The invention discloses a method and device for safety judgment based on the consistency of an expanded name and a
file format. The method for safety judgment based on the consistency of the expanded name and the
file format comprises the following steps that a format of an expanded name of an
object file to be detected is obtained; the characteristics of the
object file to be detected are extracted, matching is conducted on the characteristics of the
object file to be detected and characteristics in a
file format base, and if matching is successful, an actual format of the object file to be detected is recorded; comparison is conducted on the actual format of the object file to be detected and
executable formats of an overflowing
knowledge base, if comparison is successful, whether the actual format and the format of the expanded name are consistent is judged, and if the actual format and the format of the expanded name are not consistent, it is determined that a
threat to the object file to be detected exists. By the adoption of the method and device for safety judgment based on the consistency of the expanded name and the file format, the defect that traditional anti-
virus software cannot cope with the situation that detection is eluded through change of an expanded name is overcome, the method for safety judgment based on the consistency of the expanded name and the file format is put forward innovatively, the problem of a safety
threat caused by change of the expanded name is effectively solved, and the
detection rate of the anti-
virus software is improved.