标文件指纹对应的文件内容经历过病毒检测且没有病毒,即目标文件的内容经历过病毒检测且没有病毒,则可以更新目标文件元数据中的病毒检测的历史信息,从而保证目标文件元数据中的病毒检测的历史信息为最新的病毒检测的历史信息,以便下一次触发病毒检测任务时通过目标文件元数据中的病毒检测的历史信息快速确定是否需要对目标文件进行病毒检测,或者是否需要获取目标文件指纹。Based on the above technical solution, if the historical information of virus detection corresponding to the fingerprint of the target file satisfies the second preset condition, it indicates that the file content corresponding to the fingerprint of the target file has experienced virus detection and does not have viruses, that is, the content of the target file has experienced virus detection and has no viruses. Then the historical information of virus detection in the target file metadata can be updated, thereby ensuring that the historical information of virus detection in the target file metadata is the latest historical information of virus detection, so that the target file metadata can be used when the virus detection task is triggered next time. The historical information of virus detection in the file can quickly determine whether the target file needs to be virus detected, or whether the target file fingerprint needs to be obtained.
第三方面,本申请的实施例提供了一种电子设备,包括:处理器;用于存储处理器可执行指令的存储器;其中,所述处理器被配置为执行所述指令时实现第一方面或第一方面的一种或几种的病毒检测方法。In a third aspect, embodiments of the present application provide an electronic device, including: a processor; a memory for storing instructions executable by the processor; wherein the processor is configured to implement the first aspect when executing the instructions. Or one or more virus detection methods of the first aspect.
第四方面,本申请的实施例提供了一种计算机可读存储介质,其上存储有计算机程序指令,所述计算机程序指令被处理器执行时实现第一方面或第一方面的一种或几种的病毒检测方法。In a fourth aspect, embodiments of the present application provide a computer-readable storage medium on which computer program instructions are stored. When the computer program instructions are executed by a processor, the first aspect or one or more aspects of the first aspect are implemented. virus detection methods.
第五方面,本申请的实施例提供了一种计算机程序产品,当所述计算机程序产品在计算机上运行时,使得所述计算机执行上述第一方面或第一方面的一种或几种的病毒检测方法。 In a fifth aspect, embodiments of the present application provide a computer program product that, when the computer program product is run on a computer, causes the computer to execute the above-mentioned first aspect or one or more viruses of the first aspect. Detection method.
上述第三方面至第五方面的技术效果,可参见上述第一方面或第二方面。For the technical effects of the above-mentioned third to fifth aspects, please refer to the above-mentioned first or second aspect.
根据下面参考附图对示例性实施例的详细说明,本申请的其它特征及方面将变得清楚。Other features and aspects of the present application will become apparent from the following detailed description of exemplary embodiments with reference to the accompanying drawings.
附图说明Description of drawings
包含在说明书中并且构成说明书的一部分的附图与说明书一起示出了本申请的示例性实施例、特征和方面,并且用于解释本申请的原理。The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate exemplary embodiments, features, and aspects of the application and together with the description, serve to explain the principles of the application.
图1示出了根据本申请一实施例的病毒检测方法的一种适用场景的示意图。Figure 1 shows a schematic diagram of an applicable scenario of a virus detection method according to an embodiment of the present application.
图2示出根据本申请一实施例的一种病毒检测方法的流程图。Figure 2 shows a flow chart of a virus detection method according to an embodiment of the present application.
图3示出根据本申请一实施例的一种索引库的示意图。Figure 3 shows a schematic diagram of an index library according to an embodiment of the present application.
图4示出根据本申请一实施例的文件指纹1对应的病毒检测的历史信息的示意图。Figure 4 shows a schematic diagram of historical information of virus detection corresponding to file fingerprint 1 according to an embodiment of the present application.
图5示出根据本申请一实施例的一种病毒检测方法的流程图。Figure 5 shows a flow chart of a virus detection method according to an embodiment of the present application.
图6示出根据本申请一实施例的一种病毒检测方法的流程图。Figure 6 shows a flow chart of a virus detection method according to an embodiment of the present application.
图7示出根据本申请一实施例的一种病毒检测方法的流程图。Figure 7 shows a flow chart of a virus detection method according to an embodiment of the present application.
图8示出根据本申请一实施例的一种病毒检测装置的结构示意图。Figure 8 shows a schematic structural diagram of a virus detection device according to an embodiment of the present application.
图9示出根据本申请一实施例的一种电子设备的结构示意图。Figure 9 shows a schematic structural diagram of an electronic device according to an embodiment of the present application.
具体实施方式Detailed ways
以下将参考附图详细说明本申请的各种示例性实施例、特征和方面。附图中相同的附图标记表示功能相同或相似的元件。尽管在附图中示出了实施例的各种方面,但是除非特别指出,不必按比例绘制附图。Various exemplary embodiments, features, and aspects of the present application will be described in detail below with reference to the accompanying drawings. The same reference numbers in the drawings identify functionally identical or similar elements. Although various aspects of the embodiments are illustrated in the drawings, the drawings are not necessarily drawn to scale unless otherwise indicated.
在本说明书中描述的参考“一个实施例”或“一些实施例”等意味着在本申请的一个或多个实施例中包括结合该实施例描述的特定特征、结构或特点。由此,在本说明书中的不同之处出现的语句“在一个实施例中”、“在一些实施例中”、“在其他一些实施例中”、“在另外一些实施例中”等不是必然都参考相同的实施例,而是意味着“一个或多个但不是所有的实施例”,除非是以其他方式另外特别强调。术语“包括”、“包含”、“具有”及它们的变形都意味着“包括但不限于”,除非是以其他方式另外特别强调。在这里专用的词“示例性”意为“用作例子、实施例或说明性”。这里作为“示例性”所说明的任何实施例不必解释为优于或好于其它实施例。另外,为了更好的说明本申请,在下文的具体实施方式中给出了众多的具体细节。本领域技术人员应当理解,没有某些具体细节,本申请同样可以实施。Reference in this specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure or characteristic described in connection with the embodiment is included in one or more embodiments of the application. Therefore, the phrases "in one embodiment", "in some embodiments", "in other embodiments", "in other embodiments", etc. appearing in different places in this specification are not necessarily References are made to the same embodiment, but rather to "one or more but not all embodiments" unless specifically stated otherwise. The terms “including,” “includes,” “having,” and variations thereof all mean “including but not limited to,” unless otherwise specifically emphasized. The word "exemplary" as used herein means "serving as an example, example, or illustrative." Any embodiment described herein as "exemplary" is not necessarily to be construed as superior or superior to other embodiments. In addition, in order to better explain the present application, numerous specific details are given in the following detailed description. It will be understood by those skilled in the art that the present application may be practiced without certain specific details.
本申请中,“至少一个”是指一个或者多个,“多个”是指两个或两个以上。“和/或”,描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:包括单独存在A,同时存在A和B,以及单独存在B的情况,其中A,B可以是单数或者复数。字符“/”一般表示前后关联对象是一种“或”的关系。“以下至少一项(个)”或其类似表达,是指的这些项中的任意组合,包括单项(个)或复数项(个)的任意组合。例如,a,b,或c中的至少一项(个),可以表示:a,b,c,a-b,a-c,b-c,或a-b-c,其中a,b,c可以是单个,也可以是多个。In this application, "at least one" refers to one or more, and "plurality" refers to two or more. "And/or" describes the association of associated objects, indicating that there can be three relationships, for example, A and/or B, which can mean: including the existence of A alone, the existence of A and B at the same time, and the existence of B alone, where A and B can be singular or plural. The character "/" generally indicates that the related objects are in an "or" relationship. "At least one of the following" or similar expressions thereof refers to any combination of these items, including any combination of a single item (items) or a plurality of items (items). For example, at least one of a, b, or c can mean: a, b, c, a-b, a-c, b-c, or a-b-c, where a, b, c can be single or multiple .
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本申请的范 围。Those of ordinary skill in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented with electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software depends on the specific application and design constraints of the technical solution. Skilled artisans may use different methods to implement the described functions for each specific application, but such implementations should not be considered to be beyond the scope of this application. around.
下面首先对本申请实施例所适应的应用场景进行举例说明。The application scenarios to which the embodiments of this application are adapted are firstly illustrated below with examples.
图1示出了根据本申请一实施例的病毒检测方法的一种适用场景的示意图。如图1所示,该场景中可以包括存储系统10、防病毒系统20;其中,存储系统10可以与防病毒系统20通过有线或无线网络连接。Figure 1 shows a schematic diagram of an applicable scenario of a virus detection method according to an embodiment of the present application. As shown in Figure 1, this scenario may include a storage system 10 and an anti-virus system 20; the storage system 10 and the anti-virus system 20 may be connected through a wired or wireless network.
其中,存储系统10中可以包括防病毒单元,用于向防病毒系统20发送病毒检测请求,触发病毒检测;其中,病毒检测请求中可以包括目标文件的存储路径或者目标文件的内容。示例性地,存储系统10可以为NAS存储系统;NAS存储系统中可以包括1-n个文件系统(File System,FS),用于存储和组织数据,以便根据文件路径信息确定对应的文件。在一些示例中,管理员可以预先通过图形管理界面或命令行视图(command-line interface,CLI)配置存储系统10中的防病毒功能;在需要对存储系统10中的文件进行病毒检测时,防病毒单元可以向防病毒系统20发送病毒检测请求。The storage system 10 may include an anti-virus unit for sending a virus detection request to the anti-virus system 20 to trigger virus detection; the virus detection request may include the storage path of the target file or the content of the target file. For example, the storage system 10 may be a NAS storage system; the NAS storage system may include 1-n file systems (File Systems, FS) for storing and organizing data to determine corresponding files based on file path information. In some examples, the administrator can configure the anti-virus function in the storage system 10 in advance through a graphical management interface or a command-line interface (CLI); when it is necessary to perform virus detection on files in the storage system 10, the anti-virus function The virus unit may send a virus detection request to the anti-virus system 20 .
其中,防病毒系统20用于对文件进行病毒检测以及杀毒处理。防病毒系统20可以外置于存储系统10,也可以部署在存储系统10内部,对此不作限定。在一些示例中,防病毒系统20可以配置有防病毒服务器(AV Server),也可以称为防病毒引擎(AV Engine),可以通过安装的防病毒软件执行病毒检测;如果存储系统10发送的是目标文件的路径,则由防病毒服务器通过文件访问协议,例如,网络文件系统(Network File System,NFS)协议、SMB协议、通用Internet文件系统(Common Internet File System,CIFS)协议、互联网内容适配协议(Internet Content Adaptation Protocol,ICAP)等,根据目标文件的路径从存储系统10中获取目标文件的内容,从而进行病毒检测;如果存储系统10发送的是目标文件的内容,则由防病毒服务器直接对目标文件的内容进行病毒检测,从而判断是否有病毒。在另一些示例中,防病毒系统20还可以配置有防病毒代理(Av Agent),从而为防病毒服务器获取存储系统10所发送的信息提供代理服务。Among them, the anti-virus system 20 is used to perform virus detection and anti-virus processing on files. The anti-virus system 20 can be external to the storage system 10 or deployed inside the storage system 10, which is not limited. In some examples, the anti-virus system 20 can be configured with an anti-virus server (AV Server), which can also be called an anti-virus engine (AV Engine), which can perform virus detection through installed anti-virus software; if the storage system 10 sends The path of the target file is determined by the anti-virus server through file access protocols, such as Network File System (NFS) protocol, SMB protocol, Common Internet File System (CIFS) protocol, and Internet content adaptation. Protocol (Internet Content Adaptation Protocol, ICAP), etc., obtain the content of the target file from the storage system 10 according to the path of the target file, so as to perform virus detection; if the storage system 10 sends the content of the target file, the anti-virus server directly Conduct virus detection on the contents of the target file to determine whether there is a virus. In other examples, the anti-virus system 20 may also be configured with an anti-virus agent (Av Agent) to provide agent services for the anti-virus server to obtain information sent by the storage system 10 .
示例性地,该场景中还可以包括客户端30,例如,可以为服务器信息块(Server Message Block,SMB)客户机(client);用户可以通过客户端30向存储系统10发送操作访问请求,从而对存储系统10中的文件进行打开、写入、保存、关系或读取等操作。For example, this scenario may also include a client 30, which may be a Server Message Block (SMB) client (client); the user may send an operation access request to the storage system 10 through the client 30, thereby Perform operations such as opening, writing, saving, relation or reading on files in the storage system 10 .
相关技术中,在用户对存储系统10中的目标文件进行操作访问时,触发对该目标文件进行在线病毒检测任务,也称实时扫描(On-Access Scanning);或者管理员可以配置定期(例如,在凌晨等空闲时间段)对存储系统10中文件进行全局或局部防病毒扫描,触发存储系统10主动对目标文件进行后台病毒检测任务。在触发对目标文件进行在线病毒检测任务或触发存储系统10主动对目标文件进行后台病毒检测任务,存储系统10都要向防病毒系统20发送对目标文件进行病毒检测的请求,防病毒系统20接收到病毒检测请求后,获取目标文件的内容(直接接收存储系统10发送的目标文件的内容,或者,根据存储系统10发送的目标文件的路径获取目标文件的内容),并对所获取的目标文件的内容进行病毒检测。由于存储系统中通常存储有海量文件,在触发病毒检测任务时,存储系统10中的目标文件的内容均需要传输到防病毒系统20,从而消耗大量的网络输入输出(input output,IO)传输带宽及时间,效率较低。此外,触发在线病毒检测任务时,在防病毒系统20完成对目标文件的病毒检测前,用户是无法对目标文件打开访问的,从而对存储系统10的读写性能造成很大的影响。In related technologies, when a user accesses a target file in the storage system 10, an online virus detection task for the target file is triggered, also known as real-time scanning (On-Access Scanning); or the administrator can configure a periodic (for example, Perform global or local anti-virus scanning on the files in the storage system 10 during idle periods such as early morning, triggering the storage system 10 to actively perform background virus detection tasks on the target files. Before triggering an online virus detection task on the target file or triggering the storage system 10 to actively perform a background virus detection task on the target file, the storage system 10 will send a request for virus detection on the target file to the anti-virus system 20 , and the anti-virus system 20 will receive it. After receiving the virus detection request, obtain the content of the target file (directly receive the content of the target file sent by the storage system 10, or obtain the content of the target file according to the path of the target file sent by the storage system 10), and perform the obtained target file The content is tested for viruses. Since a large number of files are usually stored in the storage system, when a virus detection task is triggered, the contents of the target files in the storage system 10 need to be transmitted to the anti-virus system 20 , thus consuming a large amount of network input output (IO) transmission bandwidth. and time, and the efficiency is low. In addition, when an online virus detection task is triggered, the user cannot open and access the target file until the anti-virus system 20 completes the virus detection on the target file, which will have a great impact on the read and write performance of the storage system 10 .
考虑到在存储系统10存储的海量的文件中有大量的重复文件,例如,数据拷贝、快照、克隆、复制等灾备特性拷贝的文件,这些重复文件的内容完全相同,若通过病毒检测确认重复文件中的一个文件是安全的,重复文件中其他文件的内容也可以认为是安全的,则可以不 对重复文件中其他文件重复进行病毒检测;此外,在一个文件经过病毒检测确认无病毒后,若该文件内容没有发生变化,则该文件内容仍旧是安全的,则可以不对该文件重复进行病毒检测;基于此,本申请实施例提供了一种病毒检测方法(详细描述参见下文),可以在保证数据安全的前提下,跳过已经进行过病毒检测的文件内容,避免将重复的文件内容发送给防病毒系统进行病毒检测,从而节约了网络带宽开销,节省了病毒检测的时间,提高了病毒检测的效率;此外,在触发在线病毒检测任务时,用户可以及时打开目标文件,提高了存储系统10的读写性能。Considering that there are a large number of duplicate files among the massive files stored in the storage system 10, for example, files copied by disaster recovery features such as data copy, snapshot, clone, replication, etc., the contents of these duplicate files are exactly the same. If the duplicate files are confirmed through virus detection, A file within a file is considered safe, and the contents of another file within a duplicate file can also be considered safe. Repeat virus detection for other files in the duplicate files; in addition, after a file is confirmed to be virus-free through virus detection, if the content of the file has not changed, then the file content is still safe, and the file does not need to be repeatedly tested for viruses. Based on this, embodiments of the present application provide a virus detection method (see below for detailed description), which can skip file contents that have been virus tested and avoid sending duplicate file contents to The anti-virus system performs virus detection, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, the user can open the target file in time, improving the storage system 10 reading and writing performance.
需要说明的是,本申请实施例描述的上述应用场景是为了更加清楚的说明本申请实施例的技术方案,并不构成对于本申请实施例提供的技术方案的限定,本领域普通技术人员可知,针对其他相似的或新的场景的出现,本申请实施例提供的技术方案对于类似的技术问题,同样适用。例如,本申请所述病毒检测方法对于其他存储系统,如基于对象的存储系统、分布式文件系统(Distributed File System,HDFS)、大数据存储系统等存储系统,同样适用。It should be noted that the above application scenarios described in the embodiments of the present application are for the purpose of more clearly explaining the technical solutions of the embodiments of the present application, and do not constitute a limitation on the technical solutions provided by the embodiments of the present application. Those of ordinary skill in the art will know that In view of the emergence of other similar or new scenarios, the technical solutions provided by the embodiments of this application are also applicable to similar technical problems. For example, the virus detection method described in this application is also applicable to other storage systems, such as object-based storage systems, distributed file systems (Distributed File System, HDFS), big data storage systems and other storage systems.
下面以上述图1所示的场景为例,对本申请实施例提供的病毒检测方法进行详细说明。Taking the scenario shown in Figure 1 above as an example, the virus detection method provided by the embodiment of the present application will be described in detail below.
图2示出根据本申请一实施例的一种病毒检测方法的流程图。示例性地,该方法可以由上述图1中防病毒单元执行。如图2所示,该方法可以包括以下步骤:Figure 2 shows a flow chart of a virus detection method according to an embodiment of the present application. Illustratively, this method can be executed by the anti-virus unit in Figure 1 above. As shown in Figure 2, the method may include the following steps:
S201、获取存储系统中目标文件对应的病毒检测的历史信息。S201. Obtain historical virus detection information corresponding to the target file in the storage system.
示例性地,可以在触发病毒检测任务时,获取存储系统中目标文件对应的病毒检测的历史信息;例如,可以在用户对存储系统中的目标文件进行操作访问时,触发对目标文件进行在线病毒检测任务,防病毒单元获取目标文件对应的病毒检测的历史信息;再例如,可以在触发存储系统主动对目标文件进行后台病毒检测任务时,防病毒单元获取目标文件对应的病毒检测的历史信息。作为一个示例,存储系统可以为上述图1所示的存储系统10。For example, when a virus detection task is triggered, the historical information of virus detection corresponding to the target file in the storage system can be obtained; for example, when the user operates and accesses the target file in the storage system, online virus detection on the target file can be triggered. During the detection task, the anti-virus unit obtains the historical information of virus detection corresponding to the target file; for another example, when the storage system is triggered to actively perform a background virus detection task on the target file, the anti-virus unit obtains the historical information of virus detection corresponding to the target file. As an example, the storage system may be the storage system 10 shown in FIG. 1 above.
目标文件对应的病毒检测的历史信息可以表征目标文件的内容所经历的病毒检测的相关信息;其中,病毒检测的历史信息可以包括:是否经历过病毒检测、病毒检测次数、病毒检测时间、执行病毒检测的防病毒系统的配置信息中的至少一项。The historical information of virus detection corresponding to the target file can represent the information related to virus detection that the content of the target file has experienced; among which, the historical information of virus detection can include: whether it has experienced virus detection, the number of virus detections, the time of virus detection, and the execution of viruses At least one item of configuration information of the detected antivirus system.
其中,是否经历过病毒检测表示一个文件的内容是否经历过病毒检测;例如,经历过病毒检测表示一个文件的内容在当前时刻之前经历过病毒检测且确定没有病毒,未经历过病毒检测表示一个文件的内容在当前时刻之前未经历过病毒检测。病毒检测次数表示一个文件的内容经历病毒检测的次数。病毒检测时间表示一个文件的内容经历病毒检测的时间,例如,可以为最新病毒检测时间,即该文件的内容最新一次经历病毒检测的时间。执行病毒检测的防病毒系统的配置信息表示一个文件的内容经历病毒检测时执行病毒检测的防病毒系统的配置信息,例如,可以为执行最新一次病毒检测的防病毒系统的配置信息;示例性地,执行病毒检测的防病毒系统可以包括杀毒软件,防病毒系统的配置信息可以是该杀毒软件的版本号。Among them, whether the content of a file has experienced virus detection indicates whether the content of a file has experienced virus detection; for example, whether the content of a file has experienced virus detection indicates that the content of a file has experienced virus detection before the current moment and is determined to be free of viruses, and has not experienced virus detection indicates that a file has not experienced virus detection. 's content has not been tested for viruses before the current moment. The number of virus detections indicates the number of times the contents of a file have been tested for viruses. The virus detection time represents the time when the content of a file has undergone virus detection. For example, it can be the latest virus detection time, that is, the time when the content of the file has undergone virus detection for the latest time. The configuration information of the anti-virus system that performs virus detection represents the configuration information of the anti-virus system that performs virus detection when the content of a file undergoes virus detection. For example, it can be the configuration information of the anti-virus system that performs the latest virus detection; illustratively , the anti-virus system that performs virus detection may include anti-virus software, and the configuration information of the anti-virus system may be the version number of the anti-virus software.
