AVs and zipped files?

Discussion in 'other anti-virus software' started by Rivalen, Dec 20, 2005.

Thread Status:
Not open for further replies.
  1. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    What can an AV check and what can it not check - and if it find something - when can it not clean/delete/vault it?

    Pls help compare AVs when it comes to ie:

    I sent a clean file to work - their AV rejected the file as a "virus?".
    I zipped the file - aent again - and it came right through to my inbox at work. Not a "virus?" this time.

    Whats this about? Are their other files that AVs cant scan - or are there some AVs who can?

    Pls help me understand - if possible :)

    Best Regards
     
  2. Howard Kaikow

    Howard Kaikow Registered Member

    Joined:
    Apr 10, 2005
    Posts:
    2,802
    The better AV software will scan archive files.
    Norton AuntieVirus does.
    Check product info at each web site, e.g., http://www.symantec.com/
     
  3. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    4,010
    Location:
    Christchurch, UK
    A lot of AV's on-access Monitors either do not have the ability to scan archives/zipped files or are not set to scan these files in the default settings. This is because this may cause system slowdown.

    Therefore, I presume your work AV was one of these AV's. Your initial unzipped file was therefore not clean or a false positive.
    Not all AV Real-Time Monitors have the ability to scan inside archives. NOD and KAV 5 for example.

    The last two AV vendors are no slouch in detection rates but at the present time they do not offer this scanning choice. The main reason being that it may slow down the performance considerably. But any malware can be picked up in the archive when it is extracted, then the RTM jumps in. So most AV companies leave archive scanning to the on-demand scanner.

    So to answer your question, yes there are differences in the files that different AV's can scan. Further, there are differences in the files that an on-access scanner and on-demand scanner of the same AV are set to scan.

    In using an AV in real time a balance must be achieved between protection and performance. Therefore in most cases the RTM is not set to scan all files.

    With run-time packed files there are even bigger differences between the different AV's.
     
    Last edited: Dec 20, 2005
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    It's almost certainly NOTHING to do with viruses or infected files but almost all company networks nowadays are set up to reject all .exe files as they MIGHT contain a virus
     
  5. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    Thank you guys - thats the answers I was looking for! Understand better now.

    Best Regards
     
Loading...
Thread Status:
Not open for further replies.