Compression and archiving are among
the most common methods of file storage, especially for file transfers - such as email
attachments, FTP, and HTTP. Before any virus/malware detection can occur on a compressed
file,
however, you must first decompress it. For other compression file types, IM Security performs scan actions on the
whole compressed file, rather than individual files within the compressed file.
-
Extraction: used when multiple files have been compressed or archived into a single file: PKZIP, LHA, LZH, ARJ, MIME, MSCF, TAR, GZIP, BZIP2, RAR, and ACE.
-
Expansion: used when only a single file has been compressed or archived into a single file: PKLITE, PKLITE32, LZEXE, DIET, ASPACK, UPX, MSCOMP, LZW, MACBIN, and Petite.
-
Decoding: used when a file has been converted from binary to ASCII, a method that is widely employed by email systems: UUENCODE and BINHEX.
 |
NoteWhen IM Security does not support the compression type, then it cannot detect
viruses/malware in compression layers beyond the first compression layer.
|
-
IM Security extracts the compressed files and scans them.IM Security begins by extracting the first compression layer. After extracting the first layer, IM Security proceeds to the second layer and so on until it has scanned all of the compression layers that the user configured it to scan, up to a maximum of 20.
-
IM Security performs a user-configured action on infected files.IM Security performs the same action against infected files detected in compressed formats as for other infected files. For example, if you select Quarantine entire message as the action for infected files, then IM Security quarantines entire messages in which it detects infected files.IM Security can clean files from two types of compression routines: PKZIP and LHA. However, IM Security can only clean the first layer of files compressed using these compression routines.