08042184 is referenced by 92 patents and cites 13 patents.

A system, method and computer program product for anti-malware processing of data stream that includes a plurality of logical data streams formed from a primary data stream; and a plurality of stream buffers, each buffering data of a corresponding logical data stream. A plurality of processing handlers each associated with one of the data streams, where the handlers are processing the data of the logical data stream buffered by its stream buffer. Each processing handler is associated with a particular functionality and at least one processing handler scans its logical data stream for malware presence. Each stream buffer has a configurable buffering policy. At least one of the processing handlers decompresses the data into one or more secondary streams. At least one of the processing handlers parses its logical data stream, creating one or more instances of secondary data streams. The scanning can be based on a signature search. At least one of the processing handlers parses its logical data stream to identify headers, wherein new secondary data streams are instantiated based on regions of interest in a future stream data at positions identified by the headers. The set of conditions is stored e.g., in a table, a list, and/or a registry.

Title
Rapid analysis of data stream for malware presence
Application Number
11/550428
Publication Number
8042184 (B1)
Application Date
October 18, 2006
Publication Date
October 18, 2011
Inventor
Vyacheslav A Batenin
Moscow
RU
Agent
Bardmesser Law Group
Assignee
Kaspersky Lab ZAO
RU
IPC
G08B 23/00
G06F 13/00
G06F 11/30
G06F 11/00
View Original Source