ESET NOD32 not cleaning archives.

Discussion in 'ESET NOD32 Antivirus' started by Tikkiwich, Nov 5, 2010.

Thread Status:
Not open for further replies.
  1. Tikkiwich

    Tikkiwich Registered Member

    Joined:
    Aug 6, 2010
    Posts:
    3
    I am having trouble trying to coax NOD32 into cleaning infected files within archives. I have read the knowledgebase article here: http://kb.eset.com/esetkb/index?page=content&id=SOLN117&cat=MAL&actp=LIST which suggests that the archive may be damaged or password protected. The archives are neither damaged nor password protected.

    If I extract the archive NOD32 immediately deals with the infected extracted files.

    On scanning an archive with the on-demand scanner it lists each infected file within it in red but doesn't report any errors.

    Can anyone shed some light on this?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    If malware is found in an archive, you can either delete the whole archive or remove the particular infected file from the archive manually.
     
  3. Tikkiwich

    Tikkiwich Registered Member

    Joined:
    Aug 6, 2010
    Posts:
    3
    Thanks for your prompt response Marcos. We have approximately 800 machines here, is there any way this can be automated? Thanks!
     
  4. Nick0

    Nick0 Registered Member

    Joined:
    Feb 18, 2010
    Posts:
    32
    Please try scanning with Strict Cleaning enabled.

    Computer Scan > Custom Scan > Setup > Cleaning > Move the bar all the way to Strict cleaning.

    Then re-try.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Any files in archives are harmless unless extracted and run at which point malicious files would be detected and blocked.
    Cleaning files in archives is not possible as it would effectively mean extracting all files and re-compressing them using the same compression format and method. As you know, there are many of them and probably some are not documented well.
     
  6. Tikkiwich

    Tikkiwich Registered Member

    Joined:
    Aug 6, 2010
    Posts:
    3
    Thanks for the information, I may disable archive scanning as it seems redundant in our environment.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    That's not a good idea to disable scanning of archives in general. For instance, Merond.O moves a clean file into a sfx archive, embeds itself and names the archive after the original file. With scanning of sfx archives disables, such malware would not be detected. Also there's lots of malware propagating in NSIS or other type of archives / installers so take this into account when disabling certain scanning options.
     
  8. toxinon12345

    toxinon12345 Registered Member

    Joined:
    Sep 8, 2010
    Posts:
    1,200
    Location:
    Managua, Nicaragua
    In Standard cleaning mode, the program will attempt to clean or delete infected files automatically.
    If it can not perform some action, it will show a list of available actions (after the scan is complete).
     
Thread Status:
Not open for further replies.