Nod Scanning within Zipped files

Hi All,
I have just purchased NOD32 after giving up with Norton AV 2003 and it's resource hogging. However I have one or two concernes with NOD32. The other AV suite I have been testing is Panda Titainium Edition which seems to check within ZIP files better than NOD. As an example on the eicar testfile site there are four examples you can click on (one is a text file so I'll ignore that one) to attempt to download, a "naked" eicar.com file and two zipped versions. one zipped just once and the other a nested zip. While Panda readily detected all three examples before I even got the "save" dialog box, NOD32 could only detect the "naked" one and let me download the other two without any reaction at all, only (finally) reacting when I attempted to extract the zips. The same happens with the e-mail scanning, the only the "naked" one is recognised as a virus, the zipped ones let through with no problem.
I have set zip files to be scanned in Amon (along with ace,rar and other compression formats) but it doesn't seem to be actually doing this.
As NOD32 is recognised on almost every Anti-Virus software reviews site as being one of the best I am fully prepared to accept that it is something that I have got wrong rather than a NOD failing (surely Panda isn't a better product than NOD? none of the review sites state this)

So, what could I be doing wrong in the Amon set-up that makes it not scan zipped archives? Anybody got any clues please?

TIA,
Trev

 

By design amon will not detect virus inside of zipped(archived) file( since is totally harmless). However during extraction of zipped files amon will block or detect infected files!


Technodrome

 

Hi, thanks for the prompt reply. I'm not too sure I like the idea that an AV product won't scan within compressed archives. I know that any infection is safe while it's in the archive but my wife uses this machine as well as myself and I would be much happier if I knew that infected files would be stopped *before* they even got to my HDD rather than have them waiting there to be "activated". Seems a bit like being happy having a time bomb under my seat so long as it's not ticking to be honest. I wish I had know this before I paid out for NOD32, I'd have gone with Panda instead. I would suggest that is is something that the Devs *must* look at implementing in the next version, it is now common in nearly all other AV products.

Trev

 

Go into setup. You will see a check box to allow NOD32 to scan archives. Works like a charm.

Phil

 

Hmm...I believe he asked about amon(not NOD32 main scanner) not detecting zipped viruses "on fly" ( such as DrWeb or KAV).


Technodrome

 

Are you trying to say I should actually READ the post before I reply? Jeez!!

Phil

 

Yes I insist! (At least read between paragraphs)


Technodrome

 

I noticed that too, and I noticed that Panda would also scan them by right clicking on the zipped file only.. Even if they were double zipped.. However, after the havoc that just the trial version of Panda did, I would stay clear away from them.. It slowed my computer to a crawl, and some of it's def's I guess contain actual virul strings, which caused other AV's except Nod32 to send off a false positive, depending on your point of view. I agree with Technodrome's advice.. If it's not a virus, it at least won't give off a falsie! However, I DO think that if someone right clicks on a zipped, or even double zipped file, it should be detected... I have my settings checked on archives, and if I right click scan on Eicar zipped once or twice, NOD32 won't detect it. Does that sound right to you?

I liked Alwil Avast for that..Out of all the other AV's I test drove, it did good. However, I always have one eye glued to Virus Bulletin, and I don't feel comfortable with anything but NOD32 at this point. Maybe later, I'll change my mind. Who knows...

 

Hmmm... NOD32 Explorer right click scan option (if you are talking about this one) will detect archived virus.


Technodrome

 

Scanning inside the zips is technically, no big deal. But if you assess the risk from not scanning inside the zips on the fly (but detecting any risky file on zips extraction) and their costs here is the conclusions: going inside the zips would eat some portion of your computer speed but would not give you any real increase in the level of protection.

I can live without scanning zips on the fly very well.....

 

I agree with you, with one exception and that is that my machine is used by my wife, quite often unsupervised, who's computer literacy is at the point of launching Ebay from the favourites bar in IE. I would much rather be confident that malicious files can be detected by my AV product *before* they get to my HDD whether through clicking on a link or via e-mail. While I'm not overly confident in Panda with respects to it's on demand scanning or it's database, it does at least out perform NOD32 in this, to me, very vital respect.
I am sticking with NOD32 at the moment as I have just paid for it but I would like to see this feature in future updates/versions. It still seems to me, to be a very strange ommision from what is in all other respects one of the best AV products available.

 

"Go into setup. You will see a check box to allow NOD32 to scan archives. Works like a charm.

Phil"

Phil, which "setup" does this check box appear in? I can't find it in Amon or the Control Center on my version of NOD32.

