If CAV detects a malware in a zip file & you click quarantine it quarantines the whole archive. It should quarantine only the detected file & not the whole archive with other safe files.


is this even possible without the av having to unpack the archive and repack it?

are any other av’s able to do this?

I did a right click scan & it happened.

I think Avast has a setting for this like malware detected in archive only delete the malware file. if not possible no action. There is a setting to delete the whole archive too. But I think only delete the malware file is the default.


I always uncheck option to scan archive. But I think if an av found an infected file in the archive then the file had already been extracted for scanning, wasn’t that so? I just guessing.

Unpacking would definitely happen…

Packing it again is the complex issue. what parameters and what format it has to pack it in to ?

It does not make sense…

better it informs the user that the archive is infected and asks him to take necessary action…

Yeah, really.

once i got a false positive alarm for a cabinet file for windows drivers.
the “suspected” file in that cabinet was listed too, on the result list. but the “mark for action box” was only in front of the whole cab file.
another reason for never using auto-quarantine.