Abstract: Disclosed herein are systems and method for anti-malware scanning, including identifying a plurality of objects in a backup archive that is connected to a first network comprising a plurality of computing devices; scanning the plurality of objects in the backup archive to generate a whitelist indicating a subset of the plurality of objects that do not need to be scanned at a subsequent time; performing, using the whitelist, a first malware scan in a computing device of the plurality of computing devices; detecting that the computing device has left the first network to join a second network; and performing a second malware scan on the computing device, wherein the second malware scan uses a different whitelist of the second network, and wherein the second malware scan comprises scanning a first object that is not in the different whitelist and was not scanned in the first malware scan.

Abstract: Disclosed herein are systems and method for anti-malware scanning, including identifying a plurality of objects in a backup archive that is connected to a first network comprising a plurality of computing devices; scanning the plurality of objects in the backup archive to generate a whitelist indicating a subset of the plurality of objects that do not need to be scanned at a subsequent time; performing, using the whitelist, a first malware scan in a computing device of the plurality of computing devices; detecting that the computing device has left the first network to join a second network; and performing a second malware scan on the computing device, wherein the second malware scan uses a different whitelist of the second network, and wherein the second malware scan comprises scanning a first object that is not in the different whitelist and was not scanned in the first malware scan.

Abstract: Disclosed herein are systems and method for scanning objects of a computing device, by an anti-malware, using a white list created for an organization based on data of the organization. In one aspect, an exemplary method comprises obtaining one or more objects of the organization from the computing device, and for each obtained object of the one or more objects, computing a hash value of the obtained object, determining whether the obtained object is whitelisted, and scanning the obtained object based on whether the obtained object is whitelisted, wherein the whitelist is created based on scanning of objects stored in archives of the organization, and the obtained object is determined as being whitelisted when the computed hash value of the obtained object matches a hash value of an object in a whitelist created for the organization.

Abstract: Disclosed herein are systems and method for scanning objects of a computing device, by an anti-malware, using a white list created for an organization based on data of the organization. In one aspect, an exemplary method comprises obtaining one or more objects of the organization from the computing device, and for each obtained object of the one or more objects, computing a hash value of the obtained object, determining whether the obtained object is whitelisted, and scanning the obtained object based on whether the obtained object is whitelisted, wherein the whitelist is created based on scanning of objects stored in archives of the organization, and the obtained object is determined as being whitelisted when the computed hash value of the obtained object matches a hash value of an object in a whitelist created for the organization.

Abstract: A method, system, and computer program product for identifying files that are found during a malware scan, thus enabling them to be excluded from further analysis. A method for handling a potential malware file comprises the steps of scanning a plurality of files to identify at least one file as potential malware, querying a database to determine whether the at least one file is known, and handling the at least one file based on whether the at least one file is known.

Abstract: A method, system, and computer program product for identifying files that are found during a malware scan, thus enabling them to be excluded from further analysis. A method for handling a potential malware file comprises the steps of scanning a plurality of files to identify at least one file as potential malware, querying a database to determine whether the at least one file is known, and handling the at least one file based on whether the at least one file is known.

Abstract: A method, system, and computer program product for providing monitoring and interception of malwares in Internet Relay Chat (IRC), which is secure, does not require significant system resources, and is capable of monitoring multiple IRC networks and servers. A method of detecting a computer malware comprises the steps of joining an Internet Relay Chat server, retrieving a list of channels of the Internet Relay Chat server, monitoring at least one channel in the list of retrieved channels, accepting data received from the monitored channel, and storing and logging the data received from the monitored channel.

Abstract: A method, system, and computer program product that provides multiple names of a given malware in a quick and automated fashion. A method of providing names of computer malwares comprises the steps of receiving a sample of a computer malware, scanning the computer malware using a plurality of anti-virus scanners, at least some of the anti-virus scanners generating information identifying the computer malware, and compiling the generated information identifying the computer malware. The information identifying the computer malware may.

Abstract: A method, system, and computer program product for protecting computer users from Web sites hosting computer viruses and for protecting Web hosting systems from hosting Web pages that contains links to computer viruses. a method for protecting users from Web sites hosting computer viruses comprises the steps of: receiving information identifying a Web page selected for access by a user, determining whether the Web page is hosted by a Web site that is included in a database of Web sites related to computer viruses, and allowing access to the Web page based on whether the Web page includes a link to a Web site that is included in the database.

Abstract: A system, method, and computer program product that provides the capability to remove a macro or script virus from a document or file and leave the remainder of the document or file intact. An anti-virus program executable by a computer system comprises virus scanning routines operable to scan a file and detect a virus, virus removal routines operable to remove the detected virus from the file, the virus removal routines comprising a text editor, operable to search and modify a textual portion of the file under control of virus removal instructions, and the virus removal instructions, which are operable to cause the text editor to remove a virus from the textual portion of the file. The removed virus may be located on one line of text or the removed virus may be located on a plurality of lines of text.

Abstract: A method, system, and computer program product for automatically updating multiple anti-virus programs without the need to configure and run multiple, different anti-virus program specific updating programs and which avoids the resource and incompatibility issues that running multiple updating programs may create. The method for updating a plurality of anti-virus programs comprises the steps of initiating an update of a plurality of anti-virus programs, determining information to be updated, transferring a plurality of updates, and installing the plurality of updates.

Abstract: A method, system, and computer program product for cross-referencing computer malwares that provides the capability to determine multiple names of a given malware, distinguish different malwares having the same names, and automatically gather information relating to such malwares. A method of cross-referencing computer malwares comprises the steps of searching a database for a name of a computer malware, retrieving at least one alternate name of the computer malware, accessing a link associated with the at least one alternate name, and searching a Web site pointed to by the link for information relating to the computer malware using the alternate name.