ZERO-HOUR QUARANTINE OF SUSPECT ELECTRONIC MESSAGES

摘要

The zero-hour quarantine comprises a tool for flagging potentially harmful messages/files prior to having an anti-virus signature published for a particular virus. The suspect file is sent to the zero-hour quarantine and periodically scanned, giving time for creation of a signature file that would then detect the virus. An example method may include receiving and examining a message for attributes indicative of its undesirability, and assigning a threat score to the message. The method may comprise disposing of the message by comparing the threat score to first and second thresholds, and the message sent to a permanent quarantine if the threat score passes the first threshold. The message is sent to the zero-hour quarantine if the assigned threat score does not pass the second threshold but passes the second threshold, or is delivered to the recipient if the assigned threat score does not pass the first or second threshold.