|Why is the Command-Line Scanner reporting files within password protected archives as a security risk while the daemon scanner is reporting them as infected?|
Password protection prevents antivirus software from using conventional methods of accessing archives in order to scan executables and disinfect any threats. The password that provides access to the ZIP archive is usually contained in the e-mail carrying the virus. Many antivirus vendors have begun scanning the text of e-mails carrying password protected ZIP archives to find the password and open up the archive. However, the newest viruses that spread in this manner contain the password as an image, not as text, and therefore cannot be detected with this approach.
F-PROT Antivirus does not attempt to access such archives and does not, therefore, scan the files inside directly. Instead, F-PROT Antivirus uses heuristics to detect files that match certain profiles and then alerts the user by flagging such files as suspicious.
Not only is this a far more secure method of threat detection in its better-safe-than-sorry approach but it also makes F-PROT Antivirus far better equipped to tackle new variants of known threats as well as entirely new threats that might emerge. In fact, we intend to increase F-PROT Antivirusís use of this method of threat detection in the future. With this method, malware detection relies less on identity and name recognition, a re-active approach, and more on the pro-active approach of profile and behaviour recognition.