Emsisoft not detect a virus in a zipped file

Hello guys. I've a problem with my antivirus, Emsisoft Antimalware. When I scan a virus inside a zipped archive, EAM doesn't detect anything.
If I manually unzip this archive, then scan the unzipped file, EAM detects it. Is this a normal behavior?

Thanks

Best regards

 

Malware embedded in a zipped file is usually harmless as it can't execute. I don't know if it is normal behaviour, but I wouldn't worry if I were you.

 

I understand it, but it would be great the antivirus detected this malware before i unzipped the file. Previously i had installed Comodo IS and the viruses were detected even if you don't start an on demand scan.

 

That's interesting. Last time I looked, CIS on-access scanner didn't have the option to scan inside archives.

 

I'm in contact with Emsisoft support. They are checking the file i've sent them by email.

 

I can not say anything about Emisoft, but for Avira for example, real time guard won't scan archives with default settings. On the other hand 'system scan' will scan all archives, maybe you should check your configuration parameters.

Real time guard usually doesn't scan archives to save time, as if it is infected, it will be picked up once extracted.

 

I've found an older post:

http://support.emsisoft.com/topic/9474-problems-with-virus-in-zipped-files/

I'm not too agree with this behavior. I think it can be dangerous not know if a file is infected until it decompresses (especially if we think that this file can be sent to other users)

 

It is a trade off, either set your AV to scan archives and it will use more memory/CPU, or leave as default and know your machine is protected in any case.

If your mail provider is any good they will be scanning those archives at any rate so you shouldn't have to worry about other machines.

 

Not really; it won't self-execute upon extraction, and the real-time protection catches it when it is extracted if it is a known piece of malware.

 

The Threat is the Extracted file; not the Compressed one.

 

Or you can just simply right click and scan it. (BTW, now that i think of it, i'm not sure if it scans inside archives when using the right click scan Hahahaha)

 

is there any way to force EAM to scan inside archives when scanning "On-Demand"?

 

Depends on which scan mode you use, i think both "Deep Scan" and "Custom Scan" scan inside archives.

 

no i don't think they do
when i used Deep Scan it failed to recognize some archive packed malware which both the A and B engine detected when i unpacked them

 

Custom scan does scan inside archives you just have to activate it when customizing the scan. Not sure about Deep Scan though.

 

where exactly do i enable that option?
with screenies pretty please?

 

BTW, i have confirmed that Emsisoft Anti-Malware "Deep Scan" scans inside archives.
There it is.

 

Don't worry guys, Emsisoft got you covered.

 

Thank you mate
can EAM scan inside .iso too? (BD and Avira can)

 

According to Emsisoft support:

"Actually it has nothing to do with what type of file is in the archive but which engine actually detects it. Our own engine does not scan within archives, ever. So if a malware file is only detected by our engine but not by BitDefender, it won't be detected within archives. This isn't a big deal though as malware stored within archives is essentially rendered harmless. It only becomes a danger to your system when it is unpacked and executed which would both be intercepted by the File Guard.

This behavior won't change either as it would significantly slow down the entire scan process without actually improving the security for anyone. "

 

Other engines do it, so it must not be as big a performance drain as Emsisoft claims it is. For the real-time scanner, they could just impose a file-size limit. And for on-demand scans, well, to be honest the decision to scan archives or not should be optimally left to the user

But I can't argue with the fact that it doesn't really improve the protection. However, the idea of having archives loaded with trojan droppers sitting somewhere on the HDD without my knowledge isn't particularly encouraging either

 

I agree

 

A little tip here.

You should do manual scan on anything you download. Especially zipped files and the like since as has been said previously, most AVs do not scan archives by default. Note that many AV scanners are "reputation" based these days. I never have trusted the "community" to determine what is or is not a safe download.

 

Just to make sure of it, i downloaded the Eicar test file zip and scanned it manually using the context menu (Right click) and it detects it.

 

That's great.