示例性地,当一个文件的内容发生变化时,如在一个文件中写入新的内容或删除部分内容,或者,一个文件的内容经过病毒检测确定存在病毒时,可以将该文件对应的病毒检测的历史信息更新为默认值;作为一个示例,默认值可以包括未经历过病毒检测、病毒检测次数为0、病毒检测时间为空、或执行病毒检测的防病毒系统的配置信息为空中的一项或多项。For example, when the content of a file changes, such as writing new content or deleting part of the content in a file, or when a virus is detected in the content of a file, the virus corresponding to the file can be detected. The historical information is updated to the default value; as an example, the default value can include an item that has not experienced virus detection, the number of virus detections is 0, the virus detection time is empty, or the configuration information of the anti-virus system that performs virus detection is empty or multiple items.
在一种可能的实现方式中,目标文件对应的病毒检测的历史信息包括目标文件元数据中的病毒检测的历史信息。即目标文件元数据中可以记载有目标文件的内容是否经历过病毒检测、目标文件的内容经历病毒检测的次数、目标文件的内容经历病毒检测的时间、目标文件的内容经历病毒检测时执行病毒检测的防病毒系统的配置信息中的至少一项。示例性地,防病毒单元可以在目标文件的元数据中读取目标文件对应的病毒检测的历史信息。 In a possible implementation manner, the historical information of virus detection corresponding to the target file includes the historical information of virus detection in the metadata of the target file. That is, the target file metadata can record whether the content of the target file has experienced virus detection, the number of times the content of the target file has experienced virus detection, the time when the content of the target file has experienced virus detection, and virus detection is performed when the content of the target file has experienced virus detection. At least one item of configuration information of the anti-virus system. For example, the anti-virus unit may read the historical information of virus detection corresponding to the target file in the metadata of the target file.
作为一个示例,以目标文件元数据中的病毒检测的历史信息包括目标文件的内容是否经历过病毒检测为例。例如,当目标文件的内容经历过病毒检测,并确认没有病毒后,可以在目标文件元数据中记录“已扫描”的标记,从而表征目标文件的内容经历过病毒检测;如果目标文件的内容发生变化,存在被病毒侵入的风险,则在目标文件元数据中清除该“已扫描”的标记,从而表征修改后的目标文件的内容未经历过病毒检测。As an example, take the historical information of virus detection in the target file metadata including whether the content of the target file has experienced virus detection. For example, when the content of the target file has undergone virus detection and is confirmed to be free of viruses, a "scanned" mark can be recorded in the target file metadata to indicate that the content of the target file has experienced virus detection; if the content of the target file has If there is a risk of being invaded by a virus, the "scanned" mark will be cleared in the target file metadata, thereby indicating that the content of the modified target file has not undergone virus detection.
作为另一个示例,以目标文件元数据中的病毒检测的历史信息包括目标文件的内容经历病毒检测的时间为例。例如,当目标文件的内容经历病毒检测,并确认没有病毒后,可以在目标文件元数据中记录该病毒检测的时间;若目标文件的内容再次经历病毒检测且确认没有病毒,则可以根据该次经历病毒检测的时间更新目标文件元数据中所记载的病毒检测的时间。As another example, take the historical information of virus detection in the target file metadata including the time when the content of the target file experienced virus detection. For example, when the content of the target file undergoes virus detection and is confirmed to be free of viruses, the time of the virus detection can be recorded in the target file metadata; if the content of the target file undergoes virus detection again and is confirmed to be virus-free, the time of virus detection can be recorded in the target file metadata. The virus detection time updates the virus detection time recorded in the target file metadata.
作为另一个示例,以目标文件元数据中的病毒检测的历史信息包括目标文件的内容经历病毒检测时执行病毒检测的防病毒系统的配置信息为例。例如,当目标文件的内容经历过病毒检测,并确认没有病毒后,可以在目标文件元数据中记录执行此次病毒检测的杀毒软件的版本号;若目标文件的内容再次经历病毒检测且确认没有病毒后,则可以根据执行该次病毒检测的杀毒软件的版本号更新目标文件元数据中所记载的杀毒软件的版本号。As another example, take the historical information of virus detection in the target file metadata including the configuration information of the anti-virus system that performs virus detection when the content of the target file undergoes virus detection. For example, when the content of the target file has been tested for viruses and it is confirmed that there is no virus, the version number of the anti-virus software that performed the virus detection can be recorded in the target file metadata; if the content of the target file has been tested for viruses again and it is confirmed that there is no virus, After a virus is detected, the version number of the anti-virus software recorded in the target file metadata can be updated according to the version number of the anti-virus software that performs the virus detection.
作为另一个示例,以目标文件元数据中的病毒检测的历史信息包括目标文件的内容经历病毒检测的次数为例。例如,目标文件的内容每进行一次病毒检测,并确认没有病毒后,可以将目标文件对应的病毒检测的历史信息中记录的病毒检测次数增加1。As another example, take the historical information of virus detection in the target file metadata including the number of times the content of the target file has experienced virus detection. For example, every time the content of the target file is tested for a virus and it is confirmed that there is no virus, the number of virus detections recorded in the historical information of virus detection corresponding to the target file can be increased by 1.
作为另一个示例,以目标文件元数据中的病毒检测的历史信息包括目标文件的内容是否经历过病毒检测和目标文件的内容经历病毒检测的时间为例。当目标文件进行过病毒检测,并确认没有病毒后,可以在目标文件元数据中记录“已扫描”的标记以及本次病毒检测的时间。As another example, take the historical information of virus detection in the target file metadata including whether the content of the target file has experienced virus detection and the time at which the content of the target file has experienced virus detection. When the target file has been tested for viruses and is confirmed to be free of viruses, a "scanned" mark and the time of this virus detection can be recorded in the target file metadata.
作为另一个示例,目标文件元数据中的病毒检测的历史信息可以包括目标文件的内容是否经历过病毒检测、目标文件的内容经历病毒检测的时间、及目标文件的内容经历病毒检测时执行病毒检测的防病毒系统的配置信息;当目标文件进行过病毒检测,并确认没有病毒后,可以在目标文件元数据中记录“已扫描”的标记、本次病毒检测的时间以及执行本次病毒检测的防病毒系统的配置信息。As another example, the history information of virus detection in the target file metadata may include whether the content of the target file has experienced virus detection, the time when the content of the target file has experienced virus detection, and the virus detection was performed when the content of the target file has experienced virus detection. Configuration information of the anti-virus system; when the target file has been tested for viruses and is confirmed to be free of viruses, the "scanned" mark, the time of this virus detection, and the time when this virus detection was performed can be recorded in the target file metadata. Antivirus system configuration information.
在一种可能的实现方式中,目标文件对应的病毒检测的历史信息可以包括索引库中与目标文件的文件指纹对应的病毒检测的历史信息;示例性地,防病毒单元可以在索引库中查询与目标文件的目标文件指纹对应的病毒检测的历史信息。In a possible implementation, the historical information of virus detection corresponding to the target file may include historical information of virus detection corresponding to the file fingerprint of the target file in the index database; for example, the anti-virus unit may query in the index database Historical information about virus detections corresponding to the target file's target file fingerprint.
其中,索引库中包括至少一个文件指纹及该至少一个文件指纹对应的病毒检测的历史信息,该至少一个文件指纹与存储系统中的一个或多个文件相关联,该至少一个文件指纹对应的病毒检测的历史信息包括与该至少一个文件指纹相关联的各文件对应的病毒检测的历史信息中最新的历史信息。The index database includes at least one file fingerprint and historical information of virus detection corresponding to the at least one file fingerprint. The at least one file fingerprint is associated with one or more files in the storage system. The virus corresponding to the at least one file fingerprint The detected historical information includes the latest historical information among the virus detected historical information corresponding to each file associated with the at least one file fingerprint.
作为一个示例,对于目标文件,当在存储系统中创建目标文件并写入内容后,关闭目标文件时,可以根据目标文件的内容计算目标文件的文件指纹;其中,文件指纹可以通过现有计算文件指纹的方式得到。示例性地,可以将目标文件的文件指纹记录在目标文件的元数据中。这样,遍历存储系统中各文件,从而可以得到各文件的文件指纹;进而汇总各文件的文件指纹,可以得到多个不同的文件指纹;其中,内容相同的文件的文件指纹相同,内容不同的文件的文件指纹不同。进一步地,针对任一文件指纹,汇总与该文件指纹相关联的各文件对应的病毒检测的历史信息,从而将相关联的各文件对应的病毒检测的历史信息中最新的历史信息作为该文件指纹对应的病毒检测的历史信息;最后在索引库中插入以文件指纹为键 (key)的索引记录(即文件指纹对应的病毒检测的历史信息),从而建立索引库;索引库中可以记载有是否经历过病毒检测、病毒检测的次数、病毒检测的时间、执行病毒检测的防病毒系统的配置信息中的至少一项。As an example, for a target file, when the target file is created in the storage system and the content is written, when the target file is closed, the file fingerprint of the target file can be calculated based on the content of the target file; where the file fingerprint can be calculated through the existing file Fingerprints are obtained. For example, the file fingerprint of the target file may be recorded in the metadata of the target file. In this way, by traversing each file in the storage system, the file fingerprint of each file can be obtained; then by summarizing the file fingerprints of each file, multiple different file fingerprints can be obtained; among them, files with the same content have the same file fingerprint, and files with different content have the same file fingerprint. The file fingerprints are different. Further, for any file fingerprint, the historical information of virus detection corresponding to each file associated with the file fingerprint is summarized, so that the latest historical information among the historical information of virus detection corresponding to each associated file is used as the file fingerprint. The corresponding historical information of virus detection; finally insert the file fingerprint as the key into the index database (key) index record (that is, the historical information of virus detection corresponding to the file fingerprint), thereby establishing an index database; the index database can record whether it has experienced virus detection, the number of virus detections, the time of virus detection, and the time when virus detection was performed. At least one item of configuration information for the antivirus system.
举例来说,图3示出根据本申请一实施例的一种索引库的示意图,如图3所示,索引库中可以包括多个文件指纹,分别为文件指纹1、文件指纹2、文件指纹3…文件指纹n;其中,每个文件指纹对应的病毒检测的历史信息可以包括该文件指纹对应的文件内容是否经历过病毒检测、该文件指纹对应的文件内容经历病毒检测的时间、该文件指纹对应的文件内容经历病毒检测时执行病毒检测的杀毒软件的版本号。例如,图3中文件指纹1对应的病毒检测的历史信息包括:经历过病毒检测、病毒检测时间为T1、执行病毒检测的杀毒软件版本号为P1;再例如,文件指纹3对应的病毒检测的历史信息包括:未经历过病毒检测、病毒检测时间为空、执行病毒检测的杀毒软件版本号为空。For example, Figure 3 shows a schematic diagram of an index database according to an embodiment of the present application. As shown in Figure 3, the index database can include multiple file fingerprints, namely file fingerprint 1, file fingerprint 2, and file fingerprint 3...File fingerprint n; wherein, the historical information of virus detection corresponding to each file fingerprint may include whether the file content corresponding to the file fingerprint has experienced virus detection, the time when the file content corresponding to the file fingerprint has experienced virus detection, the file fingerprint The version number of the anti-virus software that performs virus detection when the corresponding file content undergoes virus detection. For example, the historical information of virus detection corresponding to file fingerprint 1 in Figure 3 includes: having experienced virus detection, the virus detection time is T1, and the version number of the anti-virus software that performs virus detection is P1; for another example, the virus detection corresponding to file fingerprint 3 The historical information includes: no virus detection has been performed, the virus detection time is empty, and the version number of the anti-virus software that performs virus detection is empty.
示例性地,如果存储系统中某一文件的内容发生变化,例如,对某一文件的内容进行增加、删除、改写等操作后,该文件的文件指纹会发生变化,则重新计算该文件的文件指纹,再例如,若某一文件的内容经过病毒检测且确定存在病毒,进行杀毒处理后该文件的内容也会发生变化,则重新计算该文件的文件指纹;或者,如果存储系统中有新建的文件,则可以计算该新建文件的文件指纹。进而可以更新索引库中该最新的文件指纹对应的病毒检测的历史信息;若在索引库中没有查询到与该最新的文件指纹,可以在索引库中插入以该最新的文件指纹为key的索引记录。For example, if the content of a certain file in the storage system changes, for example, after the content of a certain file is added, deleted, rewritten, etc., the file fingerprint of the file will change, the file fingerprint of the file will be recalculated. Fingerprint. For another example, if the content of a certain file has been tested for viruses and it is determined that a virus exists, the content of the file will also change after anti-virus processing, and the file fingerprint of the file will be recalculated; or if there is a new file in the storage system file, you can calculate the file fingerprint of the newly created file. Then, the historical information of virus detection corresponding to the latest file fingerprint in the index database can be updated; if the latest file fingerprint is not found in the index database, an index with the latest file fingerprint as the key can be inserted into the index database. Record.
示例性地,针对任一文件指纹,可以根据该文件指纹相关联的各文件的内容是否经历过病毒检测的信息,确定该文件指纹对应的是否经历过病毒检测的信息,若相关联的各文件中任一文件的内容经历过病毒检测,即最新的是否经历过病毒检测的信息为经历过病毒检测,则该文件指纹对应的病毒检测的历史信息中包括经历过病毒检测的信息;例如,可以在索引库中该文件指纹对应的索引记录中添加“已扫描”的标记;若相关联的各文件的内容均未经历过病毒检测,则该文件指纹对应的病毒检测的历史信息中包括未经历过病毒检测的信息。示例性地,针对任一文件指纹,可以在该文件指纹相关联的各文件对应的病毒检测时间中选取其中最新的病毒检测时间,作为该文件指纹对应的病毒检测时间。示例性地,针对任一文件指纹,可以在该文件指纹相关联的各文件对应的执行病毒检测的防病毒系统的配置信息中选取其中最新的防病毒系统的配置信息,作为该文件指纹对应的执行病毒检测的防病毒系统的配置信息;例如,可以将该文件指纹相关联的各文件对应的执行病毒检测的杀毒软件版本号中最新的杀毒软件版本号,作为该文件指纹对应的执行病毒检测的杀毒软件版本号。For example, for any file fingerprint, the information about whether the content of each file associated with the file fingerprint has experienced virus detection can be determined based on the information about whether the content of each file associated with the file fingerprint has experienced virus detection. If the associated files The content of any file in the file has experienced virus detection, that is, the latest information about whether it has experienced virus detection is that it has experienced virus detection, then the historical virus detection information corresponding to the fingerprint of the file includes the information that has experienced virus detection; for example, you can Add a "scanned" mark to the index record corresponding to the fingerprint of the file in the index database; if the contents of each associated file have not experienced virus detection, the historical information of virus detection corresponding to the fingerprint of the file includes "scanned" virus testing information. For example, for any file fingerprint, the latest virus detection time can be selected from the virus detection times corresponding to each file associated with the file fingerprint as the virus detection time corresponding to the file fingerprint. For example, for any file fingerprint, the configuration information of the latest anti-virus system among the configuration information of the anti-virus system that performs virus detection corresponding to each file associated with the file fingerprint can be selected as the configuration information corresponding to the file fingerprint. Configuration information of the anti-virus system that performs virus detection; for example, the latest anti-virus software version number among the anti-virus software version numbers that perform virus detection corresponding to each file associated with the file fingerprint can be used as the anti-virus software version number that performs virus detection corresponding to the file fingerprint. The version number of the anti-virus software.
举例来说,图4示出根据本申请一实施例的文件指纹1对应的病毒检测的历史信息的示意图,如图4所示,存储系统中文件B及文件C为对文件A进行数据拷贝、快照、克隆或复制等操作所得到的新文件,文件A的内容、文件B的内容及文件C的内容均相同,文件A、文件B及文件C的文件指纹相同,均为文件指纹1,即,文件指纹1与存储系统中文件A、文件B、文件C相关联。文件A对应的病毒检测的历史信息包括文件A的内容经历过病毒检测、病毒检测时间为2022年1月1日15时、杀毒软件版本号为p1;文件B对应的病毒检测的历史信息为文件B的内容经历过病毒检测、病毒检测时间为2022年1月1日13时、杀毒软件版本号为p2;文件C对应的病毒检测的历史信息为文件C的内容未经历过病毒检测、病毒检测时间为空、杀毒软件版本号为空。由于文件A和文件B的内容经历过病毒检测,即最新的是否经历过病毒检测的信息为经历过病毒检测,则可以确定文件指纹1对应的病毒检测历史信息包括经历过病毒检测的信息;文件A对应的病毒检测时间晚于文件B对应的病毒检测时 间,即最新的病毒检测时间为文件A对应的病毒检测时间,则可以确定文件指纹1对应的病毒检测时间为2022年1月1日15时;文件A对应的杀毒软件版本号p1相对于文件B对应的杀毒软件版本号p2更新,即最新的执行病毒检测的杀毒软件版本号为p1,则可以确定文件指纹1对应的杀毒软件版本号为p1。For example, Figure 4 shows a schematic diagram of historical information of virus detection corresponding to file fingerprint 1 according to an embodiment of the present application. As shown in Figure 4, file B and file C in the storage system are data copies of file A. For new files obtained by operations such as snapshots, cloning or copying, the contents of file A, file B and file C are all the same. The file fingerprints of file A, file B and file C are the same and are all file fingerprint 1, that is , File fingerprint 1 is associated with file A, file B, and file C in the storage system. The historical information of virus detection corresponding to file A includes that the content of file A has experienced virus detection, the virus detection time is 15:00 on January 1, 2022, and the anti-virus software version number is p1; the historical information of virus detection corresponding to file B is file The content of B has experienced virus detection, the virus detection time is 13:00 on January 1, 2022, and the anti-virus software version number is p2; the historical information of virus detection corresponding to file C is that the content of file C has not experienced virus detection, virus detection The time is empty and the anti-virus software version number is empty. Since the contents of file A and file B have experienced virus detection, that is, the latest information about whether they have experienced virus detection is virus detection, it can be determined that the virus detection history information corresponding to file fingerprint 1 includes information about virus detection; file The virus detection time corresponding to file A is later than the virus detection time corresponding to file B. time, that is, the latest virus detection time is the virus detection time corresponding to file A, then it can be determined that the virus detection time corresponding to file fingerprint 1 is 15:00 on January 1, 2022; the anti-virus software version number p1 corresponding to file A is relative to the file The anti-virus software version number p2 corresponding to B is updated, that is, the latest anti-virus software version number that performs virus detection is p1, then it can be determined that the anti-virus software version number corresponding to file fingerprint 1 is p1.
在一种可能的实现方式中,目标文件对应的病毒检测的历史信息包括目标文件元数据中的病毒检测的历史信息及索引库中与目标文件的文件指纹对应的病毒检测的历史信息。In a possible implementation, the historical information of virus detection corresponding to the target file includes the historical information of virus detection in the target file metadata and the historical information of virus detection corresponding to the file fingerprint of the target file in the index database.
其中,目标文件元数据中的病毒检测的历史信息与索引库中与目标文件的文件指纹对应的病毒检测的历史信息的类型可以相同,也可以不同,对此不作限定。例如,目标文件元数据中的病毒检测的历史信息可以包括是否经历过病毒检测,目标文件的文件指纹对应的病毒检测的历史信息可以包括病毒检测时间;再例如,目标文件元数据中的病毒检测的历史信息可以包括是否经历过病毒检测,目标文件的文件指纹对应的病毒检测的历史信息可以包括是否经历过病毒检测。The types of the historical virus detection information in the target file metadata and the historical virus detection information corresponding to the file fingerprint of the target file in the index database may be the same or different, and are not limited to this. For example, the historical information of virus detection in the target file metadata can include whether it has experienced virus detection, and the historical information of virus detection corresponding to the file fingerprint of the target file can include the virus detection time; for another example, the virus detection in the target file metadata The historical information of the file may include whether it has experienced virus detection, and the historical information of virus detection corresponding to the file fingerprint of the target file may include whether it has experienced virus detection.
S202、根据目标文件对应的病毒检测的历史信息,确定是否对目标文件进行病毒检测。S202. Determine whether to perform virus detection on the target file according to the historical information of virus detection corresponding to the target file.
示例性地,可以在目标文件对应的病毒检测的历史信息满足预设条件的情况下,确定不对目标文件进行病毒检测;在目标文件对应的病毒检测的历史信息不满足预设条件的情况下,确定对目标文件进行病毒检测。For example, if the historical information of virus detection corresponding to the target file satisfies the preset conditions, it may be determined not to perform virus detection on the target file; if the historical information of virus detection corresponding to the target file does not meet the preset conditions, Confirm that the target file is checked for viruses.
作为一个示例,以目标文件对应的病毒检测的历史信息包括是否经历过病毒检测为例,对应的预设条件可以包括目标文件的内容经历过病毒检测。例如,如果目标文件对应的病毒检测的历史信息中存在“已扫描”的标记,表明目标文件的内容经历过病毒检测,则确定不对目标文件进行病毒检测;如果目标文件对应的病毒检测的历史信息中没有“已扫描”的标记,则确定对目标文件进行病毒检测。As an example, taking the historical information of virus detection corresponding to the target file including whether it has experienced virus detection, the corresponding preset condition may include that the content of the target file has experienced virus detection. For example, if there is a "scanned" mark in the historical information of virus detection corresponding to the target file, indicating that the content of the target file has undergone virus detection, it is determined that the target file will not be virus detected; if the historical information of virus detection corresponding to the target file If there is no "scanned" mark in the file, it means that the target file has been detected for viruses.
