Remote malware scanning capable of static and dynamic file analysis

摘要

A method of remote malware scanning comprises comparing at a first node (e.g. a host) file items of an electronic file (e.g. an Android app) to be scanned for malware with the file items of previously scanned electronic files that include a predetermined number of same file items than the app to be scanned, and generating a recipe that includes information for identifying the previously scanned app and one or more file items included in the app to be scanned, and the result of the comparison. The recipe is used at the server to reconstruct the app and execute a dynamic malware analysis on a runtime behaviour of the reconstructed app. The server may then send the result of the analysis to the host. A malware property query may be performed for the app and its file items before the aforementioned method, and the method may be initiated if the query yields an inconclusive result. Upon receiving the recipe, the server may request any missing files, i.e. files that are not readily available at the server or not sent along with the recipe, from the host.