Virus in ZIP file not detected when downloaded

Firefox uses the windows API to call the anti-virus scanner when it downloads a file. I can see the scan running when downloading large files. I intentionally downloaded a ZIP file containing a virus to test to see if Comodo would detect the virus. The scan initiated from Firefox did not detect the virus. The virus is however detected with a manual scan initiated from explorer’s context menu (Comodo Anti-virus) or a complete system scan. I can’t find an option to cause the scan called from Firefox to detect the virus in a ZIP file.

That’s because CIS doesn’t have any command-line arguments.

Firefox has no way of telling CIS to do a scan.

CIS is reportedly doing a scan (it sure takes long enough on a large file) so I don’t understand your statement that Firefox has no way of telling CIS to do a scan. If you are saying that there is no way to indicate that the scan should include scanning in an archive then that makes more sense. The problem as I see it is the CIS doesn’t consider the scan a manual scan (which is the only type of scan where the GUI gives the option of scanning inside archives). NFS time I guess.

No, what I mean is that there is no scan happening. You can point Firefox to CIS, but without command line arguments, there is no way for Firefox to initiate a shell scan.

For example, with AVG you would use an argument like: “C:\Wherever AVG lives” /S

This tells Firefox where to find AVG’s scanner and feeds it the shell scan argument. This isn’t possible with CIS.

If you’ve somehow managed to actually get it to scan, perhaps you could let us know what you did.

Manual scans aren’t the only scans that scan inside archives either. A scheduled scan will also do this.

There is a Windows API (I don’t recall its name) that Firefox calls. Windows is supposed to call the AV. Windows must be able to request a specific file be scanned. Comodo Antivirus is listed in explorer’s context menu and this does cause a file to be scanned. I know because the AV will find malware when a ZIP file containing malware is scanned this way. When Firefox reports that the file is being scanned, the length of time it takes to complete whatever it is doing varies depending on the size of the file. There is circumstantial evidence that the AV can be called and instructed to scan a single file.

Edit:: I think Firefox is using the Windows IAttachmentExecute Interface which “Exposes methods that work with client applications to present a user environment that provides safe download and exchange of files through e-mail and messaging attachments.”

I have never seen Firefox automatically scan anything I’ve downloaded. Internet Explorer either for that matter.

If there is in fact an API, perhaps it is dependent on a service I’ve turned off?

The option is “browser.download.manager.scanWhenDone”
It is true by default.

Yep. That is set to true on my browser. I’ve never had it automatically scan. It must rely on something I’ve disabled.