作为另一个示例,以目标文件对应的病毒检测的历史信息包括病毒检测的时间为例,对应的预设条件可以包括目标文件对应的病毒检测的历史信息中病毒检测时间与当前时刻的间隔未超过预设时间间隔。如果目标文件对应的病毒检测的历史信息中病毒检测时间与当前时刻的间隔未超过预设时间间隔,确定不对目标文件进行病毒检测;如果目标文件对应的病毒检测的历史信息中病毒检测时间与当前时刻的间隔超过了预设时间间隔,目标文件的内容存在感染病毒的风险,则确定对目标文件进行病毒检测;其中,预设时间间隔的数值可以根据需要进行设定,对此不作限定。As another example, taking the historical information of virus detection corresponding to the target file including the time of virus detection, the corresponding preset condition may include that the interval between the virus detection time and the current moment in the historical information of virus detection corresponding to the target file has not exceeded Preset time interval. If the interval between the virus detection time and the current time in the historical information of virus detection corresponding to the target file does not exceed the preset time interval, it is determined not to perform virus detection on the target file; if the virus detection time in the historical information of virus detection corresponding to the target file is different from the current time. If the time interval exceeds the preset time interval, and the content of the target file is at risk of being infected with a virus, it is determined to perform virus detection on the target file; the value of the preset time interval can be set as needed, and there is no limit to this.
作为另一个示例,以目标文件对应的病毒检测的历史信息包括病毒检测的次数为例,对应的预设条件可以包括目标文件对应的病毒检测的历史信息中病毒检测的次数未超过预设检测次数。如果目标文件对应的病毒检测的历史信息中病毒检测次数达到了预设检测次数,确定不对目标文件进行病毒检测;如果目标文件对应的病毒检测的历史信息中病毒检测次数未达到预设检测次数,则确定对目标文件进行病毒检测;其中,预设检测次数的数值可以根据需要进行设定,对此不作限定。As another example, taking the historical information of virus detection corresponding to the target file as including the number of virus detections, the corresponding preset condition may include that the number of virus detections in the historical information of virus detection corresponding to the target file does not exceed the preset number of detections. . If the number of virus detections in the historical information of virus detection corresponding to the target file has reached the preset number of detections, it is determined not to perform virus detection on the target file; if the number of virus detections in the historical information of virus detection corresponding to the target file has not reached the preset number of detections, Then it is determined to perform virus detection on the target file; wherein, the value of the preset number of detections can be set as needed and is not limited.
作为另一个示例,以目标文件对应的病毒检测的历史信息包括执行病毒检测的防病毒系统的配置信息为例,对应的预设条件可以包括执行病毒检测的防病毒系统的配置信息与目标防病毒系统(即当前执行病毒检测的防病毒系统)的配置信息相同。例如,如果目标文件对应的病毒检测的历史信息中杀毒软件的版本号与当前执行病毒检测的杀毒软件的版本号相同,可以跳过目标文件,不对目标文件进行病毒检测;如果目标文件对应的病毒检测的历史信息中杀毒软件的版本号与当前执行病毒检测的杀毒软件的版本号不同(例如杀毒软件进行了更新导致杀毒软件的版本号发生了变化),则确定对目标文件进行病毒检测。 As another example, take the historical information of virus detection corresponding to the target file including the configuration information of the anti-virus system that performs virus detection. The corresponding preset conditions may include the configuration information of the anti-virus system that performs virus detection and the target anti-virus. The configuration information of the system (that is, the anti-virus system currently performing virus detection) is the same. For example, if the version number of the anti-virus software in the historical information of virus detection corresponding to the target file is the same as the version number of the anti-virus software currently performing virus detection, the target file can be skipped and no virus detection will be performed on the target file; if the virus corresponding to the target file If the version number of the anti-virus software in the detected historical information is different from the version number of the anti-virus software currently performing virus detection (for example, the anti-virus software is updated and the version number of the anti-virus software changes), then it is determined that the target file is to be tested for viruses.
作为另一个示例,以目标文件对应的病毒检测的历史信息包括是否经历过病毒检测和病毒检测时间为例,对应的预设条件可以为目标文件的内容经历过病毒检测、及目标文件对应的病毒检测的历史信息中病毒检测时间与当前时刻的间隔未超过预设时间间隔。例如,如果目标文件对应的病毒检测的历史信息中存在“已扫描”的标记且目标文件对应的病毒检测的历史信息中病毒检测时间与当前时刻的间隔未超过预设时间间隔,则确定不对目标文件进行病毒检测;否则,确定对目标文件进行病毒检测。As another example, taking the historical information of virus detection corresponding to the target file including whether it has experienced virus detection and the virus detection time, the corresponding preset conditions can be that the content of the target file has experienced virus detection, and the virus corresponding to the target file The interval between the virus detection time and the current time in the detection history information does not exceed the preset time interval. For example, if there is a "scanned" mark in the historical information of virus detection corresponding to the target file and the interval between the virus detection time and the current time in the historical information of virus detection corresponding to the target file does not exceed the preset time interval, it is determined that the target file is not used. The file is checked for viruses; otherwise, the target file is determined to be checked for viruses.
作为另一个示例,以目标文件对应的病毒检测的历史信息包括是否经历过病毒检测、病毒检测时间和执行病毒检测的防病毒系统的配置信息为例;对应的预设条件可以为目标文件的内容经历过病毒检测、目标文件对应的病毒检测的历史信息中病毒检测时间与当前时刻的间隔未超过预设时间间隔及执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息相同。例如,如果目标文件对应的病毒检测的历史信息中存在“已扫描”的标记、目标文件对应的病毒检测的历史信息中病毒检测时间与当前时刻的间隔未超过预设时间间隔、且目标文件对应的病毒检测的历史信息中杀毒软件的版本号与当前执行病毒检测的杀毒软件的版本号相同,则确定不对目标文件进行病毒检测;否则,确定对目标文件进行病毒检测。As another example, take the historical information of virus detection corresponding to the target file including whether it has experienced virus detection, the time of virus detection, and the configuration information of the anti-virus system that performs virus detection; the corresponding preset condition can be the content of the target file. The interval between the virus detection time and the current time in the historical information of virus detection and virus detection corresponding to the target file does not exceed the preset time interval, and the configuration information of the anti-virus system that performs virus detection is the same as the configuration information of the target anti-virus system. For example, if there is a "scanned" mark in the historical information of virus detection corresponding to the target file, the interval between the virus detection time and the current time in the historical information of virus detection corresponding to the target file does not exceed the preset time interval, and the target file corresponds to If the version number of the anti-virus software in the historical information of virus detection is the same as the version number of the anti-virus software currently performing virus detection, it is determined not to perform virus detection on the target file; otherwise, it is determined to perform virus detection on the target file.
S203、在确定对目标文件进行病毒检测的情况下,向目标防病毒系统发送对目标文件进行病毒检测的请求。S203. When it is determined that virus detection is to be performed on the target file, send a request to perform virus detection on the target file to the target anti-virus system.
示例性地,存储系统可以与一个或多个防病毒系统进行无线或有线连接,可以在确定对目标文件进行病毒检测的情况下,向目标防病毒系统发送对目标文件进行病毒检测的请求。作为一个示例,目标防病毒系统可以为上述图1中的防病毒系统20。For example, the storage system may be connected wirelessly or wiredly to one or more anti-virus systems, and may send a request to perform virus detection on the target file to the target anti-virus system if it is determined that the target file is to be virus-detected. As an example, the target anti-virus system may be the anti-virus system 20 in Figure 1 mentioned above.
示例性地,病毒检测的请求还可以包括目标文件的路径或者目标文件的内容,以便目标防病毒系统对目标文件进行病毒检测。例如,在确定对目标文件进行病毒检测的情况下,防病毒单元可以将目标文件的路径发送给目标防病毒系统,目标防病毒系统基于目标文件的路径通过文件访问协议从存储系统中获取目标文件的内容后再进行病毒检测,从而判断目标文件的内容中是否有病毒;再例如,防病毒单元可以将目标文件的内容发送给目标防病毒系统器,目标防病毒系统直接对接收到的目标文件的内容进行病毒检测,从而判断目标文件的内容中是否有病毒。For example, the virus detection request may also include the path of the target file or the content of the target file, so that the target anti-virus system can perform virus detection on the target file. For example, when it is determined that the target file is subject to virus detection, the anti-virus unit can send the path of the target file to the target anti-virus system, and the target anti-virus system obtains the target file from the storage system through the file access protocol based on the path of the target file. Virus detection is then performed after the content of the target file is detected to determine whether there is a virus in the content of the target file; for another example, the anti-virus unit can send the content of the target file to the target anti-virus system, and the target anti-virus system directly checks the received target file. Conduct virus detection on the content of the target file to determine whether there is a virus in the content of the target file.
示例性地,在确定不对目标文件进行病毒检测的情况下,则可以跳过对目标文件的病毒检测。例如,在触发在线病毒检测任务时,若确定不对目标文件进行病毒检测,则可以直接允许用户对目标文件进行操作。For example, if it is determined that virus detection is not to be performed on the target file, virus detection on the target file may be skipped. For example, when triggering an online virus detection task, if it is determined that the target file is not to be detected for viruses, the user can be directly allowed to operate on the target file.
在一种可能的实现方式中,在执行完上述步骤S203后,还可以获取目标防病毒系统反馈的对目标文件进行病毒检测的结果;根据病毒检测的结果,更新目标文件对应的病毒检测的历史信息。以便下一次触发病毒检测任务时,基于最新的病毒检测的历史信息确定是否对目标文件进行病毒检测。In a possible implementation, after executing the above step S203, the results of virus detection on the target file fed back by the target anti-virus system can also be obtained; and based on the virus detection results, the history of virus detection corresponding to the target file is updated. information. This way, when the virus detection task is triggered next time, it is determined whether to perform virus detection on the target file based on the latest virus detection history information.
作为一个示例,若目标文件对应的病毒检测的历史信息中没有“已扫描”的标记;如果目标防病毒系统对目标文件进行病毒检测后,目标防病毒系统确认目标文件没有病毒,则可以向防病毒单元反馈目标文件没有病毒;防病毒单元可以在目标文件对应的病毒检测的历史信息添加“已扫描”的标记。若目标文件对应的病毒检测的历史信息中有“已扫描”的标记;如果目标防病毒系统对目标文件进行病毒检测后,目标防病毒系统确认目标文件有病毒,则可以对目标文件进行杀毒(例如,该目标文件中部分或全部内容进行删除、隔离等处理),并向防病毒单元反馈目标文件有病毒,由于杀毒处理后目标文件的内容发生变化,防病毒单元可以在杀毒后的目标文件对应的病毒检测的历史信息中删除“已扫描”的标记。 As an example, if there is no "scanned" mark in the virus detection history information corresponding to the target file; if the target anti-virus system performs virus detection on the target file and the target anti-virus system confirms that the target file does not have viruses, it can report to the anti-virus system. The virus unit reports that the target file does not contain viruses; the anti-virus unit can add a "scanned" mark to the historical virus detection information corresponding to the target file. If there is a "scanned" mark in the virus detection history information corresponding to the target file; if the target anti-virus system performs virus detection on the target file and the target anti-virus system confirms that the target file has a virus, the target file can be disinfected ( For example, part or all of the content in the target file is deleted, isolated, etc.), and the target file is fed back to the anti-virus unit that the target file contains viruses. Since the content of the target file changes after the anti-virus process, the anti-virus unit can detect the virus in the target file after the anti-virus unit. Delete the "scanned" mark from the corresponding virus detection history information.
作为另一个示例,如果目标防病毒系统对目标文件进行病毒检测后,目标防病毒系统确认目标文件没有病毒,则可以向防病毒单元反馈目标文件没有病毒及本次病毒检测时间,防病毒单元可以将目标文件对应的病毒检测的历史信息中的病毒检测时间更新为此次病毒检测时间。如果目标防病毒系统对目标文件进行病毒检测后,目标防病毒系统确认目标文件有病毒,则可以对目标文件进行杀毒,并向防病毒单元反馈目标文件有病毒,防病毒单元可以将目标文件对应的病毒检测的历史信息中的病毒检测时间更新为默认值。As another example, if the target anti-virus system performs virus detection on the target file and the target anti-virus system confirms that the target file does not have a virus, it can feedback to the anti-virus unit that the target file does not have a virus and the time of this virus detection, and the anti-virus unit can Update the virus detection time in the historical information of virus detection corresponding to the target file to the current virus detection time. If the target anti-virus system performs virus detection on the target file and confirms that the target file has a virus, it can disinfect the target file and feedback to the anti-virus unit that the target file has a virus. The anti-virus unit can then match the target file with the virus. The virus detection time in the virus detection history information is updated to the default value.
作为另一个示例,如果目标防病毒系统对目标文件进行病毒检测后,目标防病毒系统确认目标文件没有病毒,则可以向防病毒单元反馈目标文件没有病毒及执行本次病毒检测的杀毒软件的版本号;防病毒单元可以将目标文件对应的病毒检测的历史信息中的执行病毒检测的杀毒软件的版本号更新为本次病毒检测的杀毒软件的版本号。如果目标防病毒系统对目标文件进行病毒检测后,目标防病毒系统确认目标文件有病毒,则可以对目标文件进行杀毒,并向防病毒单元反馈目标文件有病毒,防病毒单元可以将目标文件对应的病毒检测的历史信息中的执行病毒检测的杀毒软件的版本号更新为默认值。As another example, if the target anti-virus system performs virus detection on the target file and the target anti-virus system confirms that the target file does not have viruses, it can feedback to the anti-virus unit that the target file does not have viruses and the version of the anti-virus software that performed this virus detection. number; the anti-virus unit can update the version number of the anti-virus software that performs virus detection in the historical information of virus detection corresponding to the target file to the version number of the anti-virus software used for this virus detection. If the target anti-virus system performs virus detection on the target file and confirms that the target file has a virus, it can disinfect the target file and feedback to the anti-virus unit that the target file has a virus. The anti-virus unit can then match the target file to The version number of the anti-virus software that performs virus detection in the virus detection history information is updated to the default value.
本申请实施例中,目标文件对应的病毒检测的历史信息可以表征目标文件的内容所经历的病毒检测的相关信息;根据目标文件对应的病毒检测的历史信息确定是否对目标文件进行病毒检测,可以在保证数据安全的前提下,避免对已经进行过病毒检测的文件内容重复进行病毒检测,从而节约了网络带宽开销,节省了病毒检测时间,提升了病毒检测效率;此外,在触发在线病毒检测任务时,用户可以及时打开目标文件,提高了存储系统的读写性能。In the embodiment of the present application, the historical information of virus detection corresponding to the target file can represent the relevant information of virus detection experienced by the content of the target file; determining whether to perform virus detection on the target file can be based on the historical information of virus detection corresponding to the target file. On the premise of ensuring data security, it avoids repeated virus detection on file contents that have been virus tested, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when triggering online virus detection tasks At this time, the user can open the target file in time, which improves the read and write performance of the storage system.
下面以目标文件对应的病毒检测的历史信息包括目标文件元数据中的病毒检测的历史信息为例,对本申请实施例中病毒检测方法进行说明。The virus detection method in the embodiment of the present application will be described below by taking the historical information of virus detection corresponding to the target file, including the historical information of virus detection in the metadata of the target file, as an example.
图5示出根据本申请一实施例的一种病毒检测方法的流程图。示例性地,示例性地,该方法可以由上述图1中防病毒单元执行。如图5所示,该病毒检测方法包括:Figure 5 shows a flow chart of a virus detection method according to an embodiment of the present application. By way of example, the method may be executed by the anti-virus unit in Figure 1 described above. As shown in Figure 5, the virus detection method includes:
S501、在目标文件元数据中,读取目标文件对应的病毒检测的历史信息。S501. In the target file metadata, read the historical information of virus detection corresponding to the target file.
其中,目标文件元数据的具体说明可参照上述图2中步骤201中相关表述。The specific description of the target file metadata may refer to the relevant expressions in step 201 in Figure 2 above.
S502、根据目标文件对应的病毒检测的历史信息,确定是否对目标文件进行病毒检测。S502: Determine whether to perform virus detection on the target file according to the historical information of virus detection corresponding to the target file.
示例性地,可以在目标文件元数据中的病毒检测的历史信息满足预设条件的情况下,确定不对目标文件进行病毒检测;在目标文件对应的病毒检测的历史信息不满足预设条件的情况下,确定对目标文件进行病毒检测。For example, if the historical information of virus detection in the target file metadata satisfies the preset conditions, it may be determined not to perform virus detection on the target file; if the historical information of virus detection corresponding to the target file does not meet the preset conditions. Next, confirm to perform virus detection on the target file.
该步骤的具体实现过程可参照上述图2中步骤S202中的相关表述,在此不再赘述。For the specific implementation process of this step, reference can be made to the relevant expressions in step S202 in Figure 2 above, which will not be described again here.
S503、在确定对目标文件进行病毒检测的情况下,向目标防病毒系统发送对目标文件进行病毒检测的请求。S503. When it is determined that virus detection is to be performed on the target file, send a request to perform virus detection on the target file to the target anti-virus system.
该步骤的具体实现过程可参照上述图2中步骤S203的相关表述,在此不再赘述。For the specific implementation process of this step, reference can be made to the relevant expressions of step S203 in Figure 2 above, which will not be described again here.
在一种可能的实现方式中,在执行完上述步骤S503后,还可以获取目标防病毒系统反馈的对目标文件进行病毒检测的结果;并根据病毒检测的结果,更新目标文件元数据中的病毒检测的历史信息。示例性地,在目标防病毒系统对目标文件进行病毒检测后,可以向防病毒单元反馈目标文件是否存在病毒、该次病毒检测的时间或目标防病毒系统的配置信息中的一项或多项,防病毒单元根据反馈的信息在目标文件元数据中更新病毒检测的历史信息。In a possible implementation, after executing the above step S503, the result of virus detection on the target file fed back by the target anti-virus system can also be obtained; and based on the result of virus detection, the virus in the metadata of the target file can be updated. Detection history information. For example, after the target anti-virus system performs virus detection on the target file, one or more items of whether there is a virus in the target file, the time of the virus detection, or the configuration information of the target anti-virus system can be fed back to the anti-virus unit. , the anti-virus unit updates the historical information of virus detection in the target file metadata based on the feedback information.
这样,通过上述步骤S501-S503,读取目标文件元数据中的病毒检测的历史信息,快速获取目标文件对应的病毒检测的历史信息;考虑到在一个文件经过病毒检测且确认无病毒后,若该文件内容没有发生变化,则该文件内容仍旧是安全的,则可以不对该文件重复进行病毒检测;因此,根据目标文件元数据中的病毒检测的历史信息确定是否对目标文件进行病毒检 测,可以在保证数据安全的前提下,避免对已经经历过病毒检测的文件内容重复进行病毒检测,从而节约了网络带宽开销,节省了病毒检测时间,提升了病毒检测效率;此外,在触发在线病毒检测任务时,用户可以及时打开目标文件,提高了存储系统的读写性能。In this way, through the above steps S501-S503, the historical information of virus detection in the target file metadata is read, and the historical information of virus detection corresponding to the target file is quickly obtained; considering that after a file has been virus tested and confirmed to be virus-free, if If the content of the file has not changed, then the content of the file is still safe, and the file does not need to be repeatedly tested for viruses; therefore, it is determined whether to perform virus testing on the target file based on the historical information of virus detection in the metadata of the target file. Testing can avoid repeated virus testing on file contents that have already undergone virus testing on the premise of ensuring data security, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when triggering online During virus detection tasks, users can open target files in time, which improves the read and write performance of the storage system.
作为一个示例,以目标文件元数据中的病毒检测的历史信息包括该目标文件的内容是否经历过病毒检测为例。可以在目标文件元数据中读取目标文件的内容是否经历过病毒检测,例如,可以读取目标文件元数据中是否有“已扫描”的标记,从而判断目标文件的内容是否经历过病毒检测。如果目标文件元数据中没有“已扫描”的标记,代表目标文件的内容没有经历过病毒检测,则确定对目标文件进行病毒检测,并向目标防病毒系统发送对目标文件进行病毒检测的请求。如果目标文件元数据中存在“已扫描”的标记,代表目标文件的内容已经进行过病毒检测并确认没有病毒,则确定不对目标文件进行病毒检测。As an example, take the historical information of virus detection in the target file metadata including whether the content of the target file has experienced virus detection. Whether the content of the target file has experienced virus detection can be read in the target file metadata. For example, you can read whether there is a "scanned" mark in the target file metadata to determine whether the content of the target file has experienced virus detection. If there is no "scanned" mark in the metadata of the target file, it means that the content of the target file has not experienced virus detection, then it is determined to perform virus detection on the target file, and a request to perform virus detection on the target file is sent to the target anti-virus system. If there is a "scanned" mark in the metadata of the target file, it means that the content of the target file has been tested for viruses and confirmed to be virus-free, and it is determined that the target file will not be tested for viruses.
作为另一个示例,以目标文件元数据中的病毒检测的历史信息包括目标文件的内容所经历的病毒检测时间为例。可以在目标文件元数据中读取目标文件的内容所经历的病毒检测时间,如果目标文件的内容所经历的病毒检测时间与当前时刻的间隔超过了预设时间间隔,则确定对目标文件进行病毒检测,并向目标防病毒系统发送对目标文件进行病毒检测的请求。如果目标文件的内容所经历的病毒检测时间与当前时刻的间隔未超过预设时间间隔,则可以确定不对目标文件进行病毒检测。As another example, take the historical information of virus detection in the target file metadata including the virus detection time experienced by the content of the target file. The virus detection time experienced by the content of the target file can be read in the target file metadata. If the interval between the virus detection time experienced by the content of the target file and the current moment exceeds the preset time interval, it is determined that the target file will be infected with viruses. detection, and sends a request to the target antivirus system to perform virus detection on the target file. If the interval between the virus detection time experienced by the content of the target file and the current moment does not exceed the preset time interval, it can be determined that the target file will not be virus detected.
