Browse Prior Art Database

Efficient and "intelligent" virus scanning by combining data from backup solutions with virus scanner

IP.com Disclosure Number: IPCOM000035564D
Original Publication Date: 2005-Jan-25
Included in the Prior Art Database: 2005-Jan-25
Document File: 3 page(s) / 86K

Publishing Venue

IBM

Abstract

A combination of remote backup and virus scanning technologies are exploited. A client's data is backed up incrementally by a remote backup server. The backup server virus scans any data which is backed up. Only data which is not scanned remotely by the backup server is scanned locally at the client. Distributed remote virus scanning significantly reduces the CPU and I/O. With this combination, computers (the local client) may be scanned whilst incurring relatively little CPU and I/O cost. The low cost allows more frequent scanning, and the distrubuted nature allows centralised handling of the scan results.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 42% of the total text.

Page 1 of 3

Efficient and "intelligent" virus scanning by combining data from backup solutions with virus scanner

The idea disclosed increases the speed and effectiveness of virus scans by exploring existing remote backup technology to distribute the scans. This reduces the resource drain on the computer being scanned and increases the likelihood that the scan will be allowed to complete without interruption.

    Running virus scans on modern personal machines is a significant nuisance for the users of the machine. The virus scanning software consumes enough computer resources such as I/O bandwidth and CPU cycles to decrease the efficiency of the user at their work. More seriously, virus scans of modern-sized hard drives take long enough that scans are frequently aborted, reducing or destroying the effectiveness of the anti-virus protection. This is a particular problem for laptops. A virus scan may take two to three days, but laptops are often shut down for transit or locked away from a power supply overnight. Under these circumstances the user may have no choice but to abort the virus scan.

    Many institutions provide facilities for users to backup automatically to a centralised server. These backup systems are usually highly efficient, taking very little time to back up an entire hard disk (of the order of 1 hour to back up as opposed to 2-3 days for a virus scan of the same data). The poor performance of virus scanning is in marked contrast to the high performance of automated backups.

    Technologies already exist for remote virus scanners (which can scan files which are not-local to the machine on which the scanning software is running) and scanners which scan backed-up data. However, the core of this disclosure is the improvements yielded by: incremental virus scanning and reduced workload on client machines by the combination of backup and scanning technology.

Key Concepts

The user performs a backup of some data on the hard disk (typically swap files


1.


2.


3.

and caches are not backed up).

This backup is either scheduled or triggered by either the client or server.

The output of this backup results in a log file listing every directory or file that was

backed up.

Every file that is not listed in the log file represents a file that should be


4.

virus-scanned locally.

Every file that is listed in the log file will be scanned by the backup server and

need not be scanned locally.

The backup server incrementally backs up files, this means that when a backup


6.

occurs only files that have changed or are new are transmitted to the backup server.

The combined backup-server-virus-scanner can then virus-scan just these

changed files and directories. There is no need to scan the unchanged files.

The local and centralised virus scans are coordinated, so that files which are not


8.

scanned centrally are scanned locally.

The backup system monitors the failure and success of backups and notifies the

user. If the backup fails, causing scanning to stop, then t...