Patents by Inventor Alexander Shipp

Alexander Shipp has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 7877807
    Abstract: A system for processing emails incorporates means for dealing with previously unknown viruses. The system monitors email traffic patterns to identify patterns characteristic of a virus outbreak and takes corrective action when an outbreak is detected. Individual emails are analysed and, if any one of the constituent parts contains content in which it is possible to contain a virus, characteristic data derived from the email is logged to a database which is scanned for outbreak-indicating traffic patterns.
    Type: Grant
    Filed: July 6, 2001
    Date of Patent: January 25, 2011
    Assignee: Symantec Corporation
    Inventor: Alexander Shipp
  • Patent number: 7664754
    Abstract: In an anti-virus scanning system for computer files being transferred between computers, the number of files requiring detailed scanning is first reduced by identifying files which are instances of programs which are known and deemed to be safe. This is done by reference to a database of known executables which records characteristics which can be used as the basis for identifying a file as an unchanged instance of a known executable. Secondly, these characteristics can then also be used to identify files which are changed instances of known executables. These are extremely suspicious, since the most likely cause of change is infection by a file infecting virus, so these files are classed as likely to be malware.
    Type: Grant
    Filed: March 8, 2004
    Date of Patent: February 16, 2010
    Assignee: Symantec Corporation
    Inventor: Alexander Shipp
  • Patent number: 7519997
    Abstract: A method of scanning a computer file for virus infection attempts to identify whether the file contains program code and if it does, it then attempts to identify the compiler used to generate the code and performs a frequency distribution analysis of instructions found in the code to see whether it corresponds with an expected distribution for a program created with that compiler; if it does not, then the file is flagged as possibly having a viral infection.
    Type: Grant
    Filed: December 8, 2003
    Date of Patent: April 14, 2009
    Assignee: Messagelabs Limited
    Inventor: Alexander Shipp
  • Patent number: 7496963
    Abstract: A method of, and system for, virus detection has a database of known patterns of start-up code for executable images created using a collection of known compilers and uses examination of the start-up code of the image by reference to this database to determine whether or not the executable image is likely to have been subject to infection by viral code. In particular, the system seeks to determine whether the expected flow and execution of the image during start up has had viral code interjected into it. Various heuristics to assist in assessing the likely presence of viral code are disclosed.
    Type: Grant
    Filed: August 11, 2003
    Date of Patent: February 24, 2009
    Assignee: Messagelabs Limited
    Inventor: Alexander Shipp
  • Patent number: 7493658
    Abstract: An anti malware scanner for files is provided with means for processing script and macro files and flagging them as suspect or not based upon an automated analysis of source code in the file. This analysis involves separating the program source into groups of parts such as comment, variable names and routine names, eliminating duplicates and performing a character frequency distribution analysis of the resulting strings. The system may include an exception list to omit flagging a file as suspect if it is on the exception list.
    Type: Grant
    Filed: January 19, 2004
    Date of Patent: February 17, 2009
    Assignee: MessageLabs Limited
    Inventor: Alexander Shipp
  • Patent number: 7487540
    Abstract: A content scanner for electronic documents such as email scans objects which are the target of hyperlinks within the document. If they are determined to be acceptable, the hyperlinks are replaced by ones pointing to copies of the objects stored on a trusted server.
    Type: Grant
    Filed: January 19, 2004
    Date of Patent: February 3, 2009
    Assignee: MessageLabs Limited
    Inventor: Alexander Shipp
  • Patent number: 7472284
    Abstract: A system for anti-virus processing an email having an executable attachment extracts structural elements of the email and examines the executable attachments for code, data or encoded data that could have created these elements. This is effective to detect at least some mass mailing viruses where the executable attachment creates later generations of the attachment and structural elements such as strings which appear in the later emails are present in the attachment.
    Type: Grant
    Filed: March 8, 2004
    Date of Patent: December 30, 2008
    Assignee: Messagelabs Limited
    Inventor: Alexander Shipp
  • Patent number: 7404209
    Abstract: A content scanner for electronic documents such as email scans objects which are the target of hyperlinks within the document. If they are determined to be acceptable, a copy of the object is attached to the document and the link is replaced by one pointing to the copied object.
    Type: Grant
    Filed: August 11, 2003
    Date of Patent: July 22, 2008
    Assignee: Messagelabs Limited
    Inventor: Alexander Shipp
  • Publication number: 20080134333
    Abstract: A scanning system 1 scans electronic objects for exploits. An object analyser 5 detects objects using various techniques. Some techniques involve detection of a pattern of bytes which is characteristic of a program file of a specific format. Other techniques use statistical fingerprinting.
