Abstract: The present invention provides a method for determining the likelihood that an electronic document contains embedded malware. After parsing or sequencing an electronic document, the metadata structures that make up the document are analyzed. A number of pre-established rules are then applied with respect to certain metadata structures that are indicative of embedded malware. The application of these rules results in the generation of a score for the electronic document being tested for embedded malware. The score is then compared to a threshold value, where the threshold value was previously generated based on a statistical model relating to electronic documents having the same format as the document being tested. The result of the comparison can then be used to determine whether the document being tested is or is not likely to contain embedded malware.

Abstract: Disclosed is a system and method for detecting and mitigating the writing of sensitive or prohibited information to memory or communication media. The method includes detecting if an application is to write data to a memory, rerouting the writing of that data, and scanning the data for sensitive content or prohibited information. The scanning is done in accordance with one or more information security policies. If sensitive information is detected, the system has the option of issuing an alarm and/or preventing the sensitive information from being written, depending on the security policy. If the system permits the sensitive information to be written to memory, the system may spawn a file watcher object, which waits for a specified amount of time and then checks to see if the sensitive information has been deleted. If not, the system may issue an alarm or erase the sensitive information, depending on the security policy.