作为另一个示例,以目标文件元数据中的病毒检测的历史信息包括目标文件的内容经历病毒检测时执行病毒检测的防病毒系统的配置信息为例。可以在目标文件元数据中读取执行病毒检测的防病毒系统的配置信息,如果执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息不同,则确定对目标文件进行病毒检测,并向目标防病毒系统发送对目标文件进行病毒检测的请求。如果执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息相同,则可以确定不对目标文件进行病毒检测。As another example, take the historical information of virus detection in the target file metadata including the configuration information of the anti-virus system that performs virus detection when the content of the target file undergoes virus detection. The configuration information of the anti-virus system that performs virus detection can be read in the target file metadata. If the configuration information of the anti-virus system that performs virus detection is different from the configuration information of the target anti-virus system, it is determined to perform virus detection on the target file. and sends a request to the target antivirus system to perform virus detection on the target file. If the configuration information of the anti-virus system that performs virus detection is the same as the configuration information of the target anti-virus system, it can be determined that the target file will not be detected for viruses.
作为另一个示例,以目标文件元数据中的病毒检测的历史信息包括目标文件的内容是否经历过病毒检测、目标文件的内容经历病毒检测时间和目标文件的内容经历病毒检测时执行病毒检测的防病毒系统的配置信息为例。可以在目标文件元数据中读取目标文件是否经历过病毒检测、病毒检测时间和执行病毒检测的防病毒系统的配置信息;例如,可以读取目标文件元数据中是否有“已扫描”的标记、目标文件的内容最新一次经历病毒检测的时间、执行最新一次病毒检测的防病毒系统的配置信息,如果目标文件元数据中有“已扫描”的标记、目标文件的内容最新一次经历病毒检测的时间与当前时刻的间隔未超过预设时间间隔、且执行最新一次病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息相同,则确定不对目标文件进行病毒检测;否则,确定对目标文件进行病毒检测,并向目标防病毒系统发送对目标文件进行病毒检测的请求。As another example, the historical information of virus detection in the target file metadata includes whether the content of the target file has experienced virus detection, the time when the content of the target file has experienced virus detection, and the prevention method of performing virus detection when the content of the target file has experienced virus detection. Take the configuration information of the virus system as an example. Whether the target file has experienced virus detection, virus detection time, and the configuration information of the anti-virus system that performs virus detection can be read in the target file metadata; for example, you can read whether there is a "scanned" mark in the target file metadata. , the time when the content of the target file last experienced virus detection, the configuration information of the anti-virus system that performed the latest virus detection, if there is a "scanned" mark in the metadata of the target file, the time when the content of the target file last experienced virus detection If the interval between the time and the current moment does not exceed the preset time interval, and the configuration information of the anti-virus system that performs the latest virus detection is the same as the configuration information of the target anti-virus system, it is determined that the target file will not be tested for viruses; otherwise, it is determined that the target file will not be tested for viruses. The file is checked for viruses and a request is sent to the target antivirus system to check the target file for viruses.
下面以目标文件对应的病毒检测的历史信息包括索引库中与目标文件的文件指纹对应的病毒检测的历史信息为例,对本申请实施例中病毒检测方法进行说明。The virus detection method in the embodiment of the present application will be described below by taking the historical information of virus detection corresponding to the target file including the historical information of virus detection corresponding to the file fingerprint of the target file in the index database as an example.
图6示出根据本申请一实施例的一种病毒检测方法的流程图。示例性地,示例性地,该方法可以由上述图1中防病毒单元执行。如图6所示,该病毒检测方法包括:Figure 6 shows a flow chart of a virus detection method according to an embodiment of the present application. By way of example, the method may be executed by the anti-virus unit in Figure 1 described above. As shown in Figure 6, the virus detection method includes:
S601、确定目标文件的目标文件指纹;S601. Determine the target file fingerprint of the target file;
作为一个示例,可以在目标文件元数据中,读取目标文件的目标文件指纹;As an example, the target file fingerprint of the target file can be read in the target file metadata;
作为另一个示例,可以根据目标文件中的内容,计算目标文件的目标文件指纹。其中,计算目标文件指纹的方式可以采用现有技术,此处不再赘述;例如,可以采用哈希码生成目标文件指纹。 As another example, a target file's target file fingerprint can be calculated based on the content in the target file. The method of calculating the fingerprint of the target file can use existing technology, which will not be described again here; for example, a hash code can be used to generate the fingerprint of the target file.
S602、根据目标文件指纹,在索引库中选取目标文件指纹对应的病毒检测的历史信息。S602. According to the fingerprint of the target file, select the historical information of virus detection corresponding to the fingerprint of the target file in the index database.
其中,索引库的具体说明可参照上述图2中步骤201中相关表述。For the specific description of the index database, please refer to the relevant expressions in step 201 in Figure 2 above.
示例性地,可以以目标文件指纹为key在索引库中进行查询,获取与目标文件指纹对应的病毒检测的历史信息。For example, the fingerprint of the target file can be used as a key to perform a query in the index database to obtain the historical information of virus detection corresponding to the fingerprint of the target file.
示例性地,如果以目标文件指纹为key在索引库中进行查询,没有查询到目标文件指纹对应的病毒检测的历史信息,则可以在索引库中插入以目标文件指纹为key的索引记录,该索引记录中目标文件指纹对应的病毒检测的历史信息设置为默认值。For example, if the target file fingerprint is used as the key to query in the index database, and the historical information of virus detection corresponding to the target file fingerprint is not queried, an index record with the target file fingerprint as the key can be inserted into the index database. The historical information of virus detection corresponding to the fingerprint of the target file in the index record is set to the default value.
S603、根据目标文件指纹对应的病毒检测的历史信息,确定是否对目标文件进行病毒检测。S603. Determine whether to perform virus detection on the target file based on the historical information of virus detection corresponding to the fingerprint of the target file.
示例性地,可以在目标文件指纹对应的病毒检测的历史信息满足预设条件的情况下,确定不对目标文件进行病毒检测;在目标文件指纹对应的病毒检测的历史信息不满足预设条件的情况下,确定对目标文件进行病毒检测。For example, when the historical information of virus detection corresponding to the fingerprint of the target file satisfies the preset conditions, it may be determined not to perform virus detection on the target file; when the historical information of virus detection corresponding to the fingerprint of the target file does not meet the preset conditions. Next, confirm to perform virus detection on the target file.
该步骤的具体实现过程可参照上述图2中步骤S202的相关表述,在此不再赘述。For the specific implementation process of this step, reference can be made to the relevant expressions of step S202 in Figure 2 above, which will not be described again here.
S604、在确定对目标文件进行病毒检测的情况下,向目标防病毒系统发送对目标文件进行病毒检测的请求。S604. When it is determined that virus detection is to be performed on the target file, send a request to perform virus detection on the target file to the target anti-virus system.
该步骤的具体实现过程可参照上述图2中步骤S203的相关表述,在此不再赘述。For the specific implementation process of this step, reference can be made to the relevant expressions of step S203 in Figure 2 above, which will not be described again here.
在一种可能的实现方式中,在执行完上述步骤S604后,还可以获取目标防病毒系统反馈的对目标文件进行病毒检测的结果;并根据病毒检测的结果,更新索引库中与目标文件的文件指纹对应的病毒检测的历史信息。示例性地,在目标防病毒系统对目标文件进行病毒检测后,可以向防病毒单元反馈目标文件是否存在病毒、该次病毒检测的时间或目标防病毒系统的配置信息中的一项或多项,防病毒单元根据反馈的信息更新索引库中目标文件指纹对应的病毒检测的历史信息。In a possible implementation, after executing the above step S604, the result of virus detection on the target file fed back by the target anti-virus system can also be obtained; and based on the result of virus detection, the index database and the target file can be updated. Historical information of virus detection corresponding to file fingerprints. For example, after the target anti-virus system performs virus detection on the target file, one or more items of whether there is a virus in the target file, the time of the virus detection, or the configuration information of the target anti-virus system can be fed back to the anti-virus unit. , the anti-virus unit updates the historical information of virus detection corresponding to the fingerprint of the target file in the index database based on the feedback information.
这样,通过上述步骤S601-S604,在索引库中查询目标文件指纹对应的病毒检测的历史信息;考虑到目标文件指纹与存储系统中一个或多个文件相关联,即该一个或多个文件的内容完全相同,若通过病毒检测确认该一个或多个文件中的任一文件是安全的,则其他文件的内容也可以认为是安全的,则可以不对其他文件重复进行病毒检测;因此,根据目标文件指纹对应的病毒检测的历史信息确定是否对目标文件进行病毒检测,可以在保证数据安全的前提下,避免对已经经历过病毒检测的文件内容重复进行病毒检测,从而节约了网络带宽开销,节省了病毒检测时间,提升了病毒检测效率;此外,在触发在线病毒检测任务时,用户可以及时打开目标文件,提高了存储系统的读写性能。In this way, through the above steps S601-S604, the historical information of virus detection corresponding to the target file fingerprint is queried in the index database; considering that the target file fingerprint is associated with one or more files in the storage system, that is, the one or more files The contents are exactly the same. If any one of the one or more files is confirmed to be safe through virus detection, the contents of other files can also be considered safe, and virus detection does not need to be repeated for other files; therefore, according to the target The historical virus detection information corresponding to the file fingerprint determines whether to perform virus detection on the target file. This can avoid repeated virus detection on file contents that have already undergone virus detection while ensuring data security, thereby saving network bandwidth overhead and saving money. It shortens virus detection time and improves virus detection efficiency; in addition, when an online virus detection task is triggered, users can open the target file in time, improving the read and write performance of the storage system.
作为一个示例,以索引库中与目标文件指纹对应的病毒检测的历史信息包括是否经历过病毒检测为例;例如,可以以目标文件指纹为key在索引库中进行查询,获取目标文件指纹对应的病毒检测的历史信息中是否存在“已扫描”的标记,从而判断目标文件的内容是否经历过病毒检测。如果索引库中目标文件指纹对应的病毒检测的历史信息中没有“已扫描”的标记,则代表目标文件的内容没有经历过病毒检测,则确定对目标文件进行病毒检测,并向目标防病毒系统发送对目标文件进行病毒检测的请求。如果索引库中目标文件指纹对应的病毒检测的历史信息中存在“已扫描”的标记,代表目标文件的内容已经进行过病毒检测并确认没有病毒,则确定不对目标文件进行病毒检测。As an example, take the historical information of virus detection corresponding to the fingerprint of the target file in the index database, including whether it has experienced virus detection; for example, you can use the fingerprint of the target file as the key to query in the index database to obtain the fingerprint corresponding to the target file. Whether there is a "scanned" mark in the history information of virus detection to determine whether the content of the target file has undergone virus detection. If there is no "scanned" mark in the historical virus detection information corresponding to the fingerprint of the target file in the index database, it means that the content of the target file has not experienced virus detection. Then it is determined to perform virus detection on the target file and report it to the target anti-virus system. Sends a request for virus detection of the target file. If there is a "scanned" mark in the historical virus detection information corresponding to the fingerprint of the target file in the index database, it means that the content of the target file has been tested for viruses and confirmed to be free of viruses, and it is determined that the target file will not be tested for viruses.
作为一个示例,以索引库中与目标文件指纹对应的病毒检测的历史信息包括病毒检测的时间为例;例如,可以以目标文件指纹为key在索引库中进行查询,获取目标文件指纹对应病毒检测的时间;如果目标文件指纹对应的病毒检测时间与当前时刻的间隔超过了预设时间 间隔,则确定对目标文件进行病毒检测,并向目标防病毒系统发送对目标文件进行病毒检测的请求。如果目标文件指纹对应的病毒检测时间与当前时刻的间隔未超过预设时间间隔,则确定不对目标文件进行病毒检测。As an example, take the historical information of virus detection corresponding to the fingerprint of the target file in the index database, including the time of virus detection; for example, you can query the index database using the fingerprint of the target file as the key to obtain the virus detection corresponding to the fingerprint of the target file. time; if the interval between the virus detection time corresponding to the target file fingerprint and the current time exceeds the preset time interval, determine to perform virus detection on the target file, and send a request to perform virus detection on the target file to the target anti-virus system. If the interval between the virus detection time corresponding to the fingerprint of the target file and the current time does not exceed the preset time interval, it is determined that the target file will not be tested for viruses.
作为另一个示例,以索引库中与目标文件指纹对应的病毒检测的历史信息包括执行病毒检测的防病毒系统的配置信息为例;例如,可以以目标文件指纹为key在索引库中进行查询,获取目标文件指纹对应的执行病毒检测的防病毒系统的配置信息,如果目标文件指纹对应的执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息不同,则确定对目标文件进行病毒检测,并向目标防病毒系统发送对目标文件进行病毒检测的请求。如果目标文件指纹对应的执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息相同,则可以确定不对目标文件进行病毒检测。As another example, take the historical information of virus detection corresponding to the target file fingerprint in the index database, including the configuration information of the anti-virus system that performs virus detection; for example, the target file fingerprint can be used as the key to query in the index database, Obtain the configuration information of the anti-virus system that performs virus detection corresponding to the fingerprint of the target file. If the configuration information of the anti-virus system that performs virus detection corresponding to the fingerprint of the target file is different from the configuration information of the target anti-virus system, it is determined that the target file should be infected with viruses. detection, and sends a request to the target antivirus system to perform virus detection on the target file. If the configuration information of the anti-virus system that performs virus detection corresponding to the fingerprint of the target file is the same as the configuration information of the target anti-virus system, it can be determined that the target file will not be detected for viruses.
作为另一个示例,以索引库中与目标文件指纹对应的病毒检测的历史信息包括是否经历过病毒检测、病毒检测时间和执行病毒检测的防病毒系统的配置信息为例;例如,可以以目标文件指纹为key在索引库中进行查询,获取目标文件指纹对应的病毒检测的历史信息中是否存在“已扫描”的标记、目标文件指纹对应的病毒检测时间和目标文件指纹对应的执行病毒检测的防病毒系统的配置信息;如果目标文件指纹对应的病毒检测的历史信息中有“已扫描”的标记、目标文件指纹对应的病毒检测时间与当前时刻的间隔未超过预设时间间隔、且目标文件指纹对应的执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息相同,则确定不对目标文件进行病毒检测;否则,确定对目标文件进行病毒检测,并向目标防病毒系统发送对目标文件进行病毒检测的请求。As another example, take the historical information of virus detection corresponding to the fingerprint of the target file in the index database, including whether it has experienced virus detection, the time of virus detection, and the configuration information of the anti-virus system that performs virus detection; for example, the target file can be The fingerprint is the key to query in the index database to obtain whether there is a "scanned" mark in the historical information of virus detection corresponding to the fingerprint of the target file, the virus detection time corresponding to the fingerprint of the target file, and the anti-virus detection time corresponding to the fingerprint of the target file. Configuration information of the virus system; if the historical information of virus detection corresponding to the target file fingerprint has a "scanned" mark, the interval between the virus detection time corresponding to the target file fingerprint and the current time does not exceed the preset time interval, and the target file fingerprint If the corresponding configuration information of the anti-virus system that performs virus detection is the same as the configuration information of the target anti-virus system, then it is determined not to perform virus detection on the target file; otherwise, it is determined to perform virus detection on the target file, and the target file is sent to the target anti-virus system. File virus detection request.
下面以目标文件对应的病毒检测的历史信息包括目标文件元数据中的病毒检测的历史信息,和,索引库中与目标文件的文件指纹对应的病毒检测的历史信息为例,对本申请实施例中病毒检测方法进行说明。The following takes the historical information of virus detection corresponding to the target file, including the historical information of virus detection in the metadata of the target file, and the historical information of virus detection corresponding to the file fingerprint of the target file in the index database as an example. In the embodiment of the present application, Virus detection methods are explained.
图7示出根据本申请一实施例的一种病毒检测方法的流程图。示例性地,该方法可以由上述图1中防病毒单元执行。如图7所示,该病毒检测方法包括:Figure 7 shows a flow chart of a virus detection method according to an embodiment of the present application. Illustratively, this method can be executed by the anti-virus unit in Figure 1 above. As shown in Figure 7, the virus detection method includes:
S701、在目标文件元数据中,读取目标文件对应的病毒检测的历史信息。S701. In the target file metadata, read the historical information of virus detection corresponding to the target file.
该步骤与上述图5中步骤S501相同,在此不再赘述。This step is the same as the above-mentioned step S501 in Figure 5 and will not be described again.
S702、在目标文件元数据中的病毒检测的历史信息不满足第一预设条件的情况下,确定目标文件的目标文件指纹。S702. When the historical information of virus detection in the target file metadata does not meet the first preset condition, determine the target file fingerprint of the target file.
其中,确定目标文件的目标文件指纹的方式可参照上述图6中步骤S601中相关表述。The method of determining the target file fingerprint of the target file may refer to the relevant expressions in step S601 in FIG. 6 above.
在一种可能的实现方式中,还可以在目标文件元数据中的病毒检测的历史信息满足第一预设条件的情况下,确定目标文件的目标文件指纹。例如,目标文件可能长时间未经历病毒检测,为了进一步保证数据安全,仍可以在元数据中记载有“已扫描”的标记情况下,确定目标文件的目标文件指纹,以便进一步判定是否对目标文件进行病毒检测。In a possible implementation, the target file fingerprint of the target file can also be determined when the historical information of virus detection in the target file metadata satisfies the first preset condition. For example, the target file may not have undergone virus detection for a long time. In order to further ensure data security, the target file fingerprint can still be determined when the "scanned" mark is recorded in the metadata, so as to further determine whether the target file has been detected. Get tested for viruses.
其中,第一预设条件可参照前文图2步骤S202中“预设条件”的相关表述,在此不再赘述。For the first preset condition, reference may be made to the relevant expressions of the "preset condition" in step S202 of FIG. 2 , which will not be described again here.
作为一个示例,第一预设条件可以是目标文件元数据中存在“已扫描”的标记,如果目标文件元数据中存在“已扫描”的标记,代表目标文件已经进行过病毒检测并确认没有病毒,可以不对目标文件进行病毒检测;如果目标文件元数据中没有“已扫描”的标记,则在目标文件元数据中,读取目标文件指纹。As an example, the first preset condition may be that there is a "scanned" mark in the target file's metadata. If there is a "scanned" mark in the target file's metadata, it means that the target file has been tested for viruses and is confirmed to be free of viruses. , the target file does not need to be virus detected; if there is no "scanned" mark in the target file metadata, the target file fingerprint is read in the target file metadata.
作为另一个示例,第一预设条件可以是目标文件元数据中记录的病毒检测次数达到预设检测次数,如果目标文件元数据中记录的病毒检测次数达到预设检测次数,可以不对目标文 件进行病毒检测;如果目标文件元数据中记录的病毒检测次数未达到预设检测次数,则可以在目标文件元数据中,读取目标文件指纹。As another example, the first preset condition may be that the number of virus detections recorded in the metadata of the target file reaches the preset number of detections. If the number of virus detections recorded in the metadata of the target file reaches the preset number of detections, the target file may not be detected. Perform virus detection on the file; if the number of virus detections recorded in the target file metadata does not reach the preset number of detections, the target file fingerprint can be read in the target file metadata.
作为另一个示例,第一预设条件可以是目标文件元数据中记录的病毒检测时间与当前时刻的间隔未超过预设时间间隔,如果目标文件元数据中记录的病毒检测时间与当前时刻的间隔未超过预设时间间隔,可以不对目标文件进行病毒检测;如果目标文件元数据中记录病毒检测时间与当前时刻的间隔超过了预设时间间隔,则在目标文件元数据中,读取目标文件指纹。As another example, the first preset condition may be that the interval between the virus detection time recorded in the target file metadata and the current time does not exceed the preset time interval. If the interval between the virus detection time recorded in the target file metadata and the current time is If the preset time interval is not exceeded, the target file does not need to be virus detected; if the interval between the virus detection time recorded in the target file metadata and the current time exceeds the preset time interval, read the target file fingerprint in the target file metadata. .
作为另一个示例,第一预设条件可以是目标文件元数据中记录的执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息相同,如果目标文件元数据中记录的执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息相同,可以不对目标文件进行病毒检测;如果目标文件元数据中记录的执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息不同,则在目标文件元数据中,读取目标文件指纹。As another example, the first preset condition may be that the configuration information of the anti-virus system that performs virus detection recorded in the target file metadata is the same as the configuration information of the target anti-virus system. If the configuration information of the anti-virus system that performs virus detection recorded in the target file metadata If the configuration information of the anti-virus system is the same as the configuration information of the target anti-virus system, the target file does not need to be virus detected; if the configuration information of the anti-virus system that performs virus detection recorded in the target file metadata is different from the configuration information of the target anti-virus system If the information is different, read the target file fingerprint in the target file metadata.
