System and method for treating website content |
|
IPC classes for russian patent System and method for treating website content (RU 2535504):
  
 System and method for detecting malware by creating isolated environment / 2535175
Invention relates to means of detecting malware. The technical result is high mobile device security. The code of the investigated application is modified by replacing critical function call with handler function call. Information on critical functions called by the modified investigated application through the handler function is gathered. Information on presence of behaviour typical for malware is analysed.
 Method for integration with automated article data management system / 2534969
Invention relates to a method for integration with an automated article data management system (AADMS). Documents are created and input into the AADMS using an integration unit. The AADMS performs management of said documents, coordination processes and life cycle operations of said documents. Upon logging on to an automated system integrated with the AADMS, users receive or enter input data into said system through its application. The method prevents direct user access into the AADMS for managing documents created and input into the AADMS through the automated system, which integrates functions thereof, through automatic comparison of records of said systems and non-disclosure of record data of the AADMS to the users. Data needed to create documents are stored in the database of the automated system which integrates AADMS functions. Users use the automated system application to perform functions: optionally indicating the process and coordination scheme, automatic input of created documents into the AADMS, optionally automatic launch of the process of coordinating input documents. Users are notified of the presence of remarks to documents input into the AADMS and coordinated by said users. Automated system data are corrected and new versions of documents are created. For new versions of documents in the AADMS, the coordination process is resumed if necessary; users can browse documents in the AADMS through the automated system application.
 System and method of adaptive control and monitoring of user actions based on user behaviour / 2534935
Invention relates to systems of control and restriction of actions performed by a user on a PC. The method to adjust a parental control restriction rules base includes a stage of tracking of completed events in the operating system initiated by user actions on a PC. Further, in accordance with the method, context is generated, which includes actions performed by a user, and events initiated by completed actions. Also the generated context is analysed with the help of regulation rules. Besides, the action completed by the user is detected on the basis of the specified analysis, at the same time the detected action is a prohibited action for a user, but at the same time this action was not blocked with the help of rules of user restriction from the base of parental control restriction rules.
 System for controlling access to computer system resources with "initial user, effective user, process" subject / 2534488
System for controlling access to computer system resources with an "Initial user, Effective user, Process" subject comprises a user authorisation unit; the input of the user authorisation unit is connected a user authorisation input, wherein the system further includes a unit for generating a table (array) of access rules, a unit for selecting rules from the table (array) of access rules, a unit for storing the table (array) of access rules for the "initial user, effective user, process" subject, a unit for analysing an access request and a unit for remembering the initial user.
 Methods of controlling access to organisational information of entity / 2534369
Invention relates to a method, a device and a computer-readable medium for controlling access to organisational information through an organisational chart. The device comprises a presentation component which facilitates presentation in a presentation working area of an organisational chart comprising a plurality of nodes associated with members of an organisation and links between the nodes, a mixing component which facilitates superposition and display of additional information on the organisational chart, and a safety component linked to the presentation component, which facilitates reception of a request to change a characteristic of the organisational chart from an operator, access to safety settings for the operator based on the position of the node associated with the operator in the organisational chart, and authorising change of the characteristic of the organisational chart by the operator if the operator is a delegate and the clearance level of the delegate allows the changing procedure.
 Image forming apparatus, control method therefor and data medium / 2534007
Invention relates to a function for re-execution of a task in an image forming apparatus, having a user authentication function. The image forming apparatus determines when a user authentication function is set as real, and a re-execution function for re-execution for re-execution of a task already executed is set as real, when re-execution function can be executed. The apparatus also determines when the user authentication function is set as invalid, when the re-execution function cannot be executed. The apparatus stores task information for an executed task when it is determined that the re-execution function can be executed. The apparatus allows an authenticated user to manipulate stored task information when it is determined that the re-execution function can be executed, user authentication is successful and the authenticated user is authorised to execute a task.
 Information protection device / 2533640
Technical solution relates to the field of electrical engineering and radio engineering and can be used for protection of the information processed by hardware (HW), computer facilities (CF), computer systems (CS). The information protection device is a three-phase network interference-suppression filter installed in the current supply network, and contains the interference-suppression chokes with coils, capacitors, mutual induction coils, common magnetic circuit, meanwhile the circuitries of the phases A, B, C are connected to the protective line as the low-pass filter elements.
 Control device, information processing system, control method and storage medium / 2533498
Invention relates to application control means for image forming devices. A device control service receives a request to acquire application information for an application to be used from an image forming device, generates and transmits the application information corresponding to image forming device when device configuration information for the image forming device satisfies an application usability condition contained in the application information based on a set, and presents a usage license to use the application in the image forming device.
