Nod32 file rt-clk context scan gets stuck on large files!

Discussion in 'ESET NOD32 Antivirus' started by davidm71, Mar 12, 2011.

Thread Status:
Not open for further replies.
  1. davidm71

    davidm71 Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    29
    Hi,

    I downloaded 'Call of Pripyat Complete Mod' which is a 771 megabyte file. I tried to scan it with Nod32 Antivirus and every time it stalls out and gets stuck trying to do an individual file scan when you right click on the file. Norton internet Security did it in 4 seconds.

    So I tried to scan a 1KB file with Nod32 no problem. Even a 300 megabyte file nod32 scanned it no problem. So obviously you have a bug!

    Thanks.
     
  2. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    I tried a scan on an Ubuntu 10.10 iso and that worked, but that is not as large as the file you mentioned. It's just 686 MB. Have you tried any iso file to see whether it can be scanned? If it can, then the barrier is larger or there is some other issue with that particular file.
     
  3. davidm71

    davidm71 Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    29
    The file in question is an executable, however I did scan a 285 mb rar file, and a 300 mb exe file that was a container for smaller files and it had no problems. I wish I could post that file for analysis but its huge but heres the link where I found it:

    http://www.moddb.com/mods/call-of-pripyat-complete/downloads/call-of-pripyat-complete-10-exe-recommended
    Thanks.
     
    Last edited by a moderator: Mar 13, 2011
  4. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    OK. Thanks. I will try downloading the EXE. I had trouble downloading the 7z version. It would not save.

    Well, I did download the EXE file and NOD32 scanned it by default as one file and did not hang. There may be a problem with your download being partial or corrupted.

    Hold on! I did a right-click on the file again, after making sure that I had NOD32 set to defaults in the advanced settings and NOD32 did attempt to scan within the EXE, but appears to be hung at "files.info" at this moment. If that is your experience, then there does seem to be an issue with scanning this particular file. It would probably hang if NOD32 is in the default mode to scan files when downloading.

    Adding to this, I was able to stop the NOD32 scan. It took a while to stop, however. 26 minutes! It showed having scanned 4 files before being interrupted.
     
    Last edited: Mar 13, 2011
  5. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    771MB in 4 seconds? Given that the majority of hard drives can only read around 100MB/s, and even most of the newest SSDs can only muster 200MB/s sustained, that would suggest that Norton actually skipped the vast majority of the file, either due to file extensions within the file or the compression method. NOD, with its better support for extensions, probably scanned it all.

    Unless you happen to have the ultimate in SSD RAID arrays, rather than NOD being slow to scan a 771MB file, I'd be more worried about how much Norton skipped....



    Jim
     
  6. davidm71

    davidm71 Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    29

    Your missing the point. I didn't exactly use a stop watch and count seconds but whats important was that it scanned a couple 300mg files in under 10 seconds and in comparison timed out after a minute or more without displaying any status changes while trying to scan that 771 mb file. It had a problem with that file end of story.
     
  7. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    So don't say "Norton internet Security did it in 4 seconds"! How are people supposed to help you if you just make it up?


    Extracting the file in 7-zip shows some weird results. File

    2011_03_10_Call_of_Pripyat_Complete_1.0.7z\Call_of_Pripyat_Complete_1.0\gamedata\levels\zaton\level

    shows in 7-zip with a size 8,276,652 but a packed size of 772,037,763. If you extract this file, 7-zip claims the file is 1,771MB in size, yet when it finally extracts the file is only 8Mb.

    I've downloaded the EXE and the 7z file.

    I suspect ESET is baulking as the file appears to be compressed using something non-standard, yet ESET is trying to scan it. Norton probably skipped some of the content.



    Jim
     
  8. davidm71

    davidm71 Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    29

    Jim,

    I timed Norton and actually took less than 3 seconds. Just wanted to be accurate since you asked. But your missing the point. Before responding to this post I did an Eset scan of that file and it still hasn't displayed anything and is stuck on the scan progress at 0%. So maybe Norton skipped content but at least their code has some sort of error try and catch control. Also accusing me of making stuff up is real immature. I sure hope your not an official representative of Eset Antivirus software.

    Thank you.
     
  9. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    One thing I noticed when attempting to look at the zip file was that another file, facebooko_O?.zip (can't remember the full name) showed briefly. That makes me wonder whether there is something embedded within the .exe file as well? If, in fact, Norton is skipping the .exe file then maybe that is not such a good thing, either.

    Correction: The facebooko_O?.zip file had nothing to do with the "Call of Pripyat" file.
     
    Last edited: Mar 15, 2011
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Scanning of the archive in question took about 14 minutes on my computer. I noticed a huge file (> 2 GB) being created in the temp folder during the scan. Subsequently that large embedded archive was scanned internally which took additional time.
    That said, the file in question is scanned properly, scans are not stuck due to an internal error / bug. You can set a size limits for scanned objects if you want to avoid extraction and scanning of such large archives.
     
  11. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Hi Marcos,

    I scanned the file as well, in an effort to help the OP. If you open the file in z-zip you'll see that z-zip thinks that one file (2011_03_10_Call_of_Pripyat_Complete_1.0.7z\Call_of_Pripyat_Complete_1.0\gamedata\levels\zaton\level) is 1700MB in size, yet if you actually extract that file it's only 8Mb. That will probably me the large temporary file you saw. Have you ever seen this with archives?

    Jim
     
Thread Status:
Not open for further replies.