AntiVir PE Guard and archives

Discussion in 'other anti-virus software' started by DaveD, Feb 6, 2007.

Thread Status:
Not open for further replies.
  1. DaveD

    DaveD Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    54
    I understand that AntiVir PE is excellent and thorough with archives when running a system scan. However, it would seem that the Guard for real-time scanning of archives is quite limited.

    I was testing it with Thunderbird to see how well it reacts to viruses in the mailbox in real-time with the EICAR sample in a 7z archive and a 7z SFX archive.

    - It did not alert me when receiving the messages with those attachments
    - It did not alert me when saving those attachments to the hard drive
    - It did not alert me when viewing the archive contents in 7-Zip

    The only time it alerted me was when I extracted the archives. This leads me to believe that AntiVir PE does not scan MIME types (Thunderbird Inbox file) or archives real-time. The option to scan archives in the Guard settings is checked but must relate only to files compressed with run-time packers, but I thought that might have included the 7z SFX archive.

    This is good in a way because now I know AntiVir PE will not destroy my Thunderbird Inbox if a virus was found. But I thought that it would have at least scanned the archives when saving to the hard drive, that is not so good.
     
  2. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    As far as I can tell, AntiVir Guard does not scan inside archives. From my personal POV, I wouldn't necessarily classify this as a shortcoming, though. The important thing for me is that the Guard nabs the malware before it causes any damage, and so far it's been doing a fine job of that.
     
  3. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    The Guard does not scan archives, SFX or emails on-access. But as soon you extract the executable object from the container, it will catch it.
     
  4. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    This is not unique to AntiVir, other AVs are the same. The latest Kasperky, for example, does have the option to scan archives with the Guard (in the past it didn't) but it is switched off by default and is not a recommended setting. The problem is resource usage if you have large archives to deal with. If you wish to check an archive before saving it then just do a right click scan because demand scanners do look into archives.
     
  5. DaveD

    DaveD Registered Member

    Joined:
    Jan 24, 2007
    Posts:
    54
    Everything that the three of you have said makes perfect sense. If the scanner is going to pick up the malware when executed anyways, then it makes sense not to waste resources of real-time scanning of those archives.

    TopperID, what you said about Kaspersky making that default in their latest programs goes to show also that it really isn't necessary. Kaspersky could also use the extra performance gained by this as well.

    I am always all about performance on my PC and I am pleased with the comments thus far regarding real-time archive scanning.

    Thank you to everyone who has posted their comments on this.
     
  6. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
     
Thread Status:
Not open for further replies.