Abstract: A system and method for preventing propagation of malicious content associated with an electronic message are disclosed. An electronic message and content associated with the electronic message is simulated in a virtual machine which emulates the destination computing device of the electronic message. A virtual firewall receives one or more commands as the electronic message or content associated with an electronic message is executed. Initially, the virtual firewall establishes a network connection and determines the type of action associated with the commands. If the type of action comprises a connection maintenance or configuration command, the network connection is maintained. If the type of action comprises a data transmission command, the network connection is terminated. This allows the virtual machine to simulate performance of a networked computer by transmitting a subset of the data through a network connection.

Abstract: A system and a method for detecting malicious content associated with an electronic message are described. An electronic message, such as an e-mail, a chat request, a torrent file or a text message is initially received. The electronic message can then be compared to known viruses using pattern or signature matching techniques. The electronic message is then transmitted to a virtual machine which executes the electronic message in an environment simulating the destination computing system of the electronic message. The virtual machine monitors execution of the electronic message to identify one or more malicious actions and classifies the electronic message accordingly. For example, message component execution is monitored for attempts to access system files, attempts to access user information, attempts to transmit system configuration data or attempts to transmit user information.