Myuhng-Joo Kim, Ju-Young Yoo, Ju-Young Choi, Mi-Ae Kim,
Yu-Mi Park, Eun-Ok Park, Eun-Jeong Choi, Yoon-Jeong Kim
Department of Information Security Engineering
Seoul Women's University, Seoul, KOREA
E-mail: mjkim@swu.ac.kr
In the propagation of computer virus including i-worm and trojan, internet is the most representative medium. And its server systems, e.g., e-mail server, web server, FTP server and DBMS server etc., are considered as the inevitable depot of computer virus. Thus the necessity of developing server-side anti-virus(AV) engines has been emphasized increasingly.
However, most comtemporary server-side AV engines are only recompiled versions of previous client-side ones. This cannot make server-side AV engines fully utilize the merit of server systems which support parallel processing. In this paper, we suggest a newly designed server-side AV engine, SAVE (Seoul women's university Anti-Virus Engine).
SAVE comprises one AV monitor and several AV agents. Each AV agent is a small but complete AV engine with its own virus signature database. It is executed on a specified processor under the control of AV monitor.
AV monitor is in charge of system initiation, start-up, load balancing, smart update, logging and reporting. For maximizing profits of using parallel processing system, AV monitor takes the responsibility for configuring dynamically the execution pattern of AV agents, that will balance the processing load. This makes all the data stored in the internet server system be checked under several ways, which can be derived from two primitive ways - partitioned way and pipelined way.
Through making reference to priority-based classification of virus signature database, SAVE can be executed efficiently on parallel processing systems as a server-side AV engine. SAVE has been implemented in Java programming language on Sun Blade 2000 with simulating multi-processor, and the skeleton of AV agent is derived from the ClamAV 6.0.
By using SAVE, the system manager can alleviate his clients' sufferings from computer virus. And he/she can also diminish internet server' burden incurred by additional AV software since SAVE is newly designed especially for the parallel processing systems.