Just out of