Automatic provisioning and onboarding of offline or disconnected machines
US-12182236-B2 · Dec 31, 2024 · US
Securing virtual machines with optimized anti-virus scan
US9268689B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9268689-B1 |
| Application number | US-201213429891-A |
| Country | US |
| Kind code | B1 |
| Filing date | Mar 26, 2012 |
| Priority date | Mar 26, 2012 |
| Publication date | Feb 23, 2016 |
| Grant date | Feb 23, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The present disclosure provides for performing virus scans at a storage device that stores one or more virtual machine disk image files (VMDK files). A secure AV module can coordinate communication between a file system on the storage device, a file system (FS) decoder, and an anti-virus engine to perform a virus scan of files contained within a VMDK file. A secure AV module can determine a subset of files that include changed data, where the subset of files is stored in a file system volume within a VMDK file. The secure AV module can use an FS decoder to translate file addresses relative to the file system volume into file addresses relative to the network storage file system. A secure AV module can provide the network storage file system addresses of the subset of files to the anti-virus engine, which can perform a virus scan on the files.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: determining a first block address of a changed block, wherein the changed block is stored in a first file system, and the first block address is relative to a first file in the first file system; and determining a second file that contains the changed block, wherein the second file is stored in a file area of a second file system volume, and the second file system volume is stored in the first file in the first file system. 2. The method of claim 1 , further comprising: translating the first block address relative to the first file in the first file system into a second block address relative to the second file system. 3. The method of claim 2 , further comprising: comparing the second block address relative to the second file system with a plurality of file addresses relative to the second file system, wherein the plurality of file addresses comprises a file address of the second file. 4. The method of claim 3 , further comprising: in response to a determination that the second block address overlaps the file address of the second file, translating the file address relative to the second file system into an other file address relative to the first file system, wherein the file address and the other file address are addresses of the second file that contains the changed block. 5. The method of claim 4 , further comprising: providing the other file address to an anti-virus engine for scanning. 6. The method of claim 1 , further comprising: retrieving metadata from the first file system, wherein the first file system creates a snapshot of data stored in the first file system, the snapshot provides a point-in-time view of the data, changes made to the data after creation of the snapshot are recorded in the metadata, and the determining the first block address uses the metadata. 7. The method of claim 2 , wherein the translating further comprises: comparing the first block address to a mapping, wherein the mapping indicates relationships between addresses of the first file system and the second file system. 8. The method of claim 7 , further comprising: creating the mapping, wherein the creating comprises: correlating a first plurality of addresses of the first file system with a second plurality of addresses of the second file system. 9. A system comprising: a network storage device, and a secure anti-virus (AV) module configured to determine a first block address of a changed block, wherein the changed block is stored in a first file system, and the first block address is relative to a first file in the first file system, and determine a second file that contains the changed block, wherein the second file is stored in a file area of a second file system volume, and the second file system volume is stored in the first file in the first file system. 10. The system of claim 9 , further comprising: a file system (FS) decoder configured to translate the first block address relative to the first file in the first file system into a second block address relative to the second file system. 11. The system of claim 10 , wherein the FS decoder is further configured to compare the second block address relative to the second file system with a plurality of file addresses relative to the second file system, wherein the plurality of file addresses comprises a file address of the second file. 12. The system of claim 11 , wherein the FS decoder is further configured to translate the file address relative to the second file system into an other file address relative to the first file system, in response to a determination that the second block address overlaps the file address of the second file, wherein the file address and the other file address are addresses of the second file that contains the changed block. 13. The system of claim 12 , wherein the secure AV module is further configured to provide the other file address to an anti-virus engine for scanning. 14. The system of claim 9 , wherein the secure AV module is further configured to retrieve metadata from the first file system, wherein the first file system creates a snapshot of data stored in the first file system, the snapshot provides a point-in-time view of the data, changes made to the data after creation of the snapshot are recorded in the metadata, and the first block address is determined by using the metadata. 15. The system of claim 10 , wherein the FS decoder is further configured to compare the first block address to a mapping, wherein the mapping indicates relationships between addresses of the first file system and the second file system. 16. The system of claim 15 , wherein the FS decoder is further configured to correlate a first plurality of addresses of the first file system with a second plurality of addresses of the second file system to produce the mapping. 17. A non-transitory computer-readable storage medium configured to store program instructions that, when executed on a processor, are configured to cause the processor to perform operations comprising: determining a first block address of a changed block, wherein the changed block is stored in a first file system, and the first block address is relative to a first file in the first file system; and determining a second file that contains the changed block, wherein the second file is stored in a file area of a second file system volume, and the second file system volume is stored in the first file in the first file system. 18. The non-transitory computer-readable storage medium of claim 17 , wherein the operations further comprise: translating the first block address relative to the first file in the first file system into a second block address relative to the second file system. 19. The non-transitory computer-readable storage medium of claim 18 , wherein the operations further comprise: comparing the second block address relative to the second file system with a plurality of file addresses relative to the second file system, wherein the plurality of file addresses comprises a file address of the second file. 20. The non-transitory computer-readable storage medium of claim 19 , wherein the operations further comprise: in response to a determination that the second block address overlaps the file address of the second file, translating the file address relative to the second file system into an other file address relative to the first file system, wherein the file address and the other file address are addresses of the second file that contains the changed block.
Assignees
Inventors
Classifications
- G06F21/53Primary
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
- G06F12/0292Primary
using tables or multilevel address translation means (G06F12/023 takes precedence; address translation in virtual memory systems G06F12/10) · CPC title
using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB] · CPC title
by virus signature recognition · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9268689B1 cover?
- The present disclosure provides for performing virus scans at a storage device that stores one or more virtual machine disk image files (VMDK files). A secure AV module can coordinate communication between a file system on the storage device, a file system (FS) decoder, and an anti-virus engine to perform a virus scan of files contained within a VMDK file. A secure AV module can determine a sub…
- Who is the assignee on this patent?
- Chen Grace Jing, Karr Ronald, Satish Venkeepuram, and 3 more
- What technology area does this patent fall under?
- Primary CPC classification G06F21/53. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Feb 23 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).