How to reproduce the problem (simple step by step) I’m running CIS 3.11 windows 7 version 7260 86x
1)take some infected .rar files put it in a folder so there all grouped into one
2)open winrar
3)create new archive
4)highlight all .rar files so it’ll all be in one .rar file
5)now that you created that new .rarfile, open the rarfile with winrar
6)There’s a winrar option called “virus scan” click on it
7)change the default to the comodo scanner, if you have already done so
8)click on “virus scan” button in the winrar program
9)comodo will detect the files and ask what you want to do with it
10)click “remove”
11)when done, run the virus scan again, it show the same ones again “Nothing was removed”
If you guys can’t reproduce the results, I can download "team viewer or something and you can see for yourself if it’ll helps
P.S. there’s nothing wrong with my computer, there just malware samples in .rar files. I didn’t execute any of them.
I guess the question is, if you put the same files in a .zip, will it remove those files from the archive then?
Without doing any testing, I seem to recall that .rar is one of the archive types that CIS is unable to scan within. If the file is open in WinRar, it can scan, but is it unable to actually remove the files because it is unable to scan .rar’s?
If it is unable to remove the files from a .zip as well, then I would question CIS’s capability of scanning within archives at all because unless there is only a single infected file in an archive, scanning within an archive without being able to remove an infection is a futile security effort.
I guess the question is, if you put the same files in a .zip, will it remove those files from the archive then?
intreasting question :) I'll try it out in a day or two and post results :-TU
Without doing any testing, I seem to recall that .rar is one of the archive types that CIS is unable to scan within.
I thought it was .iso files (I know avast can do .iso files, if my memory serves me correctly)
I would question CIS's capability of scanning within archives at all because unless there is only a single infected file in an archive, scanning within an archive without being able to remove an infection is a futile security effort.
Actually it was multiable infected .rar files (To be exact :) )
a) Winrar will decompress the .rar archive and create a copy in a %Temp%\Rar$???.??? or alike folder
b) Comodo will detect the files created in %Temp%\Rar$???.??? or alike folder
c) Comodo will remove the files created in %Temp%\Rar$???.??? or alike folder
d) Winrar will decompress the .rar archive and create a copy in a “different” %Temp%\Rar$???.??? or alike folder (go to point b)
By extracting the archive to a temp folder, Winrar viruscan button is seemingly meant to extract the archive for the AVs and have them scan the “extracted” samples and let the user know if the archive contained malicious files.
AFAIK CAVS does not support commandline parameters to scan specific folders/files and it is likely that the detections were carried by the realtime AV which unlike CAVS On-demand option don’t scan compressed archives
BTW why didn’t you simply right-clicked on the rar and chose Comodo Antivirus context-menu item? ???
(simple step by step) I’m running CIS 3.11 windows 7 version 7260 86x