作为另一个示例,第一预设条件可以是目标文件元数据中存在“已扫描”的标记、目标文件元数据中记录的病毒检测时间与当前时刻的间隔未超过预设时间间隔、且目标文件元数据中记录的执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息相同,如果目标文件元数据中有“已扫描”的标记、记录的病毒检测时间与当前时刻的间隔未超过预设时间间隔、且执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息相同,则可以不对目标文件进行病毒检测;否则,则在目标文件元数据中,读取目标文件指纹。As another example, the first preset condition may be that there is a "scanned" mark in the target file metadata, the interval between the virus detection time recorded in the target file metadata and the current moment does not exceed a preset time interval, and the target file The configuration information of the anti-virus system that performs virus detection recorded in the metadata is the same as the configuration information of the target anti-virus system. If there is a "scanned" mark in the target file metadata, and the interval between the recorded virus detection time and the current time is not If the preset time interval exceeds and the configuration information of the anti-virus system that performs virus detection is the same as the configuration information of the target anti-virus system, the target file does not need to be virus detected; otherwise, the target file is read in the target file metadata fingerprint.
S703、根据目标文件指纹,在索引库中选取目标文件指纹对应的病毒检测的历史信息。S703. According to the target file fingerprint, select historical virus detection information corresponding to the target file fingerprint in the index database.
该步骤与上述图6中步骤S602相同,在此不再赘述。This step is the same as step S602 in FIG. 6 and will not be described again.
S704、在目标文件指纹对应的病毒检测的历史信息不满足第二预设条件的情况下,确定对目标文件进行病毒检测。S704. When the historical information of virus detection corresponding to the fingerprint of the target file does not meet the second preset condition, determine to perform virus detection on the target file.
其中,第二预设条件可参照前文图2中步骤S202中“预设条件”的相关表述,在此不再赘述。For the second preset condition, reference may be made to the relevant expressions of the "preset condition" in step S202 in FIG. 2 , which will not be described again here.
在一种可能的实现方式中,在目标文件指纹对应的病毒检测的历史信息满足第二预设条件的情况下,确定不对目标文件进行病毒检测,并更新目标文件元数据中的病毒检测的历史信息。In a possible implementation, when the historical information of virus detection corresponding to the fingerprint of the target file satisfies the second preset condition, it is determined not to perform virus detection on the target file, and the history of virus detection in the metadata of the target file is updated. information.
示例性地,可以根据目标文件指纹对应的病毒检测的历史信息对目标文件元数据中的病毒检测的历史信息进行更新。例如,若目标文件的元数据中没有“已扫描”的标记,而目标文件指纹对应的病毒检测的历史信息中有“已扫描”的标记,则可以在目标文件的元数据中添加“已扫描”的标记。再例如,可以将目标文件的元数据中记录的病毒检测时间更新为目标文件指纹对应的病毒检测时间。目标文件指纹对应的病毒检测的历史信息满足第二预设条件表明目标文件指纹对应的文件内容经历过病毒检测且没有病毒,即目标文件的内容经历过病毒检测且没有病毒,则可以更新目标文件元数据中的病毒检测的历史信息,从而保证目标文件元数据中的病毒检测的历史信息为最新的病毒检测的历史信息,以便下一次触发病毒检测任务时通过目标文件元数据中的病毒检测的历史信息快速确定是否需要对目标文件进行病毒检测,或者是否需要获取目标文件指纹。For example, the historical information of virus detection in the target file metadata may be updated according to the historical information of virus detection corresponding to the fingerprint of the target file. For example, if there is no "scanned" mark in the metadata of the target file, but there is a "scanned" mark in the historical virus detection information corresponding to the fingerprint of the target file, you can add "scanned" to the metadata of the target file. " mark. For another example, the virus detection time recorded in the metadata of the target file can be updated to the virus detection time corresponding to the fingerprint of the target file. If the historical information of virus detection corresponding to the fingerprint of the target file satisfies the second preset condition, indicating that the file content corresponding to the fingerprint of the target file has experienced virus detection and has no virus, that is, the content of the target file has experienced virus detection and has no virus, then the target file can be updated. The historical information of virus detection in the metadata, thereby ensuring that the historical information of virus detection in the target file metadata is the latest historical information of virus detection, so that the next time the virus detection task is triggered, the virus detection in the target file metadata can be passed. Historical information can be used to quickly determine whether the target file needs to be tested for viruses, or whether the target file fingerprint needs to be obtained.
S705、在确定对目标文件进行病毒检测的情况下,向目标防病毒系统发送对目标文件进行病毒检测的请求。S705. When it is determined that the target file is to be detected for viruses, send a request to the target anti-virus system for virus detection on the target file.
该步骤的具体实现过程可参照上述图2中步骤S203的相关表述,在此不再赘述。For the specific implementation process of this step, reference can be made to the relevant expressions of step S203 in Figure 2 above, which will not be described again here.
在一种可能的实现方式中,在执行完上述步骤S705后,还可以获取目标防病毒系统反馈 的对目标文件进行病毒检测的结果;并根据病毒检测的结果,更新目标文件元数据中的病毒检测的历史信息,及索引库中与目标文件的文件指纹对应的病毒检测的历史信息。In a possible implementation, after executing the above step S705, feedback from the target anti-virus system can also be obtained. The result of virus detection on the target file; and based on the result of virus detection, update the historical information of virus detection in the metadata of the target file, and the historical information of virus detection corresponding to the file fingerprint of the target file in the index database.
这样,通过上述步骤S701-S705,根据目标文件元数据中的病毒检测的历史信息和索引库中目标文件指纹对应的病毒检测的历史信息确定是否对目标文件进行病毒检测,可以在保证数据安全的前提下,避免对已经经历过病毒检测的文件内容重复进行病毒检测,从而节约了网络带宽开销,节省了病毒检测时间,提升了病毒检测效率;此外,在触发在线病毒检测任务时,用户可以及时打开目标文件,提高了存储系统的读写性能。In this way, through the above steps S701-S705, it is determined whether to perform virus detection on the target file based on the historical information of virus detection in the target file metadata and the historical information of virus detection corresponding to the fingerprint of the target file in the index database, which can ensure data security. Under the premise, repeated virus detection is avoided on file contents that have already undergone virus detection, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, users can promptly Opening the target file improves the read and write performance of the storage system.
作为一个示例,以病毒检测的历史信息包括是否经历过病毒检测为例。例如,可以读取目标文件元数据中是否有“已扫描”的标记,如果目标文件元数据中没有“已扫描”的标记,则确定目标文件的目标文件指纹,并在索引库中选取目标文件指纹对应的是否经历过病毒检测的信息;如果索引库中目标文件指纹对应的病毒检测的历史信息中没有“已扫描”的标记,则确定对目标文件进行病毒检测,并向目标防病毒系统发送对目标文件进行病毒检测的请求。如果索引库中目标文件指纹对应的病毒检测的历史信息中有“已扫描”的标记,代表目标文件的内容已经进行过病毒检测并确认没有病毒,则确定不对目标文件进行病毒检测;进一步地,可以在目标文件元数据中添加“已扫描”标记。As an example, take the history information of virus detection including whether it has experienced virus detection. For example, you can read whether there is a "scanned" mark in the target file metadata. If there is no "scanned" mark in the target file metadata, determine the target file fingerprint of the target file, and select the target file in the index library. Information about whether the fingerprint corresponds to virus detection; if there is no "scanned" mark in the historical virus detection information corresponding to the fingerprint of the target file in the index database, it is determined that the target file will be virus detected and sent to the target anti-virus system A request to perform virus detection on the target file. If there is a "scanned" mark in the historical virus detection information corresponding to the fingerprint of the target file in the index database, it means that the content of the target file has been tested for viruses and confirmed to be free of viruses, and it is determined that the target file will not be tested for viruses; further, A "scanned" flag can be added to the target file metadata.
作为另一个示例,以病毒检测的历史信息包括病毒检测时间为例。可以在目标文件元数据中读取目标文件的内容所经历的病毒检测时间,如果元数据中记载的病毒检测时间与当前时刻的间隔超过了预设时间间隔,则确定目标文件指纹,并在索引库中选取目标文件指纹对应的病毒检测时间,如果目标文件指纹对应的病毒检测时间与当前时刻的间隔超过了预设时间间隔,则确定对目标文件进行病毒检测,并向目标防病毒系统发送对目标文件进行病毒检测的请求。如果目标文件指纹对应的病毒检测时间与当前时刻的间隔未超过预设时间间隔,则可以确定不对目标文件进行病毒检测;进一步地,可以根据目标文件指纹对应的病毒检测时间更新目标文件元数据中记载的病毒检测时间。As another example, take the historical information of virus detection including the time of virus detection. The virus detection time experienced by the content of the target file can be read in the target file metadata. If the interval between the virus detection time recorded in the metadata and the current moment exceeds the preset time interval, the target file fingerprint is determined and indexed Select the virus detection time corresponding to the fingerprint of the target file from the library. If the interval between the virus detection time corresponding to the fingerprint of the target file and the current time exceeds the preset time interval, it is determined to perform virus detection on the target file and send the target file to the target anti-virus system. A request to perform virus detection on the target file. If the interval between the virus detection time corresponding to the target file fingerprint and the current time does not exceed the preset time interval, it can be determined that the target file will not be virus detected; further, the target file metadata can be updated according to the virus detection time corresponding to the target file fingerprint. Recorded virus detection time.
作为另一个示例,以病毒检测的历史信息包括执行病毒检测的防病毒系统的配置信息为例。可以在目标文件元数据中读取执行病毒检测的防病毒系统的配置信息,如果目标文件元数据中记载的执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息不同,则确定目标文件指纹,并在索引库中选取目标文件指纹对应的执行病毒检测的防病毒系统的配置信息,如果目标文件指纹对应的病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息不同,则确定对目标文件进行病毒检测,并向目标防病毒系统发送对目标文件进行病毒检测的请求。如果目标文件指纹对应的执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息相同,则可以确定不对目标文件进行病毒检测;进一步地,可以根据目标文件指纹对应的执行病毒检测的防病毒系统的配置信息,更新目标文件元数据中记载的执行病毒检测的防病毒系统的配置信息。As another example, take historical information of virus detection including configuration information of an anti-virus system that performs virus detection. The configuration information of the anti-virus system that performs virus detection can be read in the target file metadata. If the configuration information of the anti-virus system that performs virus detection recorded in the target file metadata is different from the configuration information of the target anti-virus system, then OK Target file fingerprint, and select the configuration information of the anti-virus system that performs virus detection corresponding to the target file fingerprint in the index database. If the configuration information of the anti-virus system for virus detection corresponding to the target file fingerprint is different from the configuration information of the target anti-virus system , then it is determined to perform virus detection on the target file, and a request for virus detection on the target file is sent to the target anti-virus system. If the configuration information of the anti-virus system that performs virus detection corresponding to the fingerprint of the target file is the same as the configuration information of the target anti-virus system, it can be determined that the target file will not be detected for viruses; further, the anti-virus system that performs virus detection corresponding to the fingerprint of the target file can be determined. The configuration information of the anti-virus system updates the configuration information of the anti-virus system that performs virus detection recorded in the target file metadata.
作为另一个示例,以病毒检测的历史信息包括是否经历过病毒检测、病毒检测时间和执行病毒检测的防病毒系统的配置信息为例。可以在目标文件元数据中读取是否经历过病毒检测、病毒检测时间和执行病毒检测的防病毒系统的配置信息;如果目标文件元数据中有“已扫描”的标记、病毒检测的时间与当前时刻的间隔未超过预设时间间隔或执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息相同中任一项不满足,则确定目标文件指纹,并在索引库中选取目标文件指纹对应的是否经历过病毒检测的信息、病毒检测时间和执行病毒检测的防病毒系统的配置信息,如果目标文件指纹对应的病毒检测的信息中有“已扫描”的标记、对应的病毒检测的时间与当前时刻的间隔未超过预设时间间隔或对应的执行病 毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息相同中任一项不满足,则确定对目标文件进行病毒检测,并向目标防病毒系统发送对目标文件进行病毒检测的请求。如果目标文件指纹对应的病毒检测的信息中有“已扫描”的标记、对应的病毒检测的时间与当前时刻的间隔未超过预设时间间隔且对应的执行病毒检测的防病毒系统的配置信息与目标防病毒系统的配置信息相同,则可以确定不对目标文件进行病毒检测;进一步地,可以在目标文件的元数据中添加“已扫描”的标记,并根据目标文件指纹对应的的病毒检测的时间及对应的执行病毒检测的防病毒系统的配置信息更新目标文件元数据中病毒检测时间和执行病毒检测的防病毒系统的配置信息。As another example, take the historical information of virus detection including whether it has experienced virus detection, the time of virus detection, and the configuration information of the anti-virus system that performs virus detection. You can read in the target file metadata whether it has experienced virus detection, the virus detection time, and the configuration information of the anti-virus system that performs virus detection; if there is a "scanned" mark in the target file metadata, the time of virus detection and the current If the time interval does not exceed the preset time interval or the configuration information of the anti-virus system that performs virus detection is the same as the configuration information of the target anti-virus system, determine the fingerprint of the target file and select the target file in the index library. The fingerprint corresponds to the information about whether it has experienced virus detection, the virus detection time and the configuration information of the anti-virus system that performs virus detection. If the virus detection information corresponding to the fingerprint of the target file has a "scanned" mark, the corresponding virus detection The interval between time and the current moment does not exceed the preset time interval or the corresponding execution error If the configuration information of the anti-virus system for virus detection is the same as the configuration information of the target anti-virus system and any one of them is not satisfied, then it is determined to perform virus detection on the target file and a request to perform virus detection on the target file is sent to the target anti-virus system. If the virus detection information corresponding to the target file fingerprint has a "scanned" mark, the interval between the corresponding virus detection time and the current time does not exceed the preset time interval, and the corresponding configuration information of the antivirus system that performs virus detection is the same as If the configuration information of the target anti-virus system is the same, it can be determined that the target file will not be virus detected; further, a "scanned" mark can be added to the metadata of the target file, and the virus detection time corresponding to the fingerprint of the target file can be and the corresponding configuration information of the anti-virus system that performs virus detection, and updates the virus detection time and the configuration information of the anti-virus system that performs virus detection in the target file metadata.
基于上述方法实施例的同一发明构思,本申请的实施例还提供了一种病毒检测装置,该病毒检测装置可以用于执行上述方法实施例所描述的技术方案。例如,可以执行上述图2、图5、图6或图7中所示方法的各步骤。Based on the same inventive concept of the above method embodiments, embodiments of the present application also provide a virus detection device, which can be used to implement the technical solution described in the above method embodiments. For example, each step of the method shown in FIG. 2, FIG. 5, FIG. 6 or FIG. 7 can be performed.
图8示出根据本申请一实施例的一种病毒检测装置的结构示意图。如图8所示,所述装置包括:获取模块801,用于获取存储系统中目标文件对应的病毒检测的历史信息;其中,所述病毒检测的历史信息包括:是否经历过病毒检测、病毒检测次数、病毒检测时间、执行病毒检测的防病毒系统的配置信息中的至少一项;确定模块802,用于根据所述目标文件对应的病毒检测的历史信息,确定是否对所述目标文件进行病毒检测;请求模块803,用于在确定对所述目标文件进行病毒检测的情况下,向目标防病毒系统发送对所述目标文件进行病毒检测的请求。Figure 8 shows a schematic structural diagram of a virus detection device according to an embodiment of the present application. As shown in Figure 8, the device includes: an acquisition module 801, used to obtain historical information of virus detection corresponding to the target file in the storage system; wherein the historical information of virus detection includes: whether it has experienced virus detection, virus detection At least one of the number of times, virus detection time, and configuration information of the anti-virus system that performs virus detection; the determination module 802 is used to determine whether to perform virus detection on the target file based on the historical information of virus detection corresponding to the target file. Detection; request module 803, configured to send a request for virus detection to the target anti-virus system to the target anti-virus system when it is determined to perform virus detection on the target file.
本申请实施例,目标文件对应的病毒检测的历史信息可以表征目标文件的内容所经历的病毒检测的相关信息;根据目标文件对应的病毒检测的历史信息确定是否对目标文件进行病毒检测,可以在保证数据安全的前提下,避免对已经进行过病毒检测的文件内容重复进行病毒检测,从而节约了网络带宽开销,节省了病毒检测时间,提升了病毒检测效率;此外,在触发在线病毒检测任务时,用户可以及时打开目标文件,提高了存储系统的读写性能。In the embodiment of the present application, the historical information of virus detection corresponding to the target file can represent the relevant information of virus detection experienced by the content of the target file; determining whether to perform virus detection on the target file based on the historical information of virus detection corresponding to the target file can be performed in Under the premise of ensuring data security, it avoids repeated virus detection on file contents that have been virus tested, thereby saving network bandwidth overhead, saving virus detection time, and improving virus detection efficiency; in addition, when an online virus detection task is triggered, , the user can open the target file in time, which improves the read and write performance of the storage system.
在一种可能的实现方式中,所述目标文件对应的病毒检测的历史信息包括所述目标文件元数据中的病毒检测的历史信息,和/或,索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;其中,所述索引库中包括至少一个文件指纹及所述至少一个文件指纹对应的病毒检测的历史信息,所述至少一个文件指纹与所述存储系统中的一个或多个文件相关联,所述至少一个文件指纹对应的病毒检测的历史信息包括与所述至少一个文件指纹相关联的各文件对应的病毒检测的历史信息中最新的历史信息。In a possible implementation, the historical information of virus detection corresponding to the target file includes the historical information of virus detection in the metadata of the target file, and/or the file fingerprint corresponding to the target file in the index database. Corresponding historical information of virus detection; wherein the index library includes at least one file fingerprint and historical information of virus detection corresponding to the at least one file fingerprint, and the at least one file fingerprint is consistent with one or more of the storage systems. Multiple files are associated, and the historical information of virus detection corresponding to the at least one file fingerprint includes the latest historical information among the historical information of virus detection corresponding to each file associated with the at least one file fingerprint.
在一种可能的实现方式中,所述目标文件对应的病毒检测的历史信息包括:所述目标文件元数据中的病毒检测的历史信息;所述获取模块801,还用于在所述目标文件元数据中,读取所述目标文件对应的病毒检测的历史信息。In a possible implementation, the historical information of virus detection corresponding to the target file includes: the historical information of virus detection in the metadata of the target file; the acquisition module 801 is also configured to In the metadata, read the historical information of virus detection corresponding to the target file.
在一种可能的实现方式中,所述目标文件对应的病毒检测的历史信息包括:索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;所述获取模块801,还用于:确定所述目标文件的目标文件指纹;根据所述目标文件指纹,在所述索引库中选取所述目标文件指纹对应的病毒检测的历史信息。In a possible implementation, the historical information of virus detection corresponding to the target file includes: the historical information of virus detection corresponding to the file fingerprint of the target file in the index database; the acquisition module 801 is also used to : Determine the target file fingerprint of the target file; select the historical information of virus detection corresponding to the target file fingerprint in the index database according to the target file fingerprint.
在一种可能的实现方式中,所述目标文件对应的病毒检测的历史信息包括:所述目标文件元数据中的病毒检测的历史信息,和,所述索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;所述确定模块802,还用于:在所述目标文件元数据中的病毒检测的历史信息不满足第一预设条件的情况下,确定所述目标文件的目标文件指纹;根据所述目标文件指纹,在所述索引库中选取所述目标文件指纹对应的病毒检测的历史信息;在所述目标文 件指纹对应的病毒检测的历史信息不满足第二预设条件的情况下,确定对所述目标文件进行病毒检测。In a possible implementation, the historical information of virus detection corresponding to the target file includes: the historical information of virus detection in the metadata of the target file, and files in the index database that are related to the target file. The historical information of virus detection corresponding to the fingerprint; the determination module 802 is also used to: determine the historical information of virus detection in the target file metadata when the historical information of virus detection does not meet the first preset condition. Target file fingerprint; select the historical information of virus detection corresponding to the target file fingerprint in the index database according to the target file fingerprint; select the target file fingerprint in the index database; If the historical virus detection information corresponding to the file fingerprint does not meet the second preset condition, it is determined to perform virus detection on the target file.
在一种可能的实现方式中,所述装置还包括:结果反馈模块,用于获取所述目标防病毒系统反馈的对所述目标文件进行病毒检测的结果;更新模块,用于根据所述病毒检测的结果,更新所述目标文件对应的病毒检测的历史信息。In a possible implementation, the device further includes: a result feedback module, used to obtain the result of virus detection of the target file as fed back by the target anti-virus system; and an update module, used to detect the virus according to the Based on the detection results, the historical information of virus detection corresponding to the target file is updated.
