Constructing A Stream-based Mail Virus Scanner System with Hardware-Accelerated Content Inspection

• Main Authors: WU. TUNG-MING, 吳東名
• Other Authors: YU.KUN-MING
• Format: Others
• Language: zh-TW
• Published: 2008
• Online Access: http://ndltd.ncl.edu.tw/handle/02180454194678076222

碩士 === 中華大學 === 資訊工程學系(所) === 96 === As information science and technology flourishes today, information systems are bringing convenient functions; the subject of information security has already received attention from most enterprises and personal customers. Among them, the computer virus is the most common problem for network security. On existing anti-virus systems, we can see the advantages of anti-virus mail gateway on center-controls and prevent viruses from invading internal networks in advance. However, these traditional anti-virus mail gateways scan for viruses after the backup. Because lots of system resources and temporary space is needed by the anti-virus gateway in order to match the function of the system, meaning that there are more system resources, the better system effect we can get and the more temporary space, the more files can be scanned. Therefore, we construct a Hardware-Accelerated Mail Scanner System (HAMSS) to solve these problems. The temporary space is not needed in HAMSS and HAMSS also can minimize the system memory needed to carry out the defensive function. Another feature of HAMSS is to reduce the CPU utilization. When HAMSS executes content inspection for viruses, it just needs to hand over the job to the hardware, so that the CPU can be assigned to run other jobs while the mail virus-scanner system inspects attachments in the mail. For verifying the performance of the proposed architecture, we implemented HAMSS and compared it to other anti-virus systems. Form the experimental results, we can find that HAMSS runs 6 times faster than the storage-based system and 2 times faster than the stream-based system. When the attachment of the mail is compressed, HAMSS was also respectively 6 times and 3 times faster compared to the two other systems. For the usage of system memory, it keeps the memory constant for each connection. In addition, HAMSS also has less CPU utilization than the two other systems.