Certain file extension not dealt with.

Discussion in 'NOD32 version 2 Forum' started by dsi-ap, Mar 1, 2006.

Thread Status:
Not open for further replies.
  1. dsi-ap

    dsi-ap Registered Member

    Joined:
    Jul 4, 2005
    Posts:
    118
    Location:
    UK
    Hello

    I have noticed .cab's and .jar files that are infected files do not get deleted by AMON.
    There is no exclusion to avoid these files so wondered if there is any other configuration needed to be done for these and other files to be ACTIONED with a Deleted response, and not left alone.

    Thank you.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    AMON does not scan archives internally at all.
     
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    ...and, as far as I know NOD32 can't delete archives or to clean them when it finds an infected file inside.
     
  4. Lollan

    Lollan Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    288

    Does this apply to all extensions or just those mentioned? If so.. :eek:

    I always assumed it would delete them since it's one of the removal options with archives.
     
  5. dsi-ap

    dsi-ap Registered Member

    Joined:
    Jul 4, 2005
    Posts:
    118
    Location:
    UK
    That not great idea if AMON does not delete archive files that are infected.
    As in many networks client and server machines will have all manner of files and if found to be infected they should be dealt with and not just left for the next scan to report the file is infected again on the scheduled scan.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Well, if you would like AMON to delete archives including all other potentially files possibly carrying crucial data... I think no one would like to do that...
     
  7. Lollan

    Lollan Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    288
    But it does delete the infections still, yes?
     
  8. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    lollan,

    not if the infection is contained inside an archive
     
  9. Lollan

    Lollan Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    288
    Would I be correct in assuming this is because you would have to delete the entire archive to remove the infection, therefore Nod32 picks it up once the archive is extracted?

    If so, that's fine and is expected :)
     
  10. IcePanther

    IcePanther Registered Member

    Joined:
    May 28, 2005
    Posts:
    308
    Location:
    (nearby) Paris, France
    I find sense in this : as AMON is an on-access scanner, well, if you extract an archive, or double click inside WinRAR (or whatever) that extracts it to a temporary directory, AMON will catch it. It helps to prevent an "active" infection, as long as a file in an archive isn't really dangerous since you need to open/extract it beforehand. And it allows heavy performance gains (as opposed to KIS which scans everything but loads up the machine very heavily).
    Plus, cleaning an archive often means repacking it (to avoid CRC errors), so that can be quite a long process depending on the arichve size/complexity. So as long as AMON is able to scan files when created on disk (extracted), it ensures protection...

    The limit to this, is when these archive files are sent to a less protected user, which will be able to extract/run the infected archive part.
     
  11. dsi-ap

    dsi-ap Registered Member

    Joined:
    Jul 4, 2005
    Posts:
    118
    Location:
    UK
    OK i get the logic behind the non-deltion of infected files within an archive.
    Would be a good thing to find out if NOD will ever be updated to one day remove the infected file within an archive and then repackage it.
     
  12. Lollan

    Lollan Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    288
    Current archive crc standards would have to change a good deal for this to happen. It's really not an issue as long as AMON picks it up. There's still that layer of protection for you ;)
     
Thread Status:
Not open for further replies.