 Antivirus computer system / 2533303
Invention relates to an antivirus system. A storage device comprises an operating partition storing a file to be scanned, a read-only user interface program, a hidden partition storing a virus code. A processor is operably connected to a display device, wherein the read-only user interface program, when executed by the processor, enables said processor to display the user interface on said display device, receive an access request through said user interface and generate, in response to the access request, a password confirmation request to confirm a program/code update password used to control update of the antivirus program or virus code. An antivirus apparatus performs virus scanning of the file to be scanned in said operating partition based on said virus code in said hidden partition and includes an antivirus processor.
 Device and method of dynamic durability support service assignment to mobile devices / 2533059
Invention relates to communication systems, and more specifically, to communication devices and applications for those, that allow assigning of durability support services to the said device after registering in the service. The result is achieved due to a session central management server that authenticates the first communication device by assessing the account information, and assigns the first durability support server to the device, based on the current location data, contained in the first message.
 Method for using a server, device for controlling reservation of server and means for storing a program / 2276400
For this in accordance to method reservation is requested, reservation is confirmed, authentication information included in reservation information is stored, service is requested on basis of authentication information, server utilization is authenticated and server is utilized on basis of authentication result, while on stage of reservation confirmation device for controlling reservation transfers reservation setting information, and on stage of authentication server utilization is only confirmed when authentication information matches authentication information transferred from user terminal. Device contains receiving means, information generation device and transmitting means.
 Distribution device, terminal device, program and method used in these devices / 2287851
In distribution device groups of two or more informational products which represent digital informational content are stored with information about policy administration which indicates user's rights to this group by interrelated method. Distribution device transfers the user requested informational content from group to the terminal device with license certificate (LC), refreshes information about policy administration decreasing policy validity. On return of the renewed LC distribution device increases the decreased policy validity taking into account the part of policy validity which is indicated in the renewed LC. On user's demand distribution device again transfers LC or other digital informational content.
 Method for restricting access to protected system / 2289845
Fingerprint image is registered with following user personality identification. Some peculiarities of papillary pattern coordinates are determined and using difference of coordinates of peculiarities of received fingerprint image and stored in database positive or negative decision to grant access to system is made.
Method for restricting access to protected system / 2289845
Fingerprint image is registered with following user personality identification. Some peculiarities of papillary pattern coordinates are determined and using difference of coordinates of peculiarities of received fingerprint image and stored in database positive or negative decision to grant access to system is made.
 Method for controlling protected communication line in dynamic networks / 2297037
Invention discloses method for setting up protected communication lines for transferring data and controlling them by means of exchanging keys for protection, authentication and authorization. Method includes setup of protected communication line with limited privileges with usage of identifier of mobile computing block. This is especially profitable is user of mobile block does not have information identifying the user and fit for authentication. Also, advantage of provision by user of information taken by default, identifying the user, is that it initiates intervention of system administrator instead of refusal based on empty string. This decentralized procedure allows new users to access the network without required physical presence in central office for demonstration of their tickets.
 Method, device and information carrier for confirming access right to autonomous resources / 2300142
Method includes changing identification information during each new query of autonomous resource, which information is used for identification of carrier during following queries to autonomous resources, by including it in algorithmically converted form on information carrier and in database of central device and checking of its correspondence in a row of previous queries to autonomous resources. Each autonomous resource has memory block for storing conversion algorithms and signs of these algorithms and block for reading/recording carrier information. Central device contains at appropriate data bank addresses the virtual memory blocks for storing information for identification of carriers and memory block for storing a set of algorithms for converting code from one type to another and signs of these algorithms, and for each carrier - information storage address which was used during previous accesses. Carrier contains energy-independent additional memory block for recording, storing and reading additional information code after identification of carrier, available both during manufacture of carrier and its submission to autonomous resource.
 Remote user authentication method and the system for realization of the method / 2303811
In accordance to method, electronic user identification data is formed and saved in authentication server database, which data is compared to identification data of user during realization of procedure of user access to computer network of protected system and on basis of that comparison, decision is taken about degree of user authority.
 Multi-broadcasting, limited by time window for future delivery of multi-broadcasting / 2305863
In accordance to the invention, encoded event, containing information which is not meant to be published before time of publishing, is dispatched to clients before the time of publishing. In the moment of the time of publishing, small decryption key is dispatched to each client. In another variant, highly reliable boundary servers, which can be trusted not to publish the information before appropriate time, dispatch non-encrypted event or decode an encrypted event and dispatch decrypted event in certain time or before it, but after the time of publishing, so that decrypted or non-encrypted event reached clients, which can not store and decrypt an encrypted event, approximately at the same time when the key reaches other clients. Therefore, every client may receive information at approximately one and the same time, independently from client throughput or client capacity for storage and decryption of information.
