Packers support

Discussion in 'NOD32 version 2 Forum' started by pykko, Jan 14, 2006.

Thread Status:
Not open for further replies.
  1. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    Well,I don't know if my suggestion is good or not but I've seen during the last weeks that many viruses are not detected by NOD in on-demand scanning because the infected file contains packers not supported by NOD32.

    I know AMON will detect the file, but sometimes you are not sure if it's actually detected and you could get infected.

    Wouldn't be nice to make an update to support other packers also, as other AVs do ?
    Could it be done through Archive support module?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What packers? If you mean runtime packers, AH uses a generic unpacker.
     
  3. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Every installer can be packed by a unique method :) Of course, support for more common packers will be added, but that's really not something of a high priority provided files are detected upon archive extraction.
     
  5. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    ok, Thanks Marcos! I'll wait to add support for other packers also. You're right they are detected upon extraction but sometimes it's nice to detect them before also. :)
     
  6. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    It wouldn't matter if support for these packers was included within Nod:-if the malware is not detected you would think the file was clean,unpack it and be infected anyway.Its not the ability to scan inside archives/packed files that is important in keeping malware off your pc but the actual detection of the maware in question,if a AV(any AV!) cannot detect the bogey it makes no difference it doesn't detect it inside the packer or doesn't detect it on unpacking !,if it can detect it it doesn't really matter if it finds it inside the packer or when it is unpacked:-it will be intercepted!
    I personally prefer an AV that behaves like the second one(AKA NOD!)than one that behaved like the former
     
  7. nod-user

    nod-user Guest

    the worst is if i download a file in packers and i do not open the file, and there is a infected virus, then i am in dangerous with nod32.
    But if i open the packed file then nod32 will delete/disinfect the file!
    But thats real bad from nod32, thats why i dont use anymore nod32, not only because of that, there is also others complaining also!
    Good Bye!
     
  8. auriell

    auriell Registered Member

    Joined:
    Feb 9, 2005
    Posts:
    105
    Location:
    Warsaw, Poland
    What do you mean by infected viruso_O

    If you open infected file, NOD will detect it.

    What is 'complaining also'o_O

    Could you be more specific?
     
  9. Trusa

    Trusa Guest

    Hmm no nod32 will not detect if i download a winzip or winrar or packed file and in that packed file there is one or two viruses, and if i dont click to open that packed file nod32 will not detect the virus. I think thats what he meant!
    and yeah we all think its bad, because you have viruses on the computer and nod32 will not detect them til you self open those, its a joke antivirus, thats my personally!

    ~removed insult~ this sort of thing will not be tolerated ~ Blackspear
     
    Last edited by a moderator: Jan 16, 2006
  10. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    You should configure it properly then
     
  11. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    If you are downloading these .zip or .rar files, then IMON should catch viruses inside. Go to IMON --> Setup --> Miscellaneous -> Scanner --> Setup -> Targets and make sure that "Archives", "Self-extracting archives", and "Runtime packers" are all checked. This will check the most common archival/compression/packing formats. As Marcos says, they do not have a way to unpack every single format imaginable to mankind... at least, not yet. ;)

    Also, go to AMON --> Setup --> Options --> "Additional options on create" and make sure that "Runtime packers", "Self-extracting archives", and "Advanced heuristics" are all checked.

    For those files that are packed with some super secret packer or that make it onto the computer some other way, they will still get caught by AMON when they finally do get unpacked.
     
  12. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Actually, IMO NOD32's unpack engine is not bad at all. And AMON does catch infected files of archives upon extraction. If someone has problems, they should check their settings. :)
     
Thread Status:
Not open for further replies.