What can an AV check and what can it not check - and if it find something - when can it not clean/delete/vault it?

Pls help compare AVs when it comes to ie:

I sent a clean file to work - their AV rejected the file as a "virus?".
I zipped the file - aent again - and it came right through to my inbox at work. Not a "virus?" this time.

Whats this about? Are their other files that AVs cant scan - or are there some AVs who can?

Pls help me understand - if possible :-)

Best Regards

-{ Quote: "What can an AV check and what can it not check - and if it find something - when can it not clean/delete/vault it?

Pls help compare AVs when it comes to ie:

I sent a clean file to work - their AV rejected the file as a "virus?".
I zipped the file - aent again - and it came right through to my inbox at work. Not a "virus?" this time.

Whats this about? Are their other files that AVs cant scan - or are there some AVs who can?

Pls help me understand - if possible :-)

Best Regards" }-

The better AV software will scan archive files.
Norton AuntieVirus does.
Check product info at each web site, e.g., http://www.symantec.com/

-{ Quote: "

I sent a clean file to work - their AV rejected the file as a "virus?".
I zipped the file - aent again - and it came right through to my inbox at work. Not a "virus?" this time.

Whats this about? Are their other files that AVs cant scan - or are there some AVs who can?

Best Regards" }-
A lot of AV's on-access Monitors either do not have the ability to scan archives/zipped files or are not set to scan these files in the default settings. This is because this may cause system slowdown.

Therefore, I presume your work AV was one of these AV's. Your initial unzipped file was therefore not clean or a false positive.
-{ Quote: " The better AV software will scan archive files" }-
Not all AV Real-Time Monitors have the ability to scan inside archives. NOD and KAV 5 for example.

The last two AV vendors are no slouch in detection rates but at the present time they do not offer this scanning choice. The main reason being that it may slow down the performance considerably. But any malware can be picked up in the archive when it is extracted, then the RTM jumps in. So most AV companies leave archive scanning to the on-demand scanner.

So to answer your question, yes there are differences in the files that different AV's can scan. Further, there are differences in the files that an on-access scanner and on-demand scanner of the same AV are set to scan.

In using an AV in real time a balance must be achieved between protection and performance. Therefore in most cases the RTM is not set to scan all files.

With run-time packed files there are even bigger differences between the different AV's.

It's almost certainly NOTHING to do with viruses or infected files but almost all company networks nowadays are set up to reject all .exe files as they MIGHT contain a virus

Thank you guys - thats the answers I was looking for! Understand better now.

Best Regards