 Method (variants) and device (variants) for protecting communication channel of a computer network / 2306599
In the method, initial data is set, initial data packet is generated at sender side. Then received data packet is encoded and transformed to TCP/IP format. After that current addresses of sender and receiver are included in it and formed packet is transferred. Sender address is replaced. At receiver side, sender and receiver addresses are selected and compared to predetermined addresses. In case of mismatch received packets are not analyzed, and in case of match encoded data is extracted from received packet and decoded. Receiver address is replaced. Then initial data packet is repeatedly formed at sender side. Protection device consists of 2 identical local protection segments 31 and 3k, one of which is connected to local computing network li, and k one is connected to local computing network lk. Local computing networks are interconnected through corresponding routers 41,4k and the Internet.
|
FIELD: physics, computer engineering. SUBSTANCE: invention relates to computer engineering. A system for treating website content comprises a system for managing website content, designed to provide data on the state of website content objects and the website content objects themselves from a database of the website content to an analysis means, making changes to the website content objects when performing treatment procedures with the analysis means; a database of website content designed to website content objects; analysis means designed to detect suspicious website content objects during analysis of the presented data on the state of website content objects and the website content objects themselves, transmit the suspicious website content objects to a verification means, treat malicious website content objects by performing procedures for treating malicious website content objects using the website content management system; at least one verification means designed to detect malicious website content objects during verification of suspicious website content objects, generate procedures for treating the detected malicious website content objects, transmit the procedures for treating the detected malicious website content objects to the analysis means. EFFECT: high website security. 25 cl, 4 dwg
The technical field The invention relates to an anti-virus systems, and in particular to systems and methods for treating the contents of the website using the content management system website. The level of technology Currently, the Internet contains a vast amount of information. Generally, public access to this information through the sites. The website is a collection of electronic documents (files) a private person or organization in a computer network, United under one address (a domain name or an IP address). Modern technology has greatly simplified the creation and support of sites. Complex sites, which consist of templates created pages and databases that have a functional data input, storage and processing of data. An example of a complex site can serve as a social networking site or e-mail. When visiting such sites, the user can modify the contents of the website, for example, to add files to the website or send a message containing the files. To reduce the amount of time and convenience when managing the site uses a content management system (CMS, Content Management System). The content management system (CMS) is an information system or computer program used to organize a joint process to create, edit, and control the Oia website content. The most famous content management system site is Drupal, Joomla, MODx, WordPress, 1C-Bitrix, NetCat, UMI.CMS Host.CMS, Amiro.CMS, ABO.CMS, S. Builder and so on The popularity of the Internet and the constant increase in the number of sites has inevitably led to the fact that there are criminals who are in constant search for new ways to steal personal information and money, the spread of spam by means of hacking. The attack exposed the popular websites of any complexity and subject matter. With each attack increases the importance of checking websites content with malicious code. Anti-virus scanning site with a personal computer allows the user to analyze the content available to the user. The script files, template files, style files and the site database stored on the server and is accessible only to the site administrator or server. When this server administrators neglect to install antivirus software on the server, because it causes degradation of performance. The site administrator has to check and treat your customers manually. It is important to note that even in this case, check the saved files and scripts CMS part, and the contents of the CMS database is not checked at all. In this case, the validation does not take into account the availability of the file for the public the ranks of the view, the date of its posting and editing, because this information is stored in the CMS database. Currently, there are a number of solutions designed to test sites. In the application US 20120017281 described the process of analyzing the content of the site using a module that has information about the current level of safety and efficiency of the website. In the application US 20110307954 described using the control module to check the content of the site. In addition, use a scan tool that has the ability to request files of the website to check. These decisions shall review and treatment of some of the content of the site with limited access. The above solutions do not eliminate the need to test the site completely from the inside. The problem is the lack of access to files and databases content management system website. The present invention can effectively solve the problem of malicious treatment site content from a performance perspective and from the point of view of reliability. Disclosure of inventions The invention relates to systems and methods for treating a site's content. The technical result of the present invention is to improve the security of the site. This technical result is achieved due to the detection and treatment of malicious about the projects site content using the content management system website. This solution allows you to effectively implement anti-virus scanning of all objects of the site's content. Treatment system site content, which includes: a content management system website, designed to provide data on the status of the content objects of the site and the site content objects from a content database of the site analysis tool, make changes to the content objects customers in the procedures of treatment analysis tool; a content database of the site that is used for storing content objects of the site; an analysis tool designed to detect suspicious objects content analysis presents data on the status of the site content objects and the objects themselves content of the website, sending suspicious objects website content checker, treatment of malicious