NOD32 & ziped_compressed files

HI:
I have used PC-Cillin for past 3 years and I do really like it.

However, I had not heard of NOD at the time of purchase [quiet achiever heh!] and probably [make that would have] purchased NOD32 if I had known about it back then. I am GOING to purchase NOD when my current licence expires in Feb, but hope the new NOD version is out before that.

My question: How good is NOD at scanning zipped/compressed files.

Oh I know all the good folk around will say it scans zip. double zip, rar, etc. etc. PC-Cillin detects all except one... the .SIT files created by Aladdin's Stuffit program [Mac proggy, I am using the Windows version, much much easier to use than ZIP IMHO, and a lot faster and more compression].

I have added .SIT to my 'Compressed' list, but when I put the Eicar 'Test String' inside a doc and compress it with 'Stuffit' and scan it does not alarm. Then put the same file in a ZIP/double ZIP/even triple ZIP and it alarms.

It alarms on everything else I test.

Will NOD detect .SIT compression. Everytime I look at AV's and see the compression lists, I NEVER see .SIT mentioned. [Have not seen NOD's].

Would someone who has it, do a test and tell me or if someone already knows 'for sure'. This seems to be one of the main compression proggys out there yet it's never mentioned in the compression lists of AV detection.

Thanks for any responses.

 

That was quick. thanks Paul
Originally I had emailed Trend about it, and their 'Service Department' said they would look into it. That was when I had PC-Cillin 2000. When I updated to 2002, got the same result, no scan of .SIT files. *sigh*

thanks again for reply. will check back later, will be going to work here now and not back until about 10 hours.
Cheers.

 

Hey Tassie,

it has been forwarded to the guy who is carrying about the archives here. Thanks for the tip.

rgds,

jan

 

One major reason for this AFAIK, is that StuffIt is 99.9% Macintosh. Sure, I've seen that StuffIt is available for Windows, but I've NEVER EVER seen a .sit-archive for anything else than Macintosh.

In the Windows-world, it's (as you surely know) mostly ZIP (though, I prefer RAR (WinRAR)).

Personally, I don't care THAT much for scanning inside of archives. Sure, it's a good feature, but, I most often leave it disabled when scanning. First of all, scanning of archives won't increase protection. (It could possibly help determine the source of infection though)

As long as a resident antivirus is loaded, no known viruses will be allowed to execute.

Best regards,
Anders

 

Correct!   In my opinion, the single feature that has slowed down anti virus utilities (and your computer in general) more than any other is the ability to scan within archives, a feature that I'm sure was demanded by the public and of little value, if any at all.

 

HI guys. Thanks for the responses.

The Stuffit Program for windows has FULL functionality in all aspects, including archiving.
Attached shot shows Stuffit Browser itself with cursor pointing to Archives. [could not get a screen capture showing the 'tool tip' wording of 'Archive']

I only wanted to know if it does or not, and if it's 'not that important' then why does the Eicar site have those 'tests' for zip and double zip scanning. Seems to be a big deal if AV's can/cannot scan within those compressed archives, a lot of AV vendors make an issue of it.

So what you Anders and scotterpops are saying, why bother with scanning compressed files, as long as resident scanning engine running?

Cheers.

edit: typo

edit: PS: Also Stuffit has separate program for 'Stuffit' and 'Zip' files. You can 'unzip' or 'expand' any compressed file with 'Expander'. You can also use 'Drop Zip' or 'Drop Stuff' to either zip or stuff a file, so if sending a normal compressed file to someone who does not have Stuffit, just use Drop Zip and they can open with their own WinZip, etc. Very handy. I found it much faster than WinZip. Have not tried WinRAR Anders

 

DropZip!!!

 

Sure, there's nothing negative about scanning archives (in an on-demand scanner... I would NEVER want an on-access scanner to scan archives).

However, StuffIt isn't THAT common (in the Windows world) so, that's probably why it doesn't have high priority for the different antivirus vendors.

Best regards,
Anders
EuroSecure

 

Actually KAV (Kaspersky) does have this capability, to scan compressed files on-the-fly: but I think that option isn't turned on by default, because it causes a sluggish response on most systems.

Agreed: NAV doesn't have this capability either.

 

Hi Randy, Anders, Paul.

OK, so I guess the short answer is no to scannin SIT files.
Thanks for replies.

I also realise that compressed are safe unless extracted and try to execute a dangerous file, that never was an issue.

I only wanted to know if it did scan SIT, it wasn't a problem, just curious. As I stated earlier one of the 'tests' from Eicar was the ability to scan single/double zip files, and since I had Stuffit and PC-Cillin could not, just wanted to know if other AV's could.

I am in no doubt as to the marvellous ability of NOD at all. I most certainly will be getting it when the new version comes out.

Once again thanks to all who replied.