 

navalair - Start/Programs/Eset/Nod32/"Set-Up' tab, under "Diagnostic Methods". Pete

 

I doubt that AMON will ever scan inside an archive. Why would it ? Why would it need to ? It's an on access scanner ... watch it go berserk if you try to unzip an infected archive.

If you tell the NOD32 on demand scanner to scan inside archives, it will ... whether doing a full scan or looking at an individual .zip with the contect menu right mouseclick.

A virus inside a .zip archive is not a virus per se ... it becomes a virus when you extract it ... and even if you don't tell the NOD32 on demand scanner to scan inside archives, AMON will block extraction, leaving the harmless non-virus trapped inside the archive.

Scanning inside archives within archives within archives to the power of N*15000 in 800 different formats is a marketroid creation anyway. We managed to survive for more than ten years without in-archive scanning, but end users have been snake oiled into thinking it's a Good Thing, and now we're stuck with it. I've always thought it was a crock ... and no-one has ever come up with a convincing argument to prove it's not.

 

I hope it will never unless it can be unactivate : waste of time an resources

I don't see any good reason to scan inside archives.

Each AV has its limits : when x times compressed no AV detects infections inside archives, I gave while ago an URL for testing purposes with different compressing rates.

Scanning inside archives is totally useless and just a stupid commercial argument for lambda users IMHO

Rgds,

 

I can't prove "it's a good thing" but I can give a reason why I like it (and have in my previous posts). My wife uses this PC, she is completely PC "unsavy", she knows how to use e-mail, go to Ebay and play games on MS's Zone.com and that is as far as her knowledge goes. She uses this machine unsupervised quite often and I would feel a LOT happier if I knew that if she recieved an e-mail with a compressed archive that was malicious, it would be automatically detected and cleaned before she got the chance to try to extract it. The same with a file download, I would be happier if it was detected before it was downloaded.

The "right click on demand scanning" isn't an option in this instance as she would have to be "savy" enough to navigate to the folder it was saved to and then right click etc. She isn't "stupid" by any means, just not interested in the "ins and outs" of computers, she just want's to be able to "use it" in the same way she uses a TV. Not worrying what's going on in the background.

In this situation, and others I can think of, Amon scanning within compressed archives would, to my mind, be a "good thing" with very little down side. After all it could be a switchable option just as it is on the on demmand scanner, there to be used if you want to. Just a way of making PC's a little more "user friendly" and "fool proof". Not everybody wants to get "under the hood" of their PC, some just want to be able to "use and go".

Trev

 

Hi Trev,

I don't quote catch why you would feel safer this way ?
Anyway if she tries to unpack, the virus will be stop cold blood.
If it's a downloadable file, no way to see whether it contains BEFORE the download is complete. Most d/l managers have a feature allowing to scan automatically d/l files with your AV when d/l is complete.
I have a zipped collection of virus/worms on my machine.
If I want to play with, I have to unactivated NOD32 or no way to go : impossible to run any virus

What do you fear exactely ?

Password protect NOD32 so you wife might not disable it by inadvertence and you would be perfectly safe

Rgds,

 

what or who is lambda user ? Tnx 4 answer.

 

>Scanning inside archives is totally useless and just a stupid commercial argument for lambda users IMHO

Oui, d'accord, mon ami!

I cannot think of one practical use for it ... not even Trevor's.

(Trevor ... your wife is no more likely to infect your PC by not scanning inside downloaded archives than she is if she tries to unpack and install them. AMON is watching!)

 

> The "right click on demand scanning" isn't an option in this instance as she would have to be "savy" enough to navigate to the folder it was saved to and then right click etc.

If she can't find the archive then she can't extract the files. You can do the right mouseclick trick when you arrive home.

(Sorry ... I just couldn't help myself.)

 

the average user : "l'utilisateur moyen" :
you, Trevor's wife and me

 

Lol, yes I knew the dictonomy when I wrote it but I'm afraid that after years of experiece with Pc's ( I was doing Dbase systems in the Mid 80's) "if it can go wrong, it will". I would rather prepare, and have an answer for, all/most eventuallities, than have regrets. You can call me paranoid of you like, I'm used to it, after more re-installs that I have had "hot dinners" you would be the same.....

Trev

 

Thanks for explanation. I'd correct the explanation to Trevor's wife and you

 

Rod's First Law of Computing .....

"Some computer users should be compelled to wear boxing gloves 24/7"

 

lmao, some users should only be able to watch through toughened glass in a locked room