I understand that AntiVir PE is excellent and thorough with archives when running a system scan. However, it would seem that the Guard for real-time scanning of archives is quite limited.

I was testing it with Thunderbird to see how well it reacts to viruses in the mailbox in real-time with the EICAR sample in a 7z archive and a 7z SFX archive.

- It did not alert me when receiving the messages with those attachments
- It did not alert me when saving those attachments to the hard drive
- It did not alert me when viewing the archive contents in 7-Zip

The only time it alerted me was when I extracted the archives. This leads me to believe that AntiVir PE does not scan MIME types (Thunderbird Inbox file) or archives real-time. The option to scan archives in the Guard settings is checked but must relate only to files compressed with run-time packers, but I thought that might have included the 7z SFX archive.

This is good in a way because now I know AntiVir PE will not destroy my Thunderbird Inbox if a virus was found. But I thought that it would have at least scanned the archives when saving to the hard drive, that is not so good.

As far as I can tell, AntiVir Guard does not scan inside archives. From my personal POV, I wouldn't necessarily classify this as a shortcoming, though. The important thing for me is that the Guard nabs the malware before it causes any damage, and so far it's been doing a fine job of that.

The Guard does not scan archives, SFX or emails on-access. But as soon you extract the executable object from the container, it will catch it.

This is not unique to AntiVir, other AVs are the same. The latest Kasperky, for example, does have the option to scan archives with the Guard (in the past it didn't) but it is switched off by default and is not a recommended setting. The problem is resource usage if you have large archives to deal with. If you wish to check an archive before saving it then just do a right click scan because demand scanners do look into archives.

Everything that the three of you have said makes perfect sense. If the scanner is going to pick up the malware when executed anyways, then it makes sense not to waste resources of real-time scanning of those archives.

TopperID, what you said about Kaspersky making that default in their latest programs goes to show also that it really isn't necessary. Kaspersky could also use the extra performance gained by this as well.

I am always all about performance on my PC and I am pleased with the comments thus far regarding real-time archive scanning.

Thank you to everyone who has posted their comments on this.

{QUOTE-> This is not unique to AntiVir, other AVs are the same.QUOTE]

maybe some are the same, but not all, i know dr.web can scan archives in realtime and also through the mailbox, no problem.

dr.web will keep the archive but delete whats inside that is a threat, pretty cool (At first i though, its not deleted it, but when i tried to unzip it, the dodgy file had gone)