在一种可能的实现方式中,所述装置还包括:元数据更新模块,在所述目标文件指纹对应的病毒检测的历史信息满足第二预设条件的情况下,确定不对所述目标文件进行病毒检测,并更新所述目标文件元数据中的病毒检测的历史信息。In a possible implementation, the device further includes: a metadata update module, which determines not to perform the virus detection on the target file when the historical information of virus detection corresponding to the fingerprint of the target file satisfies the second preset condition. Virus detection and updating the historical virus detection information in the target file metadata.
上述图8所示的病毒检测装置及其各种可能的实现方式的技术效果及具体描述可参见上述病毒检索方法的相关表述,此处不再赘述。The technical effects and specific descriptions of the virus detection device shown in Figure 8 and its various possible implementations can be found in the relevant expressions of the virus retrieval method above, and will not be described again here.
应理解以上病毒检测装置中各模块的划分仅是一种逻辑功能的划分,实际实现时可以全部或部分集成到一个物理实体上,也可以物理上分开。此外,装置中的模块可以以处理器调用软件的形式实现;例如装置包括处理器,处理器与存储器连接,存储器中存储有指令,处理器调用存储器中存储的指令,以实现以上任一种方法或实现该装置各模块的功能,其中处理器例如为通用处理器,例如中央处理单元(Central Processing Unit,CPU)或微处理器,存储器为装置内的存储器或装置外的存储器。或者,装置中的模块可以以硬件电路的形式实现,可以通过对硬件电路的设计实现部分或全部模块的功能,该硬件电路可以理解为一个或多个处理器;例如,在一种实现中,该硬件电路为专用集成电路(application-specific integrated circuit,ASIC),通过对电路内元件逻辑关系的设计,实现以上部分或全部模块的功能;再如,在另一种实现中,该硬件电路为可以通过可编程逻辑器件(programmable logic device,PLD)实现,以现场可编程门阵列(Field Programmable Gate Array,FPGA)为例,其可以包括大量逻辑门电路,通过配置文件来配置逻辑门电路之间的连接关系,从而实现以上部分或全部模块的功能。以上装置的所有模块可以全部通过处理器调用软件的形式实现,或全部通过硬件电路的形式实现,或部分通过处理器调用软件的形式实现,剩余部分通过硬件电路的形式实现。It should be understood that the above division of modules in the virus detection device is only a division of logical functions. In actual implementation, they can be fully or partially integrated into a physical entity, or they can also be physically separated. In addition, the modules in the device can be implemented in the form of the processor calling software; for example, the device includes a processor, the processor is connected to a memory, instructions are stored in the memory, and the processor calls the instructions stored in the memory to implement any of the above methods. Or realize the functions of each module of the device, where the processor is, for example, a general-purpose processor, such as a central processing unit (Central Processing Unit, CPU) or a microprocessor, and the memory is a memory within the device or a memory outside the device. Alternatively, the modules in the device can be implemented in the form of hardware circuits, and some or all of the module functions can be implemented through the design of the hardware circuits, which can be understood as one or more processors; for example, in one implementation, The hardware circuit is an application-specific integrated circuit (ASIC). Through the design of the logical relationship of the components in the circuit, the functions of some or all of the above modules are realized; for another example, in another implementation, the hardware circuit is It can be realized by programmable logic device (PLD), taking Field Programmable Gate Array (FPGA) as an example, which can include a large number of logic gate circuits, and the logic gate circuits are configured through configuration files. connection relationships to realize the functions of some or all of the above modules. All modules of the above device may be fully implemented by the processor calling software, or all may be implemented by hardware circuits, or part of the modules may be implemented by the processor calling software, and the remaining part may be implemented by hardware circuits.
在本申请实施例中,处理器是一种具有信号的处理能力的电路,在一种实现中,处理器可以是具有指令读取与运行能力的电路,例如CPU、微处理器、图形处理器(graphics processing unit,GPU)、数字信号处理器(digital signal processor,DSP)、神经网络处理器(neural-network processing unit,NPU)、张量处理器(tensor processing unit,TPU)等;在另一种实现中,处理器可以通过硬件电路的逻辑关系实现一定功能,该硬件电路的逻辑关系是固定的或可以重构的,例如处理器为ASIC或PLD实现的硬件电路,例如FPGA。在可重构的硬件电路中,处理器加载配置文档,实现硬件电路配置的过程,可以理解为处理器加载指令,以实现以上部分或全部模块的功能的过程。In the embodiment of the present application, the processor is a circuit with signal processing capabilities. In one implementation, the processor may be a circuit with instruction reading and execution capabilities, such as a CPU, a microprocessor, and a graphics processor. (graphics processing unit, GPU), digital signal processor (digital signal processor, DSP), neural network processing unit (NPU), tensor processing unit (TPU), etc.; in another In this implementation, the processor can realize certain functions through the logical relationship of the hardware circuit. The logical relationship of the hardware circuit is fixed or can be reconstructed. For example, the processor is a hardware circuit implemented by ASIC or PLD, such as FPGA. In a reconfigurable hardware circuit, the process of the processor loading the configuration file and realizing the hardware circuit configuration can be understood as the process of the processor loading instructions to realize the functions of some or all of the above modules.
可见,以上装置中的各模块可以是被配置成实施以上实施例方法的一个或多个处理器(或处理电路),例如:CPU、GPU、NPU、TPU、微处理器、DSP、ASIC、FPGA,或这些处理器形式中至少两种的组合。此外,以上装置中的各模块可以全部或部分可以集成在一起,或者可以独立实现,对此不作限定。It can be seen that each module in the above device can be one or more processors (or processing circuits) configured to implement the methods of the above embodiments, such as: CPU, GPU, NPU, TPU, microprocessor, DSP, ASIC, FPGA , or a combination of at least two of these processor forms. In addition, all or part of the modules in the above device may be integrated together, or may be implemented independently, which is not limited.
作为一个示例,病毒检测装置可以是独立设置,也可以集成在其他装置中,还可以是通过软件或者软件与硬件结合实现。例如,病毒检测装置可以为图1中的防病毒单元,可以集成在上述图1中存储系统10中。As an example, the virus detection device can be set up independently, can be integrated in other devices, or can be implemented through software or a combination of software and hardware. For example, the virus detection device can be the anti-virus unit in Figure 1 and can be integrated into the storage system 10 in Figure 1 above.
作为另一个示例,病毒检测装置还可以为具有数据处理能力的设备或系统,或设置在这 些设备或系统中的部件或者芯片。例如,病毒检测装置可以是集成存储管理平台(Integrated Storage Management,DEVICE MANAGER)、云端服务器、台式机、便携式电脑、网络服务器、服务集群、掌上电脑(personal digital assistant,PDA)、移动手机、平板电脑、无线终端设备、嵌入式设备、医疗设备或其他具有数据处理功能的设备,或者为这些设备内的部件或者芯片。As another example, the virus detection device may also be a device or system with data processing capabilities, or may be provided in components or chips in some devices or systems. For example, the virus detection device can be an integrated storage management platform (Integrated Storage Management, DEVICE MANAGER), cloud server, desktop computer, portable computer, network server, service cluster, personal digital assistant (PDA), mobile phone, tablet computer , wireless terminal equipment, embedded equipment, medical equipment or other equipment with data processing functions, or components or chips in these equipment.
本申请的实施例还提供了一种电子设备,包括:处理器;用于存储处理器可执行指令的存储器;其中,所述处理器被配置为执行所述指令时实现上述实施例的方法。示例性地,可以执行上述图2、图5、图6或图7中所示方法的各步骤。An embodiment of the present application also provides an electronic device, including: a processor; a memory for storing instructions executable by the processor; wherein the processor is configured to implement the method of the above embodiment when executing the instructions. For example, each step of the method shown in FIG. 2, FIG. 5, FIG. 6 or FIG. 7 can be performed.
图9示出根据本申请一实施例的一种电子设备的结构示意图,如图9所示,该电子设备可以包括:至少一个处理器901,通信线路902,存储器903以及至少一个通信接口904。Figure 9 shows a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in Figure 9, the electronic device may include: at least one processor 901, a communication line 902, a memory 903 and at least one communication interface 904.
处理器901可以是一个通用中央处理器,微处理器,特定应用集成电路,或一个或多个用于控制本申请方案程序执行的集成电路;处理器901也可以包括多个通用处理器的异构运算架构,例如,可以是CPU、GPU、微处理器、DSP、ASIC、FPGA中至少两种的组合;作为一个示例,处理器901可以是CPU+GPU或者CPU+ASIC或者CPU+FPGA。The processor 901 can be a general central processing unit, a microprocessor, an application-specific integrated circuit, or one or more integrated circuits used to control the execution of the program of the present application; the processor 901 can also include multiple general-purpose processors. The structural computing architecture, for example, can be a combination of at least two of CPU, GPU, microprocessor, DSP, ASIC, and FPGA; as an example, the processor 901 can be CPU+GPU or CPU+ASIC or CPU+FPGA.
通信线路902可包括一通路,在上述组件之间传送信息。Communication line 902 may include a path that carries information between the above-mentioned components.
通信接口904,使用任何收发器一类的装置,用于与其他设备或通信网络通信,如以太网,RAN,无线局域网(wireless local area networks,WLAN)等。The communication interface 904 uses any device such as a transceiver to communicate with other devices or communication networks, such as Ethernet, RAN, wireless local area networks (WLAN), etc.
存储器903可以是只读存储器(read-only memory,ROM)或可存储静态信息和指令的其他类型的静态存储设备,随机存取存储器(random access memory,RAM)或者可存储信息和指令的其他类型的动态存储设备,也可以是电可擦可编程只读存储器(electrically erasable programmable read-only memory,EEPROM)、只读光盘(compact disc read-only memory,CD-ROM)或其他光盘存储、光碟存储(包括压缩光碟、激光碟、光碟、数字通用光碟、蓝光光碟等)、磁盘存储介质或者其他磁存储设备、或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质,但不限于此。存储器可以是独立存在,通过通信线路902与处理器相连接。存储器也可以和处理器集成在一起。本申请实施例提供的存储器通常可以具有非易失性。其中,存储器903用于存储执行本申请方案的计算机执行指令,并由处理器901来控制执行。处理器901用于执行存储器903中存储的计算机执行指令,从而实现本申请上述实施例中提供的方法;示例性地,可以执行上述图2、图5、图6或图7中所示方法的各步骤。The memory 903 may be a read-only memory (ROM) or other type of static storage device that can store static information and instructions, a random access memory (random access memory (RAM)) or other type that can store information and instructions. A dynamic storage device can also be an electrically erasable programmable read-only memory (EEPROM), a compact disc read-only memory (CD-ROM) or other optical disk storage, optical disc storage (including compressed optical discs, laser discs, optical discs, digital versatile discs, Blu-ray discs, etc.), disk storage media or other magnetic storage devices, or can be used to carry or store desired program code in the form of instructions or data structures and can be used by a computer Any other medium for access, but not limited to this. The memory may exist independently and be connected to the processor through a communication line 902 . Memory can also be integrated with the processor. The memory provided by the embodiment of the present application may generally be non-volatile. Among them, the memory 903 is used to store computer execution instructions for executing the solution of the present application, and is controlled by the processor 901 for execution. The processor 901 is used to execute computer execution instructions stored in the memory 903, thereby implementing the methods provided in the above embodiments of the application; for example, the method shown in the above-mentioned Figure 2, Figure 5, Figure 6 or Figure 7 can be executed. Each step.
可选的,本申请实施例中的计算机执行指令也可以称之为应用程序代码,本申请实施例对此不作具体限定。Optionally, the computer-executed instructions in the embodiments of the present application may also be called application codes, which are not specifically limited in the embodiments of the present application.
示例性地,处理器901可以包括一个或多个CPU,例如,图9中的CPU0;处理器901也可以包括一个CPU,及GPU、ASIC、FPGA中任一个,例如,图9中的CPU0+GPU0或者CPU 0+ASIC0或者CPU0+FPGA0。For example, the processor 901 may include one or more CPUs, for example, CPU0 in Figure 9; the processor 901 may also include one CPU, and any one of GPU, ASIC, and FPGA, for example, CPU0+ in Figure 9 GPU0 or CPU 0+ASIC0 or CPU0+FPGA0.
示例性地,电子设备可以包括多个处理器,例如图9中的处理器901和处理器907。这些处理器中的每一个可以是一个单核(single-CPU)处理器,也可以是一个多核(multi-CPU)处理器,或者是包括多个通用处理器的异构运算架构。这里的处理器可以指一个或多个设备、电路、和/或用于处理数据(例如计算机程序指令)的处理核。By way of example, the electronic device may include multiple processors, such as processor 901 and processor 907 in FIG. 9 . Each of these processors can be a single-CPU processor, a multi-CPU processor, or a heterogeneous computing architecture including multiple general-purpose processors. A processor here may refer to one or more devices, circuits, and/or processing cores for processing data (eg, computer program instructions).
在具体实现中,作为一种实施例,电子设备还可以包括输出设备905和输入设备906。输出设备905和处理器901通信,可以以多种方式来显示信息。例如,输出设备905可以是液晶显示器(liquid crystal display,LCD),发光二级管(light emitting diode,LED) 显示设备,阴极射线管(cathode ray tube,CRT)显示设备,或投影仪(projector)等,例如,可以为车载HUD、AR-HUD、显示器等显示设备。输入设备906和处理器901通信,可以以多种方式接收用户的输入。例如,输入设备906可以是鼠标、键盘、触摸屏设备或传感设备等。In specific implementation, as an embodiment, the electronic device may also include an output device 905 and an input device 906. The output device 905 communicates with the processor 901 and can display information in a variety of ways. For example, the output device 905 may be a liquid crystal display (LCD), a light emitting diode (LED) The display device may be a cathode ray tube (CRT) display device, a projector, etc., for example, it may be a display device such as a vehicle-mounted HUD, AR-HUD, or monitor. Input device 906 communicates with processor 901 and can receive user input in a variety of ways. For example, the input device 906 may be a mouse, a keyboard, a touch screen device, a sensing device, or the like.
本申请的实施例提供了一种计算机可读存储介质,其上存储有计算机程序指令,所述计算机程序指令被处理器执行时实现上述实施例中的方法。示例性地,可以实现上述图2、图5、图6或图7中所示方法的各步骤。Embodiments of the present application provide a computer-readable storage medium on which computer program instructions are stored. When the computer program instructions are executed by a processor, the methods in the above embodiments are implemented. For example, each step of the method shown in FIG. 2, FIG. 5, FIG. 6 or FIG. 7 can be implemented.
本申请的实施例提供了一种计算机程序产品,例如,可以包括计算机可读代码,或者承载有计算机可读代码的非易失性计算机可读存储介质;当所述计算机程序产品在计算机上运行时,使得所述计算机执行上述实施例中的方法。示例性地,可以实现上述图2、图5、图6或图7中所示方法的各步骤。Embodiments of the present application provide a computer program product, which may, for example, include computer readable code, or a non-volatile computer readable storage medium carrying computer readable code; when the computer program product is run on a computer When, the computer is caused to execute the method in the above embodiment. For example, each step of the method shown in FIG. 2, FIG. 5, FIG. 6 or FIG. 7 can be implemented.
计算机可读存储介质可以是可以保持和存储由指令执行设备使用的指令的有形设备。计算机可读存储介质例如可以是――但不限于――电存储设备、磁存储设备、光存储设备、电磁存储设备、半导体存储设备或者上述的任意合适的组合。计算机可读存储介质的更具体的例子(非穷举的列表)包括:便携式计算机盘、硬盘、随机存取存储器(RAM)、只读存储器(ROM)、可擦式可编程只读存储器(EPROM或闪存)、静态随机存取存储器(SRAM)、便携式压缩盘只读存储器(CD-ROM)、数字多功能盘(DVD)、记忆棒、软盘、机械编码设备、例如其上存储有指令的打孔卡或凹槽内凸起结构、以及上述的任意合适的组合。这里所使用的计算机可读存储介质不被解释为瞬时信号本身,诸如无线电波或者其他自由传播的电磁波、通过波导或其他传输媒介传播的电磁波(例如,通过光纤电缆的光脉冲)、或者通过电线传输的电信号。Computer-readable storage media may be tangible devices that can retain and store instructions for use by an instruction execution device. The computer-readable storage medium may be, for example, but not limited to, an electrical storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the above. More specific examples (non-exhaustive list) of computer-readable storage media include: portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM) or Flash memory), Static Random Access Memory (SRAM), Compact Disk Read Only Memory (CD-ROM), Digital Versatile Disk (DVD), Memory Stick, Floppy Disk, Mechanical Coding Device, such as a printer with instructions stored on it. Protruding structures in hole cards or grooves, and any suitable combination of the above. As used herein, computer-readable storage media are not to be construed as transient signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (e.g., light pulses through fiber optic cables), or through electrical wires. transmitted electrical signals.
这里所描述的计算机可读程序指令可以从计算机可读存储介质下载到各个计算/处理设备,或者通过网络、例如因特网、局域网、广域网和/或无线网下载到外部计算机或外部存储设备。网络可以包括铜传输电缆、光纤传输、无线传输、路由器、防火墙、交换机、网关计算机和/或边缘服务器。每个计算/处理设备中的网络适配卡或者网络接口从网络接收计算机可读程序指令,并转发该计算机可读程序指令,以供存储在各个计算/处理设备中的计算机可读存储介质中。Computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to various computing/processing devices, or to an external computer or external storage device over a network, such as the Internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers, and/or edge servers. A network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage on a computer-readable storage medium in the respective computing/processing device .
用于执行本申请操作的计算机程序指令可以是汇编指令、指令集架构(ISA)指令、机器指令、机器相关指令、微代码、固件指令、状态设置数据、或者以一种或多种编程语言的任意组合编写的源代码或目标代码,所述编程语言包括面向对象的编程语言—诸如Smalltalk、C++等,以及常规的过程式编程语言—诸如“C”语言或类似的编程语言。计算机可读程序指令可以完全地在用户计算机上执行、部分地在用户计算机上执行、作为一个独立的软件包执行、部分在用户计算机上部分在远程计算机上执行、或者完全在远程计算机或服务器上执行。在涉及远程计算机的情形中,远程计算机可以通过任意种类的网络—包括局域网(LAN)或广域网(WAN)—连接到用户计算机,或者,可以连接到外部计算机(例如利用因特网服务提供商来通过因特网连接)。在一些实施例中,通过利用计算机可读程序指令的状态信息来个性化定制电子电路,例如可编程逻辑电路、现场可编程门阵列(FPGA)或可编程逻辑阵列(PLA),该电子电路可以执行计算机可读程序指令,从而实现本申请的各个方面。Computer program instructions for performing the operations of this application may be assembly instructions, instruction set architecture (ISA) instructions, machine instructions, machine-related instructions, microcode, firmware instructions, state setting data, or instructions in one or more programming languages. Source code or object code written in any combination of object-oriented programming languages - such as Smalltalk, C++, etc., and conventional procedural programming languages - such as the "C" language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server implement. In situations involving remote computers, the remote computer can be connected to the user's computer through any kind of network, including a local area network (LAN) or a wide area network (WAN), or it can be connected to an external computer (such as an Internet service provider through the Internet). connect). In some embodiments, by utilizing state information of computer-readable program instructions to personalize an electronic circuit, such as a programmable logic circuit, a field programmable gate array (FPGA), or a programmable logic array (PLA), the electronic circuit can Computer readable program instructions are executed to implement various aspects of the application.
这里参照根据本申请实施例的方法、装置(系统)和计算机程序产品的流程图和/或框图描述了本申请的各个方面。应当理解,流程图和/或框图的每个方框以及流程图和/或框图中各方框的组合,都可以由计算机可读程序指令实现。 Various aspects of the present application are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
这些计算机可读程序指令可以提供给通用计算机、专用计算机或其它可编程数据处理装置的处理器,从而生产出一种机器,使得这些指令在通过计算机或其它可编程数据处理装置的处理器执行时,产生了实现流程图和/或框图中的一个或多个方框中规定的功能/动作的装置。也可以把这些计算机可读程序指令存储在计算机可读存储介质中,这些指令使得计算机、可编程数据处理装置和/或其他设备以特定方式工作,从而,存储有指令的计算机可读介质则包括一个制造品,其包括实现流程图和/或框图中的一个或多个方框中规定的功能/动作的各个方面的指令。These computer-readable program instructions may be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing apparatus, thereby producing a machine that, when executed by the processor of the computer or other programmable data processing apparatus, , resulting in an apparatus that implements the functions/actions specified in one or more blocks in the flowchart and/or block diagram. These computer-readable program instructions can also be stored in a computer-readable storage medium. These instructions cause the computer, programmable data processing device and/or other equipment to work in a specific manner. Therefore, the computer-readable medium storing the instructions includes An article of manufacture that includes instructions that implement aspects of the functions/acts specified in one or more blocks of the flowcharts and/or block diagrams.
也可以把计算机可读程序指令加载到计算机、其它可编程数据处理装置、或其它设备上,使得在计算机、其它可编程数据处理装置或其它设备上执行一系列操作步骤,以产生计算机实现的过程,从而使得在计算机、其它可编程数据处理装置、或其它设备上执行的指令实现流程图和/或框图中的一个或多个方框中规定的功能/动作。Computer-readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other equipment, causing a series of operating steps to be performed on the computer, other programmable data processing apparatus, or other equipment to produce a computer-implemented process , thereby causing instructions executed on a computer, other programmable data processing apparatus, or other equipment to implement the functions/actions specified in one or more blocks in the flowcharts and/or block diagrams.
附图中的流程图和框图显示了根据本申请的多个实施例的系统、方法和计算机程序产品的可能实现的体系架构、功能和操作。在这点上,流程图或框图中的每个方框可以代表一个模块、程序段或指令的一部分,所述模块、程序段或指令的一部分包含一个或多个用于实现规定的逻辑功能的可执行指令。在有些作为替换的实现中,方框中所标注的功能也可以以不同于附图中所标注的顺序发生。例如,两个连续的方框实际上可以基本并行地执行,它们有时也可以按相反的顺序执行,这依所涉及的功能而定。也要注意的是,框图和/或流程图中的每个方框、以及框图和/或流程图中的方框的组合,可以用执行规定的功能或动作的专用的基于硬件的系统来实现,或者可以用专用硬件与计算机指令的组合来实现。The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods, and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions that embody one or more elements for implementing the specified logical function(s). Executable instructions. In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two consecutive blocks may actually execute substantially in parallel, or they may sometimes execute in the reverse order, depending on the functionality involved. It will also be noted that each block of the block diagram and/or flowchart illustration, and combinations of blocks in the block diagram and/or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts. , or can be implemented using a combination of specialized hardware and computer instructions.
以上已经描述了本申请的各实施例,上述说明是示例性的,并非穷尽性的,并且也不限于所披露的各实施例。在不偏离所说明的各实施例的范围和精神的情况下,对于本技术领域的普通技术人员来说许多修改和变更都是显而易见的。本文中所用术语的选择,旨在最好地解释各实施例的原理、实际应用或对市场中的技术改进,或者使本技术领域的其它普通技术人员能理解本文披露的各实施例。 The embodiments of the present application have been described above. The above description is illustrative, not exhaustive, and is not limited to the disclosed embodiments. Many modifications and variations will be apparent to those skilled in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen to best explain the principles, practical applications, or technical improvements in the market of the embodiments, or to enable other persons of ordinary skill in the art to understand the embodiments disclosed herein.

