I came to know that currently CAV in CIS does not scan “Self Extracting Archives(SFX)” and “Runtime Packers”if we uncheck “scan archive files” in CAV settings. :o
This means if there is any .exe file which is either an SFX archive or a Runtime Packer, it is simply not scanned no matter how you scan it. :-TD
When we uncheck archive scanning we expect it to not scan .zip or .rar or .7z files etc., as unzipping and scanning those archives is very resource consuming, besides they are not executables and therefore pose no threat to us, unless they are extracted manually.
But, it is not the same case with “SFX/Runtime Packers”, they are executables and therefore they definitely pose a threat.
I would like to have two separate check boxes for these two categories i.e.,
SFX archives/Runtime Packers (.exe)
All other non executable archives (.zip, .rar etc.,)
I have attached screenshots of both the existing and proposed settings.
I’ve just watched the languy99 video related to CIS6 and you can see at 10:35 the line “Decompress and scan archive files of extensions” with a link allowing to configure the extensions.
So I think it will be possible to do what we wish in this release.