| CPC G06F 21/565 (2013.01) [G06F 2221/034 (2013.01)] | 19 Claims |
|
1. An archive scanning method comprising:
selecting an unextracted archive file that contains a first plurality of files;
for each respective file of the first plurality of files:
calculating a file size associated with the respective file;
determining whether the file contains one or more additional archive files;
if the calculated file size exceeds a threshold file size or the file contains one or more additional archive files, sorting the file into a first group having malicious traits; and
if the file size does not exceed the threshold size and the file does not contain one or more additional archive files, sorting the file
into a second group not having malicious traits;
extracting metadata for files of the second group and not the first group;
reading from the metadata a plurality of hash strings; comparing the plurality of hash strings with a database of hash strings;
determining, based on the comparing, if one or more files of the of the second group represent a security threat; and
determining if the archive file is encrypted and, if encrypted, breaking an encryption of the archive before extracting metadata.
|