objects site content by performing treatment procedures malicious content objects of a website using a content management system site; at least one checker tool designed to detect malicious content objects site during the inspection of suspicious objects of the website content, develop treatment procedures malware site content, transfer procedures for the treatment of obnarugen the x malicious content objects site analysis tool. In the particular case of the implementation of the analysis tool performs a transfer request objects content management system site and directly analyzes the content objects of the site, not the state of the object content of the site. In another particular case, the implementation of the advanced system uses a means of coordinating, designed to search for free checker, backup free checker, initiate transmission of suspicious objects of the site content, initiate the transfer procedures treatment of detected malicious objects of the site's content. In another particular case, the implementation of the analysis tool is also designed to determine the period of minimum load on the server that hosts the website, by executing query the content management system site on the fixing period of minimum load on the server that hosts the website. In another particular case, the implementation of the tool coordinate after reserving free checker performs a request analysis tool for sending suspicious objects the content of the site at the time of minimum load on the server that hosts the website. In another particular case, the implementation of the system after receiving the response request funds from the analysis on the transmission of suspicious objects the content of the site at the time of minimum load on the server, where is the site, the means of coordinating initiate the transmission of the content objects of the site at the time of minimum load on the server. In another particular case, the implementation of the system with increasing load on the server that hosts the site, the means of coordinating the request to stop transmission of the content objects of the site analysis tools stops the transmission of the content objects of the site and again executes the query, the analysis tool to transfer objects the content of the site at the time of minimum load on the server that hosts the website. In another particular case, the implementation of the advanced system using the database mask that is used to store private data of suspicious objects of the site content in a disguised form. In another particular case, the implementation of the analysis tool is also intended for hiding private information of a suspicious object, site content and placing it in the database masking. In another particular case, the implementation of the analysis tool is also intended to restore from the database masking the data in the source view to the corresponding objects of the site's content. In another particular case, the implementation of the system content management system site done during the study treatment procedures analysis tool restores damaged object content of the website and associated content objects of the web site. In another particular case, the implementation of the system content management system site during procedures, treatment analysis tool replaces a damaged object content of the website and associated content objects of site relevant content objects site periodically backups. In another particular case, the implementation of the system content management system site during procedures, treatment analysis tool removes malware site content and the associated content objects of the web site. In another particular case, the implementation of the checker is located on the personal computer of the user. In another particular case, the implementation of the checker is located on the anti-virus server. In another particular case, the implementation of the analysis tool optionally restricts access to the object content of the site. In another particular case, the implementation of the analysis tool, if necessary, restrict access to the site, which includes a change in at least one of the objects of the site's content. The method of treatment of the site content, in which: provide data on the status of the site content objects and the objects themselves are the content of the site using the system management function is on site; make detection of suspicious objects content analysis presents data on the status of the site content objects and the objects themselves of the website content; produce the detected objects the content of the site during the inspection of suspicious objects of the website content; develop procedures for the treatment of malicious objects of the website content; provide therapy malicious content objects customers by performing treatment procedures malicious content objects of the website using the content management system website. In the particular case of implementation of the method at the stage when producing the detection of suspicious objects content analysis presents data on the status of the site content objects and the objects themselves content of the website, additionally hide private information in a disguised form of a suspicious object, the content of the site. In another particular case, the implementation of the method at the stage when medical treatment of malicious content objects customers by performing treatment procedures malicious content objects of the website using the content management system website, advanced restore private information in the source view to the corresponding objects of the site's content. Another frequent the om case of implementation of the method in the implementation procedures of treatment are to restore a damaged object content of the website and associated content objects of the web site. In another particular case, the implementation of the method in the implementation of treatment procedures replace the damaged object content of the website and associated content objects of site relevant content objects site periodically backups. In another particular case, the implementation of the method in the implementation of treatment procedures remove the malicious object content of the website and associated content objects of the web site. In another particular case of the method for limiting access to malicious site content object. In another particular case of the method for limiting access to the site, which contains at least one malware site content. Brief description of drawings Additional objectives, features and advantages of the present invention will be apparent from reading the following description of the invention with reference to the accompanying drawings, on which: Fig.1 is a block diagram of the site that is running the content management system website with antivirus plugin. Fig.2 describes a block diagram of a system for the treatment of the site's content. Fig.3 shows the algorithm of treatment of the site's content. Fig.4 