I had some spare time ;D so I decided to make a test
I created 4 files containing the eicat test file: .txt,.com,.exe,.bat .
I added them to a .7z archive.
I added the .7z archive to a .zip archive.
I added the .zip archive to a .gz archikve.
then I submitted the three archives to virustotal.com. The site showed almost the same results in the 3 cases, only 8 scanner out of 36 detected the fileā¦ http://www.virustotal.com/analisis/3e0a5e34a85721c49ff5cb9eca1bc3d3
does this have any significance? Can any AV guru comment on this pls?
thanx in advanceā¦
BTW, it was surprising seeing that the ānewā Chinese Rising AV is among the 8 AVs
I personally think the test is of limited value, archive files are by their nature inert, you have to extract the content (from multiple archives in this case) and then run the files inside and before that your AV should detect the zipped content.
Whilst avast has good archive support and many of the other on VT also unpacked the files but many obviously arenāt unpacking the .zip, .7zp, .gz combo. Send the files up naked and all should detect them, so it really isnāt a valid test as the archived files are of no immediate danger.