Compression and archiving are among
the most common methods of file storage, especially for file transfers - such as email
attachments, FTP, and HTTP. Before any virus/malware detection can occur on a compressed
file,
however, you must first decompress it. For other compression file types,
IM Security performs scan actions on the
whole compressed file, rather than individual files within the compressed file.
IM Security currently supports the following
compression types:
-
Extraction: used when multiple files have been compressed or
archived into a single file: PKZIP, LHA, LZH, ARJ, MIME, MSCF, TAR, GZIP, BZIP2, RAR,
and
ACE.
-
Expansion: used when only a single file has been compressed or
archived into a single file: PKLITE, PKLITE32, LZEXE, DIET, ASPACK, UPX, MSCOMP, LZW,
MACBIN,
and Petite.
-
Decoding: used when a file has been converted from binary to ASCII, a
method that is widely employed by email systems: UUENCODE and BINHEX.
 |
Note
When IM Security does not support the compression type, then it cannot detect
viruses/malware in compression layers beyond the first compression layer.
|
When
IM Security encounters a compressed file it does the following:
-
IM Security extracts the compressed files and scans them.
IM Security begins by extracting the first compression layer. After extracting
the first layer, IM Security proceeds
to the second layer and so on until it has scanned all of the compression layers that
the user
configured it to scan, up to a maximum of 20.
-
IM Security
performs a user-configured action on infected files.
IM Security performs the same action
against infected files detected in compressed formats as for other infected
files. For example, if you select Quarantine as the
action for infected files, then IM Security quarantines entire files in which it detects the
threat.
