eset wont detect Eicar inside zip file

Discussion in 'ESET Endpoint Products' started by reloop, Jan 14, 2013.

Thread Status:
Not open for further replies.
  1. reloop

    reloop Registered Member

    Joined:
    Jan 14, 2013
    Posts:
    4
    Hello, we examine the product and testing it by copying Zip file from usb dok containing EICAR.
    Eset detects EICAR only after the zip file is being extracted.

    Is it known and how to prevent it ?

    Eset file security 4.5.12005.0 on Microsoft Windows Server 2008 R2 Standard.

    Thank you,
    reloop
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Archives are not scanned by real-time file system protection. Files in archives do not pose any risk until extracted at which point they are scanned and malicious files are blocked / cleaned.
     
  3. reloop

    reloop Registered Member

    Joined:
    Jan 14, 2013
    Posts:
    4
    Thanks for the quick reply.
    Can I change this ?
     
  4. reloop

    reloop Registered Member

    Joined:
    Jan 14, 2013
    Posts:
    4
    Hello,
    Is there any way to enable it in the real-time file system protection ?

    Thanks
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    No, real-time protection cannot scan inside archives in principle.
     
  6. reloop

    reloop Registered Member

    Joined:
    Jan 14, 2013
    Posts:
    4
    thank you
     
  7. scaris

    scaris Registered Member

    Joined:
    Feb 15, 2013
    Posts:
    1
    Location:
    Fr
    Hello,

    Name : esets
    Arch : x86_64
    Version : 4.0
    Release : 8
    Size : 74 M
    Repo : installed
    Summary : ESET Security

    I use pac to scan ftp. flat files are detected but not in archives. I set the option av_scan_obj_archives to yes but noting. Is pac cannot scan inside archives ? just to be sure because i see options in libesets_pac.so man and esets.cfg

    I did the same test, with eicar.
    esets_daemon[7612]: part[1dbc0203]: vdb=13160, agent=pac, name="/home/eicar_com.zip » ZIP", virus="is OK (internal scanning not performed)", action="", info=""

    Regards,
     
Thread Status:
Not open for further replies.