shows an example computer system assegnazione. Although the invention may have various modifications and alternative forms, characteristic, shown as an example in the drawings will be described in detail. It should be understood, however, that the purpose of the description is not to limit the invention to the specific embodiment. On the contrary, the purpose of description is to cover all changes, modifications, included in the scope of this invention as defined by the attached formula. Description of embodiments of the invention The objects and features of the present invention, the methods to achieve these objects and features will become apparent by reference to an exemplary implementation options. However, the present invention is not limited to the exemplary embodiments of the implementation disclosed below, it may be embodied in various forms. Essence, see, is nothing other than the specific details necessary to assist the specialist in the field of engineering in a comprehensive understanding of the invention, and the present invention is determined in the amount of the applied formulas. For the solution described in the prior art problems, the intended treatment site content. Treatment system site content is intended for testing and treatment of malicious content site, which is under the control of sod is RIMM site. Testing and treatment is performed by querying a content management system website. Developers of content management systems customers include interface application programming (API, Application Programming Interface) to develop additional extensions, applications and plug-ins. The plug - in independently compiled software module that is dynamically connected to the content management system website and designed for expansion and/or use of its capabilities. Treatment system site content manages requests and data processing system and a content management through the anti-virus plug-in developed for a specific content management system website. Fig.1 is a block diagram of the site, which operates under the control of the content management system website with antivirus plug-in. The user manages the site from a personal computer 120. The server 130 can be deployed in multiple sites. The website that you want to test, contains a content management system website 150. Content management system site includes a content database site 160 and anti-virus plug 140, which contains a database of the mask 170. Content management system site 150 provides the anti-virus plug 140 is comprehensive access to site content objects from a content database site 160. Under content objects customers understand the files that make up the content management system site 150, and the files of the site content stored in the content database site 160. Next, and in the text under the objects understand the content objects of the web site. Suspicious objects are objects that can contain malicious code. Suspicious objects can be objects that appear in the content database site 160 in the standard actions provided by the functionality of the content management system site 150. For example, social networking sites default action will be the emergence of a new object in an image file (image) or non-executable text file does not contain URL links (sending messages). In addition, suspicious objects are objects whose appearance in the content database site 160 may pose a threat. For example, the new script files, executable files, multimedia files. Change file scripts content management system site 160 is a dangerous action. The modified script files will also be considered suspicious objects. To detect suspicious objects anti-virus plug 140 analyzes data about the state of the objects. Status data object mo is ut to be a hash sum of the file, size, time of creation/modification, the content type (MIME type), the time of the last check, etc. in Addition anti-virus plug 140 may maintain records of scanned objects and to exchange data with anti-virus server does not check the objects that are tested by other users. Also anti-virus plug 140 may request from the anti-virus server data on the presence of known checksums in the database of malicious objects anti-virus server. In the case of a match a file uploaded by a user, is considered to be malicious, requires lock and immediate transfer to check. Because anti-virus plug 140 may not be able to inspect suspicious objects directly on the server, all suspicious objects passed in and check on the computer, which contains a full-featured anti-virus program. Before transmitting personal information of a suspicious object, hide and placed in the database of the mask 170. A computer with a full-featured anti-virus program may be at least one personal computer user 120 or the anti-virus server 190. During the inspection of suspicious objects detect malicious objects. Full-featured anti-virus program to develop treatments found bredon the red objects and passes them to the anti-virus plug-in 140. During procedures, treatment anti-virus plug 140 performs a query of the content management system site 150 on changes in the detected malicious objects. During procedures, treatment content management system website upon request may, for example, to restore a damaged object, to replace a damaged object object from a backup or delete the detected malicious object. If a suspicious object is not malicious, after checking with him shooting a suspicious status. On one server may be hosted by a large number of sites, so when checking the website, you need not to overload the server. Resource-intensive steps of the content management system the website above objects, preferably in the period of minimum load on the server. The minimum load is calculated or statistically indicated explicitly. Fig.2 describes a block diagram of the treatment system site content. Treatment system, site content consists of content management system site 150, analysis tools 220, a means for coordinating 230, verifier 240, a content database site 160, the database of the mask 170. Content management system site 150 is designed to transmit information about the state of objects from the database of the site's content 10 analysis tool 220, transmission of suspicious objects to the analysis tool 220, the changes in the detected malware on request. Advanced content management system site 150 is designed to record and transmit data about the period minimum server load the analysis tool 220. The content database site 160 is designed to store objects. The analysis tool 220 is designed to detect suspicious objects content analysis presents data on the status of the site content objects and the objects themselves content of the website, the submission of suspicious objects website content checker, procedures, treatment malicious site content objects by querying the content management system site 150 to make changes in the site content objects. The analysis tool 220 in the process of detection of suspicious objects performs a request to