Scan Compressed Files Parent topic

PortalProtect can scan and block compressed files according to how you configure the scanning options. When PortalProtect detects a virus, it blocks the file or executes a pre-configured action.
Note
Note
PortalProtect cannot clean a virus if the compression layer is greater than 1. However, you can configure PortalProtect to block and quarantine or scan and delete compressed files.
Compression and archiving are among the most common methods of file storage, especially for file transfers - like email attachments, FTP, and HTTP. Compressed files must first be decompressed before any virus detection can occur.
Recognizing the importance of decompression for detecting viruses, Trend Micro is committed to supporting all major decompression routines, present and future.
PortalProtect currently supports the following compression types:
  • Extraction–used when multiple files have been compressed or archived into a single file: PKZIP, LHA, LZH, ARJ, MIME, MSCF, TAR, GZIP, BZIP2, RAR, AMG, and ACE.
  • Expansion–used when only a single file has been compressed or archived into a single file: PKLITE, PKLITE32, LZEXE, DIET, ASPACK, UPX, MSCOMP, LZW, MACBIN, Petite, PEPack, and WWPack.
  • Decoding–used when a file has been converted from binary to ASCII, a method that is widely employed by email systems: UUCODE and BINHEX.
For other compression file types, PortalProtect scans the entire compressed file, rather than each individual file contained within the compressed file.