    Type: Application
    Filed: December 4, 2006
    Publication date: June 5, 2008
    Applicant: MessageLabs Limited
    Inventor: Alexander Shipp
  • Publication number: 20050091512
    Abstract: A system for anti-virus processing an email having an executable attachment extracts structural elements of the email and examines the executable attachments for code, data or encoded data that could have created these elements. This is effective to detect at least some mass mailing viruses where the executable attachment creates later generations of the attachment and structural elements such as strings which appear in the later emails are present in the attachment.
    Type: Application
    Filed: March 8, 2004
    Publication date: April 28, 2005
    Inventor: Alexander Shipp
  • Publication number: 20050080816
    Abstract: A system for processing a computer file to determine whether it contains a virus or other malware maintains a database of known files which it references to determine whether the file is an instance of a known file, and if so, whether it has been known about long enough that it can be regarded as safe. If it can be regarded as safe, the file is subject to less thorough processing for detecting malware, or no such processing at all.
    Type: Application
    Filed: March 29, 2004
    Publication date: April 14, 2005
    Applicant: MessageLabs Limited
    Inventor: Alexander Shipp
  • Publication number: 20050071748
    Abstract: A content scanner for electronic documents such as email scans objects which are the target of hyperlinks within the document. If they are determined to be acceptable, the hyperlinks are replaced by ones pointing to copies of the objects stored on a trusted server.
    Type: Application
    Filed: January 19, 2004
    Publication date: March 31, 2005
    Inventor: Alexander Shipp
  • Publication number: 20050071649
    Abstract: An anti malware scanner for files is provided with means for processing script and macro files and flagging them as suspect or not based upon an automated analysis of source code in the file. This analysis involves separating the program source into groups of parts such as comment, variable names and routine names, eliminating duplicates and performing a character frequency distribution analysis of the resulting strings. The system may include an exception list to omit flagging a file as suspect if it is on the exception list.
    Type: Application
    Filed: January 19, 2004
    Publication date: March 31, 2005
    Inventor: Alexander Shipp
  • Publication number: 20050055569
    Abstract: A content scanner for electronic documents such as email scans objects which are the target of hyperlinks within the document. If they are determined to be acceptable, a copy of the object is attached to the document and the link is replaced by one pointing to the copied object.
    Type: Application
    Filed: August 11, 2003
    Publication date: March 10, 2005
    Inventor: Alexander Shipp
  • Publication number: 20050039029
    Abstract: A method of, and system for, virus detection has a database of known patterns of start-up code for executable images created using a collection of known compilers and uses examination of the start-up code of the image by reference to this database to determine whether or not the executable image is likely to have been subject to infection by viral code. In particular, the system seeks to determine whether the expected flow and execution of the image during start up has had viral code interjected into it. Various heuristics to assist in assessing the likely presence of viral code are disclosed.
    Type: Application
    Filed: August 11, 2003
    Publication date: February 17, 2005
    Inventor: Alexander Shipp
  • Publication number: 20050027686
    Abstract: In an anti-virus scanning system for computer files being transferred between computers, the number of files requiring detailed scanning is first reduced by identifying files which are instances of programs which are known and deemed to be safe. This is done by reference to a database of known executables which records characteristics which can be used as the basis for identifying a file as an unchanged instance of a known executable. Secondly, these characteristics can then also be used to identify files which are changed instances of known executables. These are extremely suspicious, since the most likely cause of change is infection by a file infecting virus, so these files are classed as likely to be malware.
    Type: Application
    Filed: March 8, 2004
    Publication date: February 3, 2005
    Inventor: Alexander Shipp
  • Publication number: 20050022016
    Abstract: A method of scanning a computer file for virus infection attempts to identify whether the file contains program code and if it does, it then attempts to identify the compiler used to generate the code and performs a frequency distribution analysis of instructions found in the code to see whether it corresponds with an expected distribution for a program created with that compiler; if it does not, then the file is flagged as possibly having a viral infection.
    Type: Application
    Filed: December 8, 2003
    Publication date: January 27, 2005
    Inventor: Alexander Shipp
  • Publication number: 20040054498
    Abstract: A system for processing emails incorporates means for dealing with previously unknown viruses. The system monitors email traffic patterns to identify patterns characteristic of a virus outbreak and takes corrective action when an outbreak is detected. Individual emails are analysed and, if any one of the constituent parts contains content in which it is possible to contain a virus, characteristic data derived from the email is logged to a database which is scanned for outbreak-indicating traffic patterns.
    Type: Application
    Filed: September 22, 2003
    Publication date: March 18, 2004
    Inventor: Alexander Shipp