Archive scanning

Discussion in 'other anti-virus software' started by C.S.J, Jun 17, 2007.

Thread Status:
Not open for further replies.
  1. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    quick questions,

    is archive scanning really needed?
    what difference in security would it make if it was disabled?


    also, a bug that i must report is, even tho the log is CORRECT and states 85923 files scanned when archive scanning is disabled, the actual program states it has scanned 195573 which is more than the time taken with archive scanning enabled.

    archive scanning enabled

    Objects scanned: 109087
    Infected objects found: 0
    Objects with modifications found: 0
    Suspicious objects found: 0
    Adware programs found: 0
    Dialer programs found: 0
    Joke programs found: 0
    Riskware programs found: 0
    Hacktool programs found: 0
    Objects cured: 0
    Objects deleted: 0
    Objects renamed: 0
    Objects moved: 0
    Objects ignored: 0
    Scan speed: 748 Kb/s
    Scan time: 00:41:33

    archive scanning disabled

    Objects scanned: 85923
    Infected objects found: 0
    Objects with modifications found: 0
    Suspicious objects found: 0
    Adware programs found: 0
    Dialer programs found: 0
    Joke programs found: 0
    Riskware programs found: 0
    Hacktool programs found: 0
    Objects cured: 0
    Objects deleted: 0
    Objects renamed: 0
    Objects moved: 0
    Objects ignored: 0
    Scan speed: 422 Kb/s
    Scan time: 00:35:28

    edit: the log is correct and the GUI i think, because i did the 2 scans in the same session, i believe it adds the total session scanned files on the GUI.
    im not sure if this is a good thing or not, but at least the log seperates the amount of scanned files per each scan.
     
    Last edited: Jun 17, 2007
  2. Londonbeat

    Londonbeat Registered Member

    Joined:
    Sep 21, 2006
    Posts:
    350
    I like to have archive scanning there on-demand to use if needed, but I don't think it's necessary for a realtime guard, anything dangerous that would be detected by archive scanning would be detected upon extraction anyway.

    Londonbeat
     
  3. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    im just thinking to lower my scan times thats all,

    i know it isnt a big difference as at the moment, there is nothing on my machine, but it would make a big difference when there is im sure.

    6 minutes difference,

    but that is still like.... erm, 15% difference in scan time.
     
  4. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    Sure there will be a big difference when you have a lot on the HD, but why make an on-demand scan if you have no intension of scanning everything?

    I always use all options for on-demand scan settings and do not use the archive option in the real-time scanner..............for the exact reasons stated by Londonbeat. I do not make a lot of on-demand scans btw.
     
  5. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    You probably dont need reminding of this:

    yes as 'data' builds up scan times are getting ponderous with every app.
    I am total luddite so I only run a single partition.

    I've moved all my photos, music and videos and zip etc archive types off onto an external HD. Feels vaguely better from security standpoint

    You might have a lot of documents or and or dl'd compressed files : eg exes that come as zips or rars, hanging abouT :) I know that I keep copies of all installation files and even keep copies of previous versions in another folder.)

    They take longer to scan.

    I exclude all the fdisr image files :each the size of the 'C' drive
    exclude any back-up imge files of the C which I keep on the 'C'
    These files are of course compressed and HUGE.
    I junked an ood image file that I had been keeping: 10G !!

    If you have any virtualisation files put some of the spare snapshots or rarely used snapshots off into storage or delete back to mainline set-ups.

    If you go through your odds and ends folders you may free some space
    I was amazed at how much junk was on my box: video remnants aftr editing, old installation files ets etc
    Disc sizes are so massive now one can get a little untidy with the disc maintenance.

    I had Literally hundreds of photos and vids, some quite big files, that were meant to be archived ages ago. You know: dl off the digital cam and just never get around to tidying up.

    I think I cleared out fluff and/or moved well over 13g of stuff off the disc: all the scanners ( and the defrag seem much faster)

    If you can, shrink (all )your working partitions to minimize spare junk space.
    It was a good execise for me to do all the house cleaning: personal bloat.

    regards.
     
  6. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    For on-demand scanning; A thorough scan using full settings is needed on install to check whether your machine is clean.

    After this initial full scan, if you are using a slow scanner such as present in Dr Web/VBA32/TrustPort then "full" scanning can take a long time compared to other AV's. Regular scans can then still be carried out but on a lower scan mode setting which does not include all files/archives. As long as you check downloaded files by context-menu scanning then these "faster" scans, IMHO, should be sufficient. The full scan can then be relegated to occasional use. In addition, excluding various files that the on-demand scanner becomes stuck on, also helps in improving scan speed. A number of AVs get stuck on large CAB files for example, so after an initial scan, I generally exclude them for future scans.

    Conversely, if you have an AV with a fast scan speed, such as NOD/FPAV, then complete scans are less of a chore.

    For real-time scanning; Personally, I do not think that the RTM needs to scan archives as any malware should be picked up on extraction. Further, some AV's affect system performance if archive scanning is selected in the RTM. However, I would much prefer that the running Guard can scan runtime packed files rather than archives.
     

    Attached Files:

    Last edited: Jun 17, 2007
  7. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    selected types,

    which ones are actually missing?

    ---
    also, what OS are you running blackcat, it looks poo-poo *lol*
     
  8. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    Win XP Pro, but set in Windows Classic mode. Prefer lean and mean even on a new computer ;)
     

    Attached Files:

  9. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    with that selected types scanning without archive scanning,

    it only takes 22 minutes, which is basically half the time nearly.

    how much security is actually lost here?
     
  10. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    I think that scanning doesn't add too much security if the real-time protection is running
     
  11. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Archive scanning is a must for on-demand scans imo.
    The longer scan time is worth it for a more thorough scan.
     
  12. Sputnik

    Sputnik Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    1,198
    Location:
    Москва
    Same here :D
     
  13. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    921
    Location:
    Big Apple USA
    I gotta go w/ Longboard on this. I too exclude all my FD-ISR folders from scanning. They're just too large. -If my scan finds anything that has been auto up-dated / copied to one of my FD-ISR folders, I'll know about it (indicated by the date) and can then scan the appropriate folder. As far as my NAS box goes: it's connected 24 / 7 w/ uTorrent & Shareaza running. This is scanned throughly every week and via context menue after every few D/Ls and again prior to opening / running anything.

    ...screamer
     
  14. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
Loading...
Thread Status:
Not open for further replies.