Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a proxy, implemented within a network gateway device of a private network, monitors remote file-system access protocol sessions involving client computer systems and a server computer system associated with the private network. For each file on a share of the server computer system being accessed by one or more of the client computer systems: (i) a shared holding buffer corresponding to the file is created within a shared memory of the network gateway device; (ii) data being read from or written to the file by the monitored remote file-system access protocol sessions is buffered into the shared holding buffer; and (iii) responsive to a predetermined event, content filtering is performed on the shared holding buffer to determine whether malicious, dangerous or unauthorized content is contained within the shared holding buffer.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a proxy, implemented within a network gateway device of a private network, monitors remote file-system access protocol sessions involving client computer systems and a server computer system associated with the private network. For each file on a share of the server computer system being accessed by one or more of the client computer systems: (i) a shared holding buffer corresponding to the file is created within a shared memory of the network gateway device; (ii) data being read from or written to the file by the monitored remote file-system access protocol sessions is buffered into the shared holding buffer; and (iii) responsive to a predetermined event, content filtering is performed on the shared holding buffer to determine whether malicious, dangerous or unauthorized content is contained within the shared holding buffer.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a proxy, implemented within a network gateway device of a private network, monitors remote file-system access protocol sessions involving client computer systems and a server computer system associated with the private network. For each file on a share of the server computer system being accessed by one or more of the client computer systems: (i) a shared holding buffer corresponding to the file is created within a shared memory of the network gateway device; (ii) data being read from or written to the file by the monitored remote file-system access protocol sessions is buffered into the shared holding buffer; and (iii) responsive to a predetermined event, content filtering is performed on the shared holding buffer to determine whether malicious, dangerous or unauthorized content is contained within the shared holding buffer.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a proxy, implemented within a network gateway device of a private network, monitors remote file-system access protocol sessions involving client computer systems and a server computer system associated with the private network. For each file on a share of the server computer system being accessed by one or more of the client computer systems: (i) a shared holding buffer corresponding to the file is created within a shared memory of the network gateway device; (ii) data being read from or written to the file by the monitored remote file-system access protocol sessions is buffered into the shared holding buffer; and (iii) responsive to a predetermined event, content filtering is performed on the shared holding buffer to determine whether malicious, dangerous or unauthorized content is contained within the shared holding buffer.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a remote file-system access protocol response is received at a network device logically interposed between one or more clients and a server. The response represents a response to a request from one of the clients relating to a file associated with a share of the server. A determination is made whether a holding buffer corresponding to the file exists. If not, then one is created; otherwise, the existing holding buffer is used for any of the clients or processes running on the clients that access the file. Data read from or written to the file as a result of the request is buffered into the holding buffer. The existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer is determined by performing content filtering on the holding buffer.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a remote file-system access protocol response is received at a network device logically interposed between one or more clients and a server. The response represents a response to a request from one of the clients relating to a file associated with a share of the server. A determination is made whether a holding buffer corresponding to the file exists. If not, then one is created; otherwise, the existing holding buffer is used for any of the clients or processes running on the clients that access the file. Data read from or written to the file as a result of the request is buffered into the holding buffer. The existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer is determined by performing content filtering on the holding buffer.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a remote file-system access protocol request issued by a client to a server is received at a network device logically interposed between the client and the server. The request is issued to the server by the network device. A single shared holding buffer, used for both read and write accesses to the file and used by multiple processes running on the client, is implemented by the network device for the file during a remote file-system access protocol session. Data being read from or written to the file as a result of the request is buffered into the buffer. Responsive to a predetermined event in relation to the remote file-system access protocol or the buffer, the existence or non-existence of malicious, dangerous or unauthorized content is determined by performing content filtering on the buffer.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a remote file-system access protocol request issued by a client to a server is received at a network device logically interposed between the client and the server. The request is issued to the server by the network device. A single shared holding buffer, used for both read and write accesses to the file and used by multiple processes running on the client, is implemented by the network device for the file during a remote file-system access protocol session. Data being read from or written to the file as a result of the request is buffered into the buffer. Responsive to a predetermined event in relation to the remote file-system access protocol or the buffer, the existence or non-existence of malicious, dangerous or unauthorized content is determined by performing content filtering on the buffer.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a first set of Server Message Block/Common Internet File System (SMB/CIFS) protocol requests originated by a first process running on a client and relating to a file associated with a share of a server and a second set of SMB/CIFS protocol requests originated by a second process running on the client and relating to the file are transparently proxied by a gateway device. The existence or non-existence of malicious, dangerous or unauthorized content contained within the file is determined by the gateway device by (i) buffering data being read from or written to the file as a result of the first and second set of SMB/CIFS protocol requests into a shared file buffer; and (ii) performing content filtering on the shared file buffer when a scanning condition is satisfied.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, holding buffers in which data collected from a remote file-system access protocol is stored, a holding buffer context table, a file map table and a usage table corresponding to each holding buffer are created within one or more computer-readable media. References to each of the holding buffers are tracked within the holding buffer context table. References to a common file are mapped to a common holding buffer of the holding buffers with the file map table. Modified and unmodified portions of the holding buffers are tracked using the usage table corresponding to each holding buffer. Responsive to a predetermined event in relation to a holding buffer or the holding buffers, the existence of malicious, dangerous or unauthorized content contained within the holding buffer is determined by performing content filtering on the holding buffer.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a transparent proxy running within a network gateway logically interposed between a client and a server intercepts remote file-system access protocol requests/responses. Responsive to receipt of a remote file-system access protocol request from the client, the network gateway issues the remote file-system access protocol request to the server on behalf of the client. The network gateway buffers into a holding buffer associated with the network gateway data being read from or written to a file associated with a share of the server. Then, responsive to a predetermined event in relation to the remote file-system access protocol or the holding buffer, the network gateway determines the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the holding buffer.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, holding buffers in which data collected from a remote file-system access protocol is stored, a holding buffer context table, a file map table and a usage table corresponding to each holding buffer are created within one or more computer-readable media. References to each of the holding buffers are tracked within the holding buffer context table. References to a common file are mapped to a common holding buffer of the holding buffers with the file map table. Modified and unmodified portions of the holding buffers are tracked using the usage table corresponding to each holding buffer. Responsive to a predetermined event in relation to a holding buffer or the holding buffers, the existence of malicious, dangerous or unauthorized content contained within the holding buffer is determined by performing content filtering on the holding buffer.

Abstract: Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a transparent proxy running within a network gateway logically interposed between a client and a server intercepts remote file-system access protocol requests/responses. Responsive to receipt of a remote file-system access protocol request from the client, the network gateway issues the remote file-system access protocol request to the server on behalf of the client. The network gateway buffers into a holding buffer associated with the network gateway data being read from or written to a file associated with a share of the server. Then, responsive to a predetermined event in relation to the remote file-system access protocol or the holding buffer, the network gateway determines the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the holding buffer.