I’m using avast! Internet Security 7.0.1426 on Windows XP Pro SP3, and I was wondering if there was a way to tell the File System Shield to exclude self-extracting archives over a specific size (or, alternatively, to exclude all files over a specific size).
I back up a lot of files to self-extracting 7-Zip archives, then move them to backup media (DVD, flash disk, etc). These files can range from 500MB to 8GB or more, so it takes AIS quite a while to scan them, and that effectively makes my system useless until the scan is complete. I know that I can exclude specific files and directories, but I was hoping there was a way to exclude self-extracting archives (or, alternatively, exclude all files) larger than a specified size.
For those who think I’m alone, I’m not. As much as I hate to point to them as an example, Symantec is now using self-extracting 7-Zip archives to distribute its programs. With its superior compression, I have a feeling we’ll see self-extracting 7-Zip archives a lot more in the future for program distribution, driver distribution, etc.
I’m quite familiar with the Packers screen. However, it does not give the option of excluding files over a specific size, nor does it give the option to exclude self-extracting 7-Zip archives. It does give the option to exclude (rather, to not scan) “Self-extracting DOS executables” and “Self-extracting Win32 executables” (scanning of both types is enabled by default), but I don’t want to exclude all of those; I just want to exclude the self-extracting 7-Zip archives. And yes, the “7ZIP archive” type is already unchecked, so 7-Zip archives (filename.7z) are not scanned, but self-extracting 7-Zip archives are still scanned.
A normal 7-Zip archive (filename.7z) is not extracted by the FileSystem Shield by default. However, a self-extracting 7-Zip archive (filename.exe) is scanned by the FileSystem Shield (even though the “7ZIP archive” type is unchecked). When I copy/rename/etc any self-extracting 7-Zip archive, the FileSystem Shield summary screen shows that file as the last file scanned. I can only assume that it is extracting and scanning the contents because of the very long time it takes to scan these large files.
Yes, some SFX 7-Zip archives fall into the “Dropper” packer which is scanned by the FileSystem Shield by default. However, there is a size limit for those files already (quite small, I’d say around 1MB - though it’s a parameter of the virus definitions and can change at any time).