FRISK Software International

Why is the Command-Line Scanner reporting files within password protected archives as a security risk while the daemon scanner is reporting them as infected?

The Command-Line Scanner will only report the password protected files as "could be a security risk" but the daemon-scanner, used on mail/file servers, detects the files as infected. The reason for this is that since the mail/file server environment is much more likely to encounter viruses and therefore the daemon-scanner has more paranoid settings for detection. The daemon-scanner return code is 11 for suspicious or infected files but the Command-Line Scanner's return codes are different (3 for infections, 8 for suspicious files).

Password protection prevents antivirus software from using conventional methods of accessing archives in order to scan executables and disinfect any threats. The password that provides access to the ZIP archive is usually contained in the e-mail carrying the virus. Many antivirus vendors have begun scanning the text of e-mails carrying password protected ZIP archives to find the password and open up the archive. However, the newest viruses that spread in this manner contain the password as an image, not as text, and therefore cannot be detected with this approach.

F-PROT Antivirus does not attempt to access such archives and does not, therefore, scan the files inside directly. Instead, F-PROT Antivirus uses heuristics to detect files that match certain profiles and then alerts the user by flagging such files as suspicious.

Not only is this a far more secure method of threat detection in its better-safe-than-sorry approach but it also makes F-PROT Antivirus far better equipped to tackle new variants of known threats as well as entirely new threats that might emerge. In fact, we intend to increase F-PROT Antivirusís use of this method of threat detection in the future. With this method, malware detection relies less on identity and name recognition, a re-active approach, and more on the pro-active approach of profile and behaviour recognition.



Feedback | Contact Technical Support | Contact Sales Support

 
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
F-PROT Antivirus
- for Windows
- for UNIX
- for Exchange
F-PROT AVES
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Definitions of common antivirus terminology.

More information about F-Prot Antivirus for UNIX:
Help files
Manual pages

agoat@klaki.net argentina@f-prot.com argentina@frisk.is argentina@complex.is argentina@f-prot.is argentina@frisk-software.com argentina@f-prot.net argentina@f-prot.co.uk brazil@f-prot.com brazil@frisk.is brazil@complex.is brazil@f-prot.is brazil@frisk-software.com brazil@f-prot.net brazil@f-prot.co.uk malta@f-prot.com malta@frisk.is malta@complex.is malta@f-prot.is malta@frisk-software.com malta@f-prot.net malta@f-prot.co.uk a.bjani@f-prot.com a.bjani@frisk.is a.bjani@complex.is a.bjani@f-prot.is a.bjani@f-prot.co.uk a.bjani@frisk-software.com a.bjani@f-prot.net z.fifl@f-prot.com z.fifl@frisk.is z.fifl@complex.is z.fifl@f-prot.is z.fifl@f-prot.co.uk z.fifl@frisk-software.com z.fifl@f-prot.net strumpuri@complex.is strumpure@complex.is strumpuru@complex.is