Scanning inside zipped files

There is a couple of posts on the NOD32 forum about NOD's ability to scan inside password protected zipped files. I have TDS3 and NOD . Isn't this a problem for an anti trojan to deal with? Can TDS3 handle this type of attack? Or as some have said, it really isn't a problem until they are unzipped. I'm not trying to start anything . Just learn something.

 

Hello William.

Yes, TDS can scan inside archived/zipped files.

Help File: TDS-3 can scan inside ZIP and RAR archives, allowing you to detect trojans even before you unpack them. TDS will de-compress the files into a temporary directory and scan them accordingly. TDS-3 will report the trojan, and also the ZIP/RAR archive that it originated from. If all other scan options such as generic scanning and advanced/hidden searches are enabled, these tests will also be performed on the decompressed files. For the detection of live trojans, it is recommended that ZIP/RAR scanning is disabled as these files are not directly capable of infecting a system.

Now, as to the differing trains of thoughts re "files are safe if left zipped", that depends.

It is true that files would have to be accessed if zipped first, but I personally would like to know if any nasties are there.

Also, the latest I saw [can't find link at the mo] is that once password protected, it can add a "+" to the end of the executable thus when scanning, it cannot 'read' the file correctly. I cannot vouch for this.

eg: A programme scans for .exe .com .bat etc. etc. but then it has to look for .exe+ .bat+ etc.

As to the validity of the above, cannot give accurate information on that. Sorry to add this extra 'problem' just thought to give the info.

Someone else reading may be able to clarify further.

edit: I now have it on good authority that it cannot scan in the latest WinRAR 3.X files. So things do change.

Cheers, Adrian.