the content management system site 150 to receive data about the state of the objects. In response, the content management system site 150 transmits status data objects from the database of the site's content 160 analysis tool 220. The analyzer 220 analyzes the received status data objects. In case of detection of suspicious objects analysis tool 220 executes a query is the system content management 150 to receive suspicious objects. In response, the content management system site 150 transmits suspicious objects to the analysis tool 220. In one embodiment, the implementation of the analysis tool 220 performs the transfer request objects content management system site 150 and analyzes directly the objects, not the data about the state of the object. After receiving a suspicious object, the analysis tool 220 executes the query tool coordination 230 to the transmission of suspicious objects, at least one verifier 240. A means of coordinating 230 helps to search free checker 240, redundancy free checker, initiate transmission of suspicious objects, initiate the transfer procedures for the treatment of malicious objects. The verifier 240 is intended for the detection of malicious objects during the inspection of suspicious objects, develop procedures for the treatment of detected malicious objects, transfer procedures treatment of detected malicious objects of the analysis tool. After receiving a request for checking a means of coordinating 230 searches free checker 240. Then reserve your free checker 240 and executes the request analyzer 220 for sending suspicious objects. The analysis tool 220 performs a response request to the means of coordinating 230 at p is the transfer of suspicious objects. A means of coordinating 230 initiates the transmission of suspicious objects, and the analysis tool 220 transmits suspicious objects checker 240. In one embodiment, the implementation of the analysis tool 220 is also used to determine the period of minimum load on the server by executing query the content management system site 150 on the capture and transmission of data about the period of minimum load on the server. A means of coordinating 230 after reserving free checker 240 performs a request analysis tool 220 for sending suspicious objects in the period of minimum load on the server. The analysis tool 220, in turn, determines the amount of the minimum load on the server by executing query the content management system site 150 on the capture and transmission of data about the period of minimum load on the server. In response, the content management system site 150 captures and transmits data about a fixed period of minimal server load the analysis tool 220. Because the object is prepared for transmission and received data on a fixed period of minimum load on the server, the parser 220 performs a callback request to the means of coordinating 230 to the transmission of suspicious objects. A means of coordinating 230 initiates the sending suspicious objects in a minimal period the Noah server load, and analysis tool 220 transmits suspicious objects checker 240. In one embodiment, the implementation of the analysis tool 220 hides private information of a suspicious object by placing it in the database of the mask 170. The database mask 170 is used to store private information that was hidden during the transfer. In one implementation options of the detection of suspicious objects, the analyzer 220 determines the period of minimum load on the server before running the query tool coordination 230 to the transmission of suspicious objects checker 240. After determining the period of minimum load on the server analysis tool 220 executes the query tool coordination 230 to the transmission of suspicious objects checker 240, which is a response request to the means of coordinating 230. A means of coordinating 240, in turn, selects any checker 240 and initiate the transmission of suspicious objects during minimal load on the server, and the analysis tool 220 transmits suspicious objects checker 240. In one embodiment, the implementation with increasing load on the server a means of coordinating 230 on request to stop transmission of suspicious objects from analysis tools 220 may stop the transmission of suspicious objects and the Nova to query the analyzer 220 for sending suspicious objects in the period of minimum load on the server. After the inspection of suspicious objects and to develop procedures for the treatment of malicious objects checker 240 executes the query tool coordination 230 transfer procedures treatment of malicious objects the analysis tool 220. In turn, the means of coordinating 230 performs a request analysis tool 220 to transfer procedures treatment of malicious objects. The analysis tool 220 performs a response request to the means of coordinating 230 transfer procedures treatment of malicious objects. A means of coordinating 230 initiates the transfer procedures for the treatment of malicious objects, and the verifier 240 transmits treatments malicious objects the analysis tool 220. Next, the analysis tool 220 performs treatment of malicious objects. During procedures, treatment analysis tool 220 performs a request to the content management system site 150 to make changes in the site content objects. In one embodiment, the implementation of the analysis tool 220 periodically backs up the main important sites. If treatment of malicious objects that refer to important objects, and the ability to repair or change is missing, the parser 220 performs the replacement of essential invalid objects relevant objects from a backup. In this is case analysis tool 220 recovers from the database masking 170 previously saved data in the source view in the corresponding replaced objects. The importance of interest, frequency of backup, storage, backups may be determined by the administrator or determined statistically. As the database of the mask 170 and the database of the site's content 160 can be used in different kinds of databases, namely: hierarchical (IMS, TDMS, System 2000), network (Cerebrum, Cronospro, DBVist), relational (DB2, Informix, Microsoft SQL Server, object-oriented (Jasmine, Versant, POET), object-relational (Oracle Database, PostgreSQL, FirstSQL/J), functional etc. In one implementation options of the treatment system site content requires several verification tools 240. When there is a full-featured anti-virus program on the user's computer 120, it is possible check-in agent coordination 230 as a verifier 240. In this case, the means of coordinating 230 when searching for free checker 240 will take into account employment checker 240 installed on the user's computer. Verifier 240, antivirus installed on servers that allow the user in the absence of on their own personal computer 120 full-featured anti-virus program or, in the absence of their own computer to carry out the inspection and treatment of site objects under the control of sod is RIMM site 150, remotely. In addition, information may be dedicated