Outlook pst scanned? If not, does it matter?

Discussion in 'ESET NOD32 Antivirus' started by Ardmore, Apr 10, 2009.

Thread Status:
Not open for further replies.
  1. Ardmore

    Ardmore Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    43
    (Sorry if this has been addressed already, but the search function doesn't like keywords less than 4 characters :) )

    Still going through my initial "learn and get comfortable with it" period, so I have yet another question about NOD32 v4:

    Using the context menu, I scanned my 315mb Outlook pst, and was surprised that NOD32 finished instantly ("0 seconds" per the stats), telling me there were no infections found.

    Was it really scanning the file? I notice that the pst file does *not* show up in the full-system scan logs as a non-scannable file, yet I can't imagine it can actually scan in 0 seconds.

    If the answer is that NOD32 *doesn't* scan the pst, my questions are
    (1) Should this matter, if I have already used the Outlook-integrated NOD32 interface to scan the the Inbox and all other folders in OL -- as well as any new incoming mail?
    (2) Why wouldn't inability to scan a pst file show up as an exception in a full-system-scan log, similar to other non-scannable files and archives?

    Thanks.
     
  2. CarlB

    CarlB Former Eset Employee

    Joined:
    May 17, 2007
    Posts:
    37
    Hi there!

    The PST file itself is not executable, and not an externally operable archive. When scanned purely as a file, such as through an on-demand scan, it gets the same attention that a BMP or similar would get. Headers, entry points, and so on are scanned and no executable code or machine language is found. The file itself is then determined to be non-threatening. This, of course, should take less than a second to perform so that's normal.

    When Outlook opens up the PST, unpacks everything, populates all of the data into email messages in memory, temporary files, and so on, then those items are scanned. Additionally, whenever a new item arrives it is scanned before Outlook writes to the PST.

    Individual EML files you save will be scanned as email messages by the on-demand scanner.

    This is all a gross over-simplification, but you get the idea :)
     
  3. Ardmore

    Ardmore Registered Member

    Joined:
    Mar 27, 2009
    Posts:
    43
    Thanks, nice explanation (gross oversimplification is fine for me :) ).

    It would still be helpful to know if a backup/archive pst might have some email infections in advance of re-attaching it (I mentioned that in the suggested enhancements sticky), but that would be a bigger concern for me if I were in an enterprise situation.

    One question, though: According to the documentation, Outlook Express (dbx) files are in fact scanned (which I assume means a full scan). I don't pretend to understand the difference in file structure, but why wouldn't pst scanning be fully supported as well?
     
Thread Status:
Not open for further replies.