Unknown virus detection and prevention

Paul Hodgson BT Exact

This paper rejects as unrealistic the assumption that unknown novel viruses can be prevented from entering networks, and argues that the best solution to the new and unknown virus problem is rapid detection and elimination of viral spread. It presents a novel and minimally disruptive method to solve this problem that takes a proactive intrusion prevention approach on corporate email systems, and demonstrates an effective defense against a real attack. A user-definable number of records are read from the end of the Exchange Server tracking logs at definable intervals. Originator information is extracted and mapped onto a two-dimensional grid that represents the organizational structure of the company. As well as this being an automated solution the novel visual representation allows an administrator to manually monitor viral spread across the company and drill down to individual client machines. To minimize false positives, any machine emitting an above threshold number of emissions as defined by a user-profile database is quarantined and all suspect sent messages are put into recall on all destination company servers. After viral laboratory analysis of any suspicious sample, messages are allowed to continue or are deleted.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.