servers 190, whose main task is to run anti-virus scan sites according to the algorithm described in this invention. The verifier 240 produces an anti-virus scan of suspicious objects, at least one of the ways anti-virus scan, for example, using signature analysis, heuristic analysis, and so on In one implementation options of the detection of suspicious objects, check which you want to perform immediately, the treatment site content can ignore the fixation period, the minimum load on the server. In this case, the analyzer 220 believes that the period of minimum load on the server is fixed and immediately executes a query to the tool coordinate 230 to the transmission of suspicious objects during minimal load on the server. A means of coordinating 230 selects any checker 240 and immediately initiate the transmission of suspicious objects. After validation is complete, develop treatment procedures and the receipt of a request from the verifier 240 transfer procedures treatment of malicious objects the analysis tool 220 a means of coordinating 230 performs a request analysis tool 220 to transfer procedures treatment of malicious objects. The analysis tool is and 220 immediately performs a response request to the means of coordinating 230. A means of coordinating 230 initiates the transfer procedures for the treatment of malicious objects, and the verifier 240 transmits treatments malicious objects the analysis tool 220. For detected objects to be accessed in any form will lead to a threat to the safety of objects and the user of this website analysis tool 230 can lock this object and to prohibit any appeal to him to cure or delete. If it is discovered multiple infection (change) of interest, the treatment of the content of the website 150 may block access to the site. The object or site may be unlocked by the decision of the administrator or the cure of all malicious objects. Fig.3 shows the algorithm of the treatment site content. At step 310, the analyzer 220 performs a request to the content management system site 150 on data about the state of the objects. Content management system site 150 transmits data about the objects of the analysis tool 220. The analysis tool 220 provides detection of suspicious objects by analyzing data about the objects. In case of detection of suspicious objects on the stage 311 analysis tool 220 performs a request to the content management system site 150 to receive suspicious objects, simultaneously, the analyzer 220 done is that the query tool coordination 230 to the transmission of suspicious objects checker 240. Content management system site 150 transmits suspicious objects to the analysis tool 220. In one embodiment, the implementation of the analysis tool 220 hides the private information of the suspicious object by placing it in the database of the mask 170. A means of coordinating 230 searches free checker 240, free reserves verifier 240. In one implementation options of the tool coordinate 230 performs a request analysis tool 220 for sending suspicious objects in the period of minimum load on the server. The analyzer 220 determines the period of minimum load on the server by executing query the content management system site 150 on the capture and transmission of data about the period of minimum load on the server. Content management system site 150 captures the period to reduce the load on the server and transmit data about a fixed period of minimal server load the analysis tool 220. After this, the analysis tool 220 performs a response request to the means of coordinating 230 to the transmission of suspicious objects during minimal load on the server. A means of coordinating 230 initiates the transmission of suspicious objects, and the analysis tool 220 transmits suspicious objects checker 240 for the inspection. At step 312 the verifier 240 undertake yet inspection of suspicious objects. If malicious objects are detected during the validation checker 240 generates treatments. Then the verifier 240 executes the query tool coordination 230 transfer procedures treatment of malicious objects the analysis tool 220. At step 313 the means of coordinating 230 performs a request analysis tool 220 to transfer procedures treatment of malicious objects checker 240. The analysis tool 220 performs a response request to the means of coordinating 230 transfer procedures treatment of malicious objects to the analysis tool. A means of coordinating 230 initiates the transfer procedures for the treatment of malicious objects, and the verifier 240 transmits treatments malicious objects the analysis tool 220. At step 314, the analysis tool 220 in accordance with the procedures of treatment are treating the malicious objects from the number of suspicious objects. During treatment analysis tool 220 performs a request to the content management system site 150 on changes in the detected malicious objects. In one embodiment, the implementation of the necessary analysis tool 220 recovers from the database masking 170 data in the source view in the corresponding replaced objects. Fig.4 is an example of a computer system is a General purpose personal computer or server 20, the content is of ASI the CPU 21, system memory 22, and a system bus 23 that contains various system components, including the memory associated with the Central processor 21. The system bus 23 is implemented as any known in the prior art tire structure, containing in turn the memory bus or memory controller bus, the peripheral bus and a local bus that can interact with any other bus architecture. The system memory contains a permanent memory (ROM) 24, random-access memory (RAM) 25. The basic input/output system (BIOS) 26 contains the basic procedures that ensure the transfer of information between elements of the personal computer 20, for example, at the time of loading the operating system using the ROM 24. The personal computer 20, in turn, contains the hard disk drive 27 for reading and writing data, a magnetic disk drive 28 for reading from and writing to a removable magnetic disk 29, and an optical drive 30 for reading from and writing to removable optical disk 31 such as a CD-ROM, DVD-ROM or other optical media. The hard disk drive 27, magnetic disk drive 28, and optical disk drive 30 are connected to system bus 23 via an interface of the hard disk 32, the interface magnetic disk 33 and the interface optical drive 34, respectively. The drives and associated computer storage media p is establet a non-volatile storage of computer instructions, data structures, program modules and other data to the personal computer 20. The present description discloses the implementation of a system that uses a hard disk drive 27, a removable magnetic disk 29 and a removable optical disk 31, but it should be understood that it is possible to use other types of computer storage media 56, which is capable of storing data readable by a computer form (solid-state drives, memory sticks, digital video disks, random-access memory (RAM), etc.) that are