Emsisoft not detect a virus in a zipped file

Discussion in 'other anti-virus software' started by mimuweb, Nov 26, 2012.

Thread Status:
Not open for further replies.
  1. mimuweb

    mimuweb Registered Member

    Joined:
    Sep 28, 2009
    Posts:
    70
    Hello guys. I've a problem with my antivirus, Emsisoft Antimalware. When I scan a virus inside a zipped archive, EAM doesn't detect anything.
    If I manually unzip this archive, then scan the unzipped file, EAM detects it. Is this a normal behavior?

    Thanks

    Best regards
     
  2. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    Malware embedded in a zipped file is usually harmless as it can't execute. I don't know if it is normal behaviour, but I wouldn't worry if I were you.
     
  3. mimuweb

    mimuweb Registered Member

    Joined:
    Sep 28, 2009
    Posts:
    70
    I understand it, but it would be great the antivirus detected this malware before i unzipped the file. Previously i had installed Comodo IS and the viruses were detected even if you don't start an on demand scan.
     
  4. Vladimyr

    Vladimyr Registered Member

    Joined:
    Feb 11, 2009
    Posts:
    461
    Location:
    Australia
    That's interesting. Last time I looked, CIS on-access scanner didn't have the option to scan inside archives.
     
  5. mimuweb

    mimuweb Registered Member

    Joined:
    Sep 28, 2009
    Posts:
    70
    I'm in contact with Emsisoft support. They are checking the file i've sent them by email.
     
  6. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,222
    I can not say anything about Emisoft, but for Avira for example, real time guard won't scan archives with default settings. On the other hand 'system scan' will scan all archives, maybe you should check your configuration parameters.

    Real time guard usually doesn't scan archives to save time, as if it is infected, it will be picked up once extracted.
     
  7. mimuweb

    mimuweb Registered Member

    Joined:
    Sep 28, 2009
    Posts:
    70
  8. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    It is a trade off, either set your AV to scan archives and it will use more memory/CPU, or leave as default and know your machine is protected in any case.

    If your mail provider is any good they will be scanning those archives at any rate so you shouldn't have to worry about other machines.
     
  9. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Not really; it won't self-execute upon extraction, and the real-time protection catches it when it is extracted if it is a known piece of malware.
     
  10. PJC

    PJC Very Frequent Poster

    Joined:
    Feb 17, 2010
    Posts:
    2,959
    Location:
    Internet
    The Threat is the Extracted file; not the Compressed one.
     
  11. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Or you can just simply right click and scan it. :D (BTW, now that i think of it, i'm not sure if it scans inside archives when using the right click scan Hahahaha)
     
    Last edited: Nov 26, 2012
  12. VectorFool

    VectorFool Registered Member

    Joined:
    Oct 21, 2012
    Posts:
    280
    Location:
    India
    is there any way to force EAM to scan inside archives when scanning "On-Demand"?
     
  13. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Depends on which scan mode you use, i think both "Deep Scan" and "Custom Scan" scan inside archives. :D
     
  14. VectorFool

    VectorFool Registered Member

    Joined:
    Oct 21, 2012
    Posts:
    280
    Location:
    India
    no i don't think they do
    when i used Deep Scan it failed to recognize some archive packed malware which both the A and B engine detected when i unpacked them
     
  15. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Custom scan does scan inside archives you just have to activate it when customizing the scan. Not sure about Deep Scan though.
     
  16. VectorFool

    VectorFool Registered Member

    Joined:
    Oct 21, 2012
    Posts:
    280
    Location:
    India
    where exactly do i enable that option?
    with screenies pretty please?:D
     
  17. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    BTW, i have confirmed that Emsisoft Anti-Malware "Deep Scan" scans inside archives.
    There it is.
    [​IMG]
     
  18. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    Don't worry guys, Emsisoft got you covered.:D:thumb:
     
  19. VectorFool

    VectorFool Registered Member

    Joined:
    Oct 21, 2012
    Posts:
    280
    Location:
    India
    Thank you mate
    can EAM scan inside .iso too? (BD and Avira can)
     
  20. mimuweb

    mimuweb Registered Member

    Joined:
    Sep 28, 2009
    Posts:
    70
    According to Emsisoft support:

    "Actually it has nothing to do with what type of file is in the archive but which engine actually detects it. Our own engine does not scan within archives, ever. So if a malware file is only detected by our engine but not by BitDefender, it won't be detected within archives. This isn't a big deal though as malware stored within archives is essentially rendered harmless. It only becomes a danger to your system when it is unpacked and executed which would both be intercepted by the File Guard.

    This behavior won't change either as it would significantly slow down the entire scan process without actually improving the security for anyone. "
     
  21. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Other engines do it, so it must not be as big a performance drain as Emsisoft claims it is. For the real-time scanner, they could just impose a file-size limit. And for on-demand scans, well, to be honest the decision to scan archives or not should be optimally left to the user :)

    But I can't argue with the fact that it doesn't really improve the protection. However, the idea of having archives loaded with trojan droppers sitting somewhere on the HDD without my knowledge isn't particularly encouraging either :)
     
  22. mimuweb

    mimuweb Registered Member

    Joined:
    Sep 28, 2009
    Posts:
    70
    I agree
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    A little tip here.

    You should do manual scan on anything you download. Especially zipped files and the like since as has been said previously, most AVs do not scan archives by default. Note that many AV scanners are "reputation" based these days. I never have trusted the "community" to determine what is or is not a safe download.
     
  24. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Just to make sure of it, i downloaded the Eicar test file zip and scanned it manually using the context menu (Right click) and it detects it. ;) :D
     
  25. ams963

    ams963 Registered Member

    Joined:
    May 3, 2011
    Posts:
    5,965
    Location:
    Parallel Universe
    That's great.:thumb:
     
Loading...
Thread Status:
Not open for further replies.