Certain file extension not dealt with.

Hello

I have noticed .cab's and .jar files that are infected files do not get deleted by AMON.
There is no exclusion to avoid these files so wondered if there is any other configuration needed to be done for these and other files to be ACTIONED with a Deleted response, and not left alone.

Thank you.

 

AMON does not scan archives internally at all.

 

...and, as far as I know NOD32 can't delete archives or to clean them when it finds an infected file inside.

 

Does this apply to all extensions or just those mentioned? If so..

I always assumed it would delete them since it's one of the removal options with archives.

 

That not great idea if AMON does not delete archive files that are infected.
As in many networks client and server machines will have all manner of files and if found to be infected they should be dealt with and not just left for the next scan to report the file is infected again on the scheduled scan.

 

Well, if you would like AMON to delete archives including all other potentially files possibly carrying crucial data... I think no one would like to do that...

 

But it does delete the infections still, yes?

 

lollan,

not if the infection is contained inside an archive

 

Would I be correct in assuming this is because you would have to delete the entire archive to remove the infection, therefore Nod32 picks it up once the archive is extracted?

If so, that's fine and is expected

 

I find sense in this : as AMON is an on-access scanner, well, if you extract an archive, or double click inside WinRAR (or whatever) that extracts it to a temporary directory, AMON will catch it. It helps to prevent an "active" infection, as long as a file in an archive isn't really dangerous since you need to open/extract it beforehand. And it allows heavy performance gains (as opposed to KIS which scans everything but loads up the machine very heavily).
Plus, cleaning an archive often means repacking it (to avoid CRC errors), so that can be quite a long process depending on the arichve size/complexity. So as long as AMON is able to scan files when created on disk (extracted), it ensures protection...

The limit to this, is when these archive files are sent to a less protected user, which will be able to extract/run the infected archive part.

 

OK i get the logic behind the non-deltion of infected files within an archive.
Would be a good thing to find out if NOD will ever be updated to one day remove the infected file within an archive and then repackage it.

 

Current archive crc standards would have to change a good deal for this to happen. It's really not an issue as long as AMON picks it up. There's still that layer of protection for you