It seems to me that the /all NOD32 scanner command-line switch doesn't work as expected (by me, anyway).

I would expect it to cause NOD32 to scan all of the files asked of it on the command-line, but it doesn't: archives and packed files are still ignored. An easy test is to download the eicar_com.zip file from www.eicar.com and then scan it with the NOD32 command-line scanner. Re-scan the same file after adding the /arch+ switch and see the difference.

Now, I can live with the issue to a point: by using Paolo Monti's useful Shell Power for NOD32, and changing the command-line switches it passes to NOD32, I can have NOD32's Explorer context menu entry scan zip files.

However, we also run a network firewall (Kerio WinRoute) which interfaces directly to NOD32 by calling the exported NOD32_ScanFile() function of nod32.dll - this also fails to scan zip archives, for - I am guessing - the same underlying reason.

The /all switch will only make it look for renamed executables and such.. It only affects which file extensions are scanned, not "internal scanning". You should still add /pack+ and /arch+ to scan packed files and archives.

Best regards,
Anders

-{ Quote: " quoting: anders link=board=39;threadid=13785;start=0#msg87862 date=1063626404]
The /all switch will only make it look for renamed executables and such.. It only affects which file extensions are scanned, not "internal scanning". You should still add /pack+ and /arch+ to scan packed files and archives." }-
Sorry, what are renamed executables? So, what extensions are scanned when /all is specified?

Whatever the meaning of /all, if I specify a file on the command line, say C:\path\file.zip, then I expect that file to be scanned. It is not. Not only that, NOD32 reports in the scan results window that the file *has* been scanned when in fact it has not. This is an easy way for a virus to get through.

If NOD32 doesn't scan one or more of the files passed on the command line, I would expect it to tell me, rather than falsely claim that it has.

So, the /all switch doesn't mean "all" - perhaps it should be renamed '/some'?? I'm not trying to be facetious here, but NOD32 definitely misleads in this case.

With "/all" it "checks" files of all extensions, instead of the standard extensions. It still "checks" if "file.zip" is an infectable format, and scans it for viruses. Though, you still need "/arch+" in order for it to decompress archives it detects. "/all" just means scan all extensions. If you have an infected file named "file.exe", and renamed it to "file.zip" or "file.blah", it would be detected with "/all", but if it's an archive, the files inside it won't be scanned unless "/arch+" is specified.

I don't think it's THAT weird.

Best regards,
Anders

Anders:

I appreciate your response, but whether you consider the switch weird or not is missing the point: unless the /arch+ switch is specified NOD32 does *not* (unpack and) scan zip files, but it does falsely claim that it has done so. This is plain wrong, and simply dangerous.