Scanning inside zipped files

Discussion in 'Trojan Defence Suite' started by WilliamP, Mar 9, 2004.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    There is a couple of posts on the NOD32 forum about NOD's ability to scan inside password protected zipped files. I have TDS3 and NOD . Isn't this a problem for an anti trojan to deal with? Can TDS3 handle this type of attack? Or as some have said, it really isn't a problem until they are unzipped. I'm not trying to start anything . Just learn something.
     
  2. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hello William. :)

    Yes, TDS can scan inside archived/zipped files.

    Help File: TDS-3 can scan inside ZIP and RAR archives, allowing you to detect trojans even before you unpack them. TDS will de-compress the files into a temporary directory and scan them accordingly. TDS-3 will report the trojan, and also the ZIP/RAR archive that it originated from. If all other scan options such as generic scanning and advanced/hidden searches are enabled, these tests will also be performed on the decompressed files. For the detection of live trojans, it is recommended that ZIP/RAR scanning is disabled as these files are not directly capable of infecting a system.

    Now, as to the differing trains of thoughts re "files are safe if left zipped", that depends.

    It is true that files would have to be accessed if zipped first, but I personally would like to know if any nasties are there.

    Also, the latest I saw [can't find link at the mo] is that once password protected, it can add a "+" to the end of the executable thus when scanning, it cannot 'read' the file correctly. I cannot vouch for this.

    eg: A programme scans for .exe .com .bat etc. etc. but then it has to look for .exe+ .bat+ etc.

    As to the validity of the above, cannot give accurate information on that. Sorry to add this extra 'problem' just thought to give the info.

    Someone else reading may be able to clarify further. o_O

    edit: I now have it on good authority that it cannot scan in the latest WinRAR 3.X files. So things do change.

    Cheers, Adrian.
     
Thread Status:
Not open for further replies.