Claims (16)

  1. 一种病毒检测方法,其特征在于,所述方法包括:A virus detection method, characterized in that the method includes:
    获取存储系统中目标文件对应的病毒检测的历史信息;其中,所述病毒检测的历史信息包括:是否经历过病毒检测、病毒检测次数、病毒检测时间、执行病毒检测的防病毒系统的配置信息中的至少一项;Obtain the historical information of virus detection corresponding to the target file in the storage system; wherein the historical information of virus detection includes: whether it has experienced virus detection, the number of virus detections, the virus detection time, and the configuration information of the anti-virus system that performs virus detection at least one of;
    根据所述目标文件对应的病毒检测的历史信息,确定是否对所述目标文件进行病毒检测;Determine whether to perform virus detection on the target file according to the historical information of virus detection corresponding to the target file;
    在确定对所述目标文件进行病毒检测的情况下,向目标防病毒系统发送对所述目标文件进行病毒检测的请求。When it is determined that the target file is to be tested for viruses, a request to perform virus detection on the target file is sent to the target anti-virus system.
  2. 根据权利要求1所述的方法,其特征在于,所述目标文件对应的病毒检测的历史信息包括所述目标文件元数据中的病毒检测的历史信息,和/或,索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;其中,所述索引库中包括至少一个文件指纹及所述至少一个文件指纹对应的病毒检测的历史信息,所述至少一个文件指纹与所述存储系统中的一个或多个文件相关联,所述至少一个文件指纹对应的病毒检测的历史信息包括与所述至少一个文件指纹相关联的各文件对应的病毒检测的历史信息中最新的历史信息。The method according to claim 1, characterized in that, the historical information of virus detection corresponding to the target file includes the historical information of virus detection in the metadata of the target file, and/or, the historical information of virus detection in the index database is related to the target file. Historical information of virus detection corresponding to the file fingerprint of the file; wherein, the index database includes at least one file fingerprint and historical information of virus detection corresponding to the at least one file fingerprint, and the at least one file fingerprint is consistent with the storage system The historical information of virus detection corresponding to the at least one file fingerprint includes the latest historical information among the historical information of virus detection corresponding to each file associated with the at least one file fingerprint.
  3. 根据权利要求1或2所述的方法,其特征在于,所述目标文件对应的病毒检测的历史信息包括:所述目标文件元数据中的病毒检测的历史信息;The method according to claim 1 or 2, characterized in that the historical information of virus detection corresponding to the target file includes: the historical information of virus detection in the metadata of the target file;
    所述获取目标文件对应的病毒检测的历史信息,包括:在所述目标文件元数据中,读取所述目标文件对应的病毒检测的历史信息。The obtaining the historical information of virus detection corresponding to the target file includes: reading the historical information of virus detection corresponding to the target file in the target file metadata.
  4. 根据权利要求1或2所述的方法,其特征在于,所述目标文件对应的病毒检测的历史信息包括:索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;The method according to claim 1 or 2, characterized in that the historical information of virus detection corresponding to the target file includes: historical information of virus detection corresponding to the file fingerprint of the target file in the index database;
    所述获取目标文件对应的病毒检测的历史信息,包括:The obtaining historical information of virus detection corresponding to the target file includes:
    确定所述目标文件的目标文件指纹;Determine the target file fingerprint of the target file;
    根据所述目标文件指纹,在所述索引库中选取所述目标文件指纹对应的病毒检测的历史信息。According to the target file fingerprint, historical information of virus detection corresponding to the target file fingerprint is selected from the index database.
  5. 根据权利要求3所述的方法,其特征在于,所述目标文件对应的病毒检测的历史信息包括:所述目标文件元数据中的病毒检测的历史信息,和,所述索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;The method according to claim 3, characterized in that the historical information of virus detection corresponding to the target file includes: the historical information of virus detection in the metadata of the target file, and, in the index database, the historical information of virus detection corresponding to the target file. Historical information of virus detection corresponding to the file fingerprint of the target file;
    所述根据所述目标文件对应的病毒检测的历史信息,确定是否对所述目标文件进行病毒检测,包括:Determining whether to perform virus detection on the target file based on the historical information of virus detection corresponding to the target file includes:
    在所述目标文件元数据中的病毒检测的历史信息不满足第一预设条件的情况下,确定所述目标文件的目标文件指纹; When the historical information of virus detection in the target file metadata does not meet the first preset condition, determine the target file fingerprint of the target file;
    根据所述目标文件指纹,在所述索引库中选取所述目标文件指纹对应的病毒检测的历史信息;According to the target file fingerprint, select the historical information of virus detection corresponding to the target file fingerprint in the index database;
    在所述目标文件指纹对应的病毒检测的历史信息不满足第二预设条件的情况下,确定对所述目标文件进行病毒检测。When the historical information of virus detection corresponding to the fingerprint of the target file does not meet the second preset condition, it is determined to perform virus detection on the target file.
  6. 根据权利要求1-5中任一所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1-5, characterized in that the method further includes:
    获取所述目标防病毒系统反馈的对所述目标文件进行病毒检测的结果;Obtain the results of virus detection on the target file fed back by the target anti-virus system;
    根据所述病毒检测的结果,更新所述目标文件对应的病毒检测的历史信息。According to the result of the virus detection, the historical information of virus detection corresponding to the target file is updated.
  7. 根据权利要求5中所述的方法,其特征在于,所述方法还包括:The method according to claim 5, characterized in that the method further includes:
    在所述目标文件指纹对应的病毒检测的历史信息满足第二预设条件的情况下,确定不对所述目标文件进行病毒检测,并更新所述目标文件元数据中的病毒检测的历史信息。When the historical information of virus detection corresponding to the fingerprint of the target file satisfies the second preset condition, it is determined not to perform virus detection on the target file, and the historical information of virus detection in the metadata of the target file is updated.
  8. 一种病毒检测装置,其特征在于,所述装置包括:获取模块,用于获取存储系统中目标文件对应的病毒检测的历史信息;其中,所述病毒检测的历史信息包括:是否经历过病毒检测、病毒检测次数、病毒检测时间、执行病毒检测的防病毒系统的配置信息中的至少一项;确定模块,用于根据所述目标文件对应的病毒检测的历史信息,确定是否对所述目标文件进行病毒检测;请求模块,用于在确定对所述目标文件进行病毒检测的情况下,向目标防病毒系统发送对所述目标文件进行病毒检测的请求。A virus detection device, characterized in that the device includes: an acquisition module for acquiring historical information of virus detection corresponding to the target file in the storage system; wherein the historical information of virus detection includes: whether it has experienced virus detection , at least one of the number of virus detections, the virus detection time, and the configuration information of the anti-virus system that performs virus detection; the determination module is used to determine whether to check the target file based on the historical information of virus detection corresponding to the target file. Perform virus detection; the request module is configured to send a request to the target anti-virus system to perform virus detection on the target file when it is determined that the target file is to be tested for viruses.
  9. 根据权利要求8所述的装置,其特征在于,所述目标文件对应的病毒检测的历史信息包括所述目标文件元数据中的病毒检测的历史信息,和/或,索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;其中,所述索引库中包括至少一个文件指纹及所述至少一个文件指纹对应的病毒检测的历史信息,所述至少一个文件指纹与所述存储系统中的一个或多个文件相关联,所述至少一个文件指纹对应的病毒检测的历史信息包括与所述至少一个文件指纹相关联的各文件对应的病毒检测的历史信息中最新的历史信息。The device according to claim 8, characterized in that, the historical information of virus detection corresponding to the target file includes the historical information of virus detection in the metadata of the target file, and/or, the historical information of virus detection in the index database is related to the target file. Historical information of virus detection corresponding to the file fingerprint of the file; wherein, the index database includes at least one file fingerprint and historical information of virus detection corresponding to the at least one file fingerprint, and the at least one file fingerprint is consistent with the storage system The historical information of virus detection corresponding to the at least one file fingerprint includes the latest historical information among the historical information of virus detection corresponding to each file associated with the at least one file fingerprint.
  10. 根据权利要求8或9所述的装置,其特征在于,所述目标文件对应的病毒检测的历史信息包括:所述目标文件元数据中的病毒检测的历史信息;所述获取模块,还用于在所述目标文件元数据中,读取所述目标文件对应的病毒检测的历史信息。The device according to claim 8 or 9, characterized in that the historical information of virus detection corresponding to the target file includes: the historical information of virus detection in the metadata of the target file; the acquisition module is also configured to In the target file metadata, historical information of virus detection corresponding to the target file is read.
  11. 根据权利要求8或9所述的装置,其特征在于,所述目标文件对应的病毒检测的历史信息包括:索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;所述获取模块,还用于:确定所述目标文件的目标文件指纹;根据所述目标文件指纹,在所述索引库中选取所述目标文件指纹对应的病毒检测的历史信息。The device according to claim 8 or 9, wherein the historical information of virus detection corresponding to the target file includes: historical information of virus detection corresponding to the file fingerprint of the target file in the index database; the acquisition A module further configured to: determine a target file fingerprint of the target file; and select historical virus detection information corresponding to the target file fingerprint in the index database based on the target file fingerprint.
  12. 根据权利要求10所述的装置,其特征在于,所述目标文件对应的病毒检测的历史信息包括:所述目标文件元数据中的病毒检测的历史信息,和,所述索引库中与所述目标文件的文件指纹对应的病毒检测的历史信息;所述确定模块,还用于:在所述目标文件元数据中的病毒检测的历史信息不满足第一预设条件的情况下,确定所述目标文件的目标文件指纹; 根据所述目标文件指纹,在所述索引库中选取所述目标文件指纹对应的病毒检测的历史信息;在所述目标文件指纹对应的病毒检测的历史信息不满足第二预设条件的情况下,确定对所述目标文件进行病毒检测。The device according to claim 10, characterized in that the historical information of virus detection corresponding to the target file includes: the historical information of virus detection in the metadata of the target file, and the historical information of virus detection in the index database corresponding to the Historical information of virus detection corresponding to the file fingerprint of the target file; the determination module is also configured to: when the historical information of virus detection in the target file metadata does not meet the first preset condition, determine the The target file fingerprint of the target file; According to the target file fingerprint, the historical information of virus detection corresponding to the target file fingerprint is selected from the index database; when the historical information of virus detection corresponding to the target file fingerprint does not meet the second preset condition , determine to perform virus detection on the target file.
  13. 根据权利要求8-12中任一所述的装置,其特征在于,所述装置还包括:结果反馈模块,用于获取所述目标防病毒系统反馈的对所述目标文件进行病毒检测的结果;更新模块,用于根据所述病毒检测的结果,更新所述目标文件对应的病毒检测的历史信息。The device according to any one of claims 8-12, characterized in that the device further includes: a result feedback module, used to obtain the result of virus detection of the target file fed back by the target anti-virus system; An update module, configured to update the historical information of virus detection corresponding to the target file according to the result of the virus detection.
  14. 根据权利要求12中所述的装置,其特征在于,所述装置还包括:元数据更新模块,在所述目标文件指纹对应的病毒检测的历史信息不满足第二预设条件的情况下,确定不对所述目标文件进行病毒检测,并更新所述目标文件元数据中的病毒检测的历史信息。The device according to claim 12, characterized in that the device further includes: a metadata update module that determines when the historical information of virus detection corresponding to the target file fingerprint does not meet the second preset condition. No virus detection is performed on the target file, and the historical information of virus detection in the metadata of the target file is updated.
  15. 一种电子设备,其特征在于,包括:An electronic device, characterized by including:
    处理器;processor;
    用于存储处理器可执行指令的存储器;Memory used to store instructions executable by the processor;
    其中,所述处理器被配置为执行所述指令时实现权利要求1-7任意一项所述的方法。Wherein, the processor is configured to implement the method according to any one of claims 1-7 when executing the instructions.
  16. 一种非易失性计算机可读存储介质,其上存储有计算机程序指令,其特征在于,所述计算机程序指令被处理器执行时实现权利要求1-7中任意一项所述的方法。 A non-volatile computer-readable storage medium on which computer program instructions are stored, characterized in that when the computer program instructions are executed by a processor, the method described in any one of claims 1-7 is implemented.
PCT/CN2023/087180 2022-08-24 2023-04-08 Virus detection method and apparatus, electronic device, and storage medium WO2024040977A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202211018624.7A CN117668834A (en) 2022-08-24 2022-08-24 Virus detection method and device, electronic equipment and storage medium
CN202211018624.7 2022-08-24

