Symantec has been awarded a patent for a five-year-old technology that allows anti-virus researchers to scan multiple parts of a file for signs of virus infections.

The US Patent and Trademark Office awarded Symantec patent 6,851,057 for "Data driven detection of viruses". The technology has been used across Symantec's anti-virus product line since 1999, according to Carey Nachenberg, the inventor and a chief architect in Symantec's antivirus labs.

The patent specifically refers to a "virus detection system (that) operates under the control of P-code to detect the presence of a virus in a file having multiple entry points," but the reach of the patent could be much more broad, said Michael Schallop, director of intellectual property at Symantec. "What's patented is a technology to use an intermediate language to drive anti-virus functionality such as scanning and emulation," he said.

That could refer to any technology that allows anti-virus researchers or anti-virus products to use scripting to determine, dynamically, where in a file to scan and detect threats. It could also include the use of Javascript or other common scripting languages to direct anti-virus scanning, Schallop said.

Symantec hasn't reviewed competitors' products to see if they might use its patented technique. Schallop said that the company is primarily interested in demonstrating its "thought leadership" in anti-virus technology, and declined to speculate on whether the company would try to enforce its patent.

The newly patented technology was developed to improve on traditional anti-virus scanning methods that simply searched the beginning and end of files for signs of infection, which is where an older generation of viruses operated, Nachenberg said.

Using his patented invention, researchers can write instructions using a scripting language called P-code to direct an anti-virus engine to scan specific areas of a file. Areas, or "entry points", that may be infected by a virus can be submitted to a virus emulation module to determine whether the file is corrupted, according to a copy of the patent.

The technology is compared to a targeted x-ray or magnetic resonance imagery scans that are directed by a physician at specific areas of a body that are known to harbor signs of illness.

The patented technique makes it easier for antivirus products to detect a wide range of malicious code, including spyware and Trojan horse programs, in addition to viruses. Researchers can also use data-driven detection to respond to new malicious code developments, using P-code scripts to address new file formats or infection strategies. The technique was first prototyped in 1999 and it has been used across Symantec's anti-virus product line ever since.

The computer security market has been fertile ground for patent attorneys in recent years. Symantec was forced to pay $62.5 million in April 2004 to acquire a patent from Clearswift that covers computer hardware and software that scans data in transit between two "mediums".

In January, McAfee was granted patent 6,839,852 for a "Firewall system and method with network mapping capabilities," which has applications for network traffic monitoring between a local and remote computer and pinpointing the geographical source of an attack.