Scanning inside zipped files

Discussion in 'Trojan Defence Suite' started by WilliamP, Mar 9, 2004.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Jun 1, 2003
    Fayetteville, Ga
    There is a couple of posts on the NOD32 forum about NOD's ability to scan inside password protected zipped files. I have TDS3 and NOD . Isn't this a problem for an anti trojan to deal with? Can TDS3 handle this type of attack? Or as some have said, it really isn't a problem until they are unzipped. I'm not trying to start anything . Just learn something.
  2. Tassie_Devils

    Tassie_Devils Global Moderator

    May 8, 2002
    State Queensland, Australia
    Hello William. :)

    Yes, TDS can scan inside archived/zipped files.

    Help File: TDS-3 can scan inside ZIP and RAR archives, allowing you to detect trojans even before you unpack them. TDS will de-compress the files into a temporary directory and scan them accordingly. TDS-3 will report the trojan, and also the ZIP/RAR archive that it originated from. If all other scan options such as generic scanning and advanced/hidden searches are enabled, these tests will also be performed on the decompressed files. For the detection of live trojans, it is recommended that ZIP/RAR scanning is disabled as these files are not directly capable of infecting a system.

    Now, as to the differing trains of thoughts re "files are safe if left zipped", that depends.

    It is true that files would have to be accessed if zipped first, but I personally would like to know if any nasties are there.

    Also, the latest I saw [can't find link at the mo] is that once password protected, it can add a "+" to the end of the executable thus when scanning, it cannot 'read' the file correctly. I cannot vouch for this.

    eg: A programme scans for .exe .com .bat etc. etc. but then it has to look for .exe+ .bat+ etc.

    As to the validity of the above, cannot give accurate information on that. Sorry to add this extra 'problem' just thought to give the info.

    Someone else reading may be able to clarify further. o_O

    edit: I now have it on good authority that it cannot scan in the latest WinRAR 3.X files. So things do change.

    Cheers, Adrian.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.