Publications (1)

Publication Number Publication Date
WO2024040977A1 true WO2024040977A1 (en) 2024-02-29

Family

ID=90012325

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/087180 WO2024040977A1 (en) 2022-08-24 2023-04-08 Virus detection method and apparatus, electronic device, and storage medium

Country Status (2)

Country Link
CN (1) CN117668834A (en)
WO (1) WO2024040977A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6763466B1 (en) * 2000-01-11 2004-07-13 Networks Associates Technology, Inc. Fast virus scanning
CN102799823A (en) * 2012-07-13 2012-11-28 北京江民新科技术有限公司 Virus detection method and system
CN103136474A (en) * 2011-11-29 2013-06-05 姚纪卫 Method and device for detecting files
CN108898014A (en) * 2018-06-22 2018-11-27 珠海市君天电子科技有限公司 A kind of checking and killing virus method, server and electronic equipment
CN110874473A (en) * 2018-09-04 2020-03-10 成都华为技术有限公司 Virus detection method, device and system, cloud service system and storage medium
CN113268765A (en) * 2021-04-30 2021-08-17 杭州安恒信息技术股份有限公司 Credential detection method, system, electronic device and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6763466B1 (en) * 2000-01-11 2004-07-13 Networks Associates Technology, Inc. Fast virus scanning
CN103136474A (en) * 2011-11-29 2013-06-05 姚纪卫 Method and device for detecting files
CN102799823A (en) * 2012-07-13 2012-11-28 北京江民新科技术有限公司 Virus detection method and system
CN108898014A (en) * 2018-06-22 2018-11-27 珠海市君天电子科技有限公司 A kind of checking and killing virus method, server and electronic equipment
CN110874473A (en) * 2018-09-04 2020-03-10 成都华为技术有限公司 Virus detection method, device and system, cloud service system and storage medium
CN113268765A (en) * 2021-04-30 2021-08-17 杭州安恒信息技术股份有限公司 Credential detection method, system, electronic device and storage medium

Also Published As

Publication number Publication date
CN117668834A (en) 2024-03-08

Similar Documents

Publication Publication Date Title
US11409900B2 (en) Processing event messages for data objects in a message queue to determine data to redact
US11934550B2 (en) Replacing distinct data in a relational database with a distinct reference to that data and distinct de-referencing of database data
US10970413B2 (en) Fragmenting data for the purposes of persistent storage across multiple immutable data structures
US10366247B2 (en) Replacing distinct data in a relational database with a distinct reference to that data and distinct de-referencing of database data
US8495037B1 (en) Efficient isolation of backup versions of data objects affected by malicious software
US11755736B1 (en) Systems and methods for protecting against malware attacks
US10409980B2 (en) Real-time representation of security-relevant system state
US8670146B1 (en) Using bit arrays in incremental scanning of content for sensitive data
US8650162B1 (en) Method and apparatus for integrating data duplication with block level incremental data backup
US20200097452A1 (en) Data deduplication device, data deduplication method, and data deduplication program
US10983867B1 (en) Fingerprint change during data operations
US20240022597A1 (en) Systems and methods for detecting malware attacks
US20080065597A1 (en) Updating content index for content searches on networks
US10776487B2 (en) Systems and methods for detecting obfuscated malware in obfuscated just-in-time (JIT) compiled code
US11550913B2 (en) System and method for performing an antivirus scan using file level deduplication
US11275835B2 (en) Method of speeding up a full antivirus scan of files on a mobile device
TW201812634A (en) Threat intelligence cloud
US11429674B2 (en) Processing event messages for data objects to determine data to redact from a database
US10983985B2 (en) Determining a storage pool to store changed data objects indicated in a database
US11023155B2 (en) Processing event messages for changed data objects to determine a storage pool to store the changed data objects
WO2024040977A1 (en) Virus detection method and apparatus, electronic device, and storage medium
US20180227205A1 (en) System and method to propagate information across a connected set of entities irrespective of the specific entity type
US11663336B1 (en) Block-based protection from ransomware
WO2024174550A1 (en) Data processing method, processor, storage device, interface card, and storage medium
JP6895149B1 (en) Data management system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23856072

Country of ref document: EP

Kind code of ref document: A1