connected to the system bus 23 via the controller 55. The computer 20 has a file system 36, which stores recorded an operating system 35, as well as additional software applications 37, other program modules 38 and program data 39. The user can enter commands and information into the personal computer 20 through input devices (keyboard 40, a mouse 42). Can use other input devices (not shown): microphone, joystick, game console, scanner, etc., Such input devices as was their custom is connected to the computer system 20 through a serial port 46, which is in turn connected to the system bus, but may be connected in a different manner, for example, using a parallel port, game port or a universal sequentially the bus (USB). A monitor 47 or other type of display device is also connected to system bus 23 via an interface, such as a video adapter 48. In addition to the monitor 47, a personal computer may include other peripheral output devices (not shown), for example, speakers, printer, etc. The personal computer 20 can operate in a networked environment, using a network connection with another or several remote computers 49. The remote computer (or computers) 49 are such as personal computers or servers that have most or all of the elements mentioned, mentioned previously in the description of the being of a personal computer 20 shown in Fig.4. In the computer network can be other devices, such as routers, network station, a peer device or other network nodes. The network connection may form a local area network (LAN) 50 and a global area network (WAN). Such networks are used in corporate computer networks, internal networks of companies and, as a rule, have access to the Internet. In the LAN or WAN networks personal computer 20 connected to the LAN 50 via a network adapter or network interface 51. When using networks, personal computer 20 may use the modem 54 and the and other means of communication with the global computer network, such as the Internet. The modem 54, which is an internal or an external device connected to the system bus 23 via the serial port 46. It should be clarified that the network connections are only approximate and are not required to display the exact network configuration, i.e., in reality there are other ways of establishing a connection technical means of communication from one computer to another. 1. Treatment system site content, which includes: 2. The system under item 1, in which the analysis tool performs a transfer request objects content management system site and directly analyzes the content objects of the site, not the state of the object content of the site. 3. System p. 1 in which optionally use the tool coordinate that is designed to search for free checker, backup free checker, initiate transmission of suspicious objects of the site content, initiate the transfer procedures treatment of detected malicious objects of the site's content. 4. The system under item 3, in which the analysis tool is also designed to determine the period of minimum load on the server that hosts the website, by executing query the content management system site on the fixing period of minimum load on the server that hosts the website. 5. The system under item 4, in which the tool coordinate after rezervirovat the Oia free checker performs a request analysis tool for sending suspicious objects the content of the site at the time of minimum load on the server, hosting a website. 6. The system under item 4, in which after receiving the response request from the analysis tools for transmission of suspicious objects the content of the site at the time of minimum load on the server that hosts the site, the means of coordinating initiate the transmission of the content objects of the site at the time of minimum load on the server. 7. The system under item 4, in which with increasing load on the server that hosts the site, the means of coordinating the request to stop transmission of the content objects of the site analysis tools stops the transmission of the content objects of the site and again executes the query, the analysis tool to transfer objects the content of the site at the time of minimum load on the server that hosts the website. 8. The system under item 1, in which optionally use the database mask that is used to store private data of suspicious objects of the site content in a disguised form. 9. The system under item 8, in which the analysis tool is also intended for hiding private information of a suspicious object, site content and placing it in the database masking. 10. The system under item 9, in which the analysis tool is also intended to restore from the database masking the data in the source view in choosing the proper objects of the site's content. 11. The system under item 1, in which the content management system site during procedures, treatment analysis tool restores damaged object content of the website and associated content objects of the web site. 12. The system under item 1, in which the content management system site during procedures, treatment analysis tool replaces a damaged object content of the website and associated content objects of site relevant content objects site periodically backups. 13. The system under item 1, in which the content management system site during procedures, treatment analysis tool removes malware site content and the associated content objects of the web site. 14. The system under item 1, in which the checker is located on the personal computer of the user. 15. The system under item 1, in which the checker is located on the anti-virus server. 16. The system under item 1, in which the analysis tool optionally restricts access to the object content of the site. 17. The system under item 1, in which the parser, if necessary, restrict access to the site, which includes a change in at least one of the objects of the site's content. 18. The method of treatment of the site content, in which: 19. The method according to p. 18, in which step b) conceal private information in a disguised form of a suspicious object, the content of the site. 20. The method according to p. 18, in which step d) additionally restore private information in the source view to the corresponding objects of the site's content. 21. The method according to p. 18, in which in the course of procedures, treatment restores damaged object content of the website and associated content objects of the web site. 22. The method according to p. 18, which in the progress of the treatment procedures replace the damaged object content of the website and associated content objects of site relevant content objects site periodically backups. 3. The method according to p. 18, in which in the course of procedures, treatment removes malware site content and the associated content objects of the web site. 24. The method according to p. 18, which restrict access to malicious site content object. 25. The method according to p. 18, which restrict access to the site, which contains at least one malware site content.
|