Well,I don't know if my suggestion is good or not but I've seen during the last weeks that many viruses are not detected by NOD in on-demand scanning because the infected file contains packers not supported by NOD32. I know AMON will detect the file, but sometimes you are not sure if it's actually detected and you could get infected. Wouldn't be nice to make an update to support other packers also, as other AVs do ? Could it be done through Archive support module?
Well, yes runtime packers, but AH can't help. I have many examples of files not detected. See for example one of my last topics "Trojan...not detected " https://www.wilderssecurity.com/showthread.php?t=114255 ...that file was detected only by AMON.
Every installer can be packed by a unique method Of course, support for more common packers will be added, but that's really not something of a high priority provided files are detected upon archive extraction.
ok, Thanks Marcos! I'll wait to add support for other packers also. You're right they are detected upon extraction but sometimes it's nice to detect them before also.
It wouldn't matter if support for these packers was included within Nod:-if the malware is not detected you would think the file was clean,unpack it and be infected anyway.Its not the ability to scan inside archives/packed files that is important in keeping malware off your pc but the actual detection of the maware in question,if a AV(any AV!) cannot detect the bogey it makes no difference it doesn't detect it inside the packer or doesn't detect it on unpacking !,if it can detect it it doesn't really matter if it finds it inside the packer or when it is unpacked:-it will be intercepted! I personally prefer an AV that behaves like the second one(AKA NOD!)than one that behaved like the former
the worst is if i download a file in packers and i do not open the file, and there is a infected virus, then i am in dangerous with nod32. But if i open the packed file then nod32 will delete/disinfect the file! But thats real bad from nod32, thats why i dont use anymore nod32, not only because of that, there is also others complaining also! Good Bye!
What do you mean by infected virus If you open infected file, NOD will detect it. What is 'complaining also' Could you be more specific?
Hmm no nod32 will not detect if i download a winzip or winrar or packed file and in that packed file there is one or two viruses, and if i dont click to open that packed file nod32 will not detect the virus. I think thats what he meant! and yeah we all think its bad, because you have viruses on the computer and nod32 will not detect them til you self open those, its a joke antivirus, thats my personally! ~removed insult~ this sort of thing will not be tolerated ~ Blackspear
If you are downloading these .zip or .rar files, then IMON should catch viruses inside. Go to IMON --> Setup --> Miscellaneous -> Scanner --> Setup -> Targets and make sure that "Archives", "Self-extracting archives", and "Runtime packers" are all checked. This will check the most common archival/compression/packing formats. As Marcos says, they do not have a way to unpack every single format imaginable to mankind... at least, not yet. Also, go to AMON --> Setup --> Options --> "Additional options on create" and make sure that "Runtime packers", "Self-extracting archives", and "Advanced heuristics" are all checked. For those files that are packed with some super secret packer or that make it onto the computer some other way, they will still get caught by AMON when they finally do get unpacked.
Actually, IMO NOD32's unpack engine is not bad at all. And AMON does catch infected files of archives upon extraction. If someone has problems, they should check their settings.