I came to know that currently CAV in CIS does not scan “Self Extracting Archives(SFX)” and “Runtime Packers”if we uncheck “scan archive files” in CAV settings. :o
This means if there is any .exe file which is either an SFX archive or a Runtime Packer, it is simply not scanned no matter how you scan it. :-TD
When we uncheck archive scanning we expect it to not scan .zip or .rar or .7z files etc., as unzipping and scanning those archives is very resource consuming, besides they are not executables and therefore pose no threat to us, unless they are extracted manually.
But, it is not the same case with “SFX/Runtime Packers”, they are executables and therefore they definitely pose a threat.
I would like to have two separate check boxes for these two categories i.e.,
SFX archives/Runtime Packers (.exe)
All other non executable archives (.zip, .rar etc.,)
I have attached screenshots of both the existing and proposed settings.
it would also be nice if it is by category or type if posible
maybe they should also add java .jar files to the excecutable files?? but im not sure if .jar files can be considered excecutables ( it is a zip file afterall)
For a long time, I thought that it was the actual behaviour. But, I lately learned that it was not.
Yes, I agree to it. But, if it slows down the system performance because of big sfx archives scanned in realtime, a separate option for the user to choose is better.
I’ve just watched the languy99 video related to CIS6 and you can see at 10:35 the line “Decompress and scan archive files of extensions” with a link allowing to configure the extensions.
So I think it will be possible to do what we wish in this release.
So, it means we can manually add .exe and .jar in there so that it decompresses them during scan. Am I correct ? Does .exe qualify to be an archive extension ?
