ESET NOD32 not cleaning archives.

I am having trouble trying to coax NOD32 into cleaning infected files within archives. I have read the knowledgebase article here: http://kb.eset.com/esetkb/index?page=content&id=SOLN117&cat=MAL&actp=LIST which suggests that the archive may be damaged or password protected. The archives are neither damaged nor password protected.

If I extract the archive NOD32 immediately deals with the infected extracted files.

On scanning an archive with the on-demand scanner it lists each infected file within it in red but doesn't report any errors.

Can anyone shed some light on this?

 

If malware is found in an archive, you can either delete the whole archive or remove the particular infected file from the archive manually.

 

Thanks for your prompt response Marcos. We have approximately 800 machines here, is there any way this can be automated? Thanks!

 

Please try scanning with Strict Cleaning enabled.

Computer Scan > Custom Scan > Setup > Cleaning > Move the bar all the way to Strict cleaning.

Then re-try.

 

Any files in archives are harmless unless extracted and run at which point malicious files would be detected and blocked.
Cleaning files in archives is not possible as it would effectively mean extracting all files and re-compressing them using the same compression format and method. As you know, there are many of them and probably some are not documented well.

 

Thanks for the information, I may disable archive scanning as it seems redundant in our environment.

 

That's not a good idea to disable scanning of archives in general. For instance, Merond.O moves a clean file into a sfx archive, embeds itself and names the archive after the original file. With scanning of sfx archives disables, such malware would not be detected. Also there's lots of malware propagating in NSIS or other type of archives / installers so take this into account when disabling certain scanning options.

 

In Standard cleaning mode, the program will attempt to clean or delete infected files automatically.
If it can not perform some action, it will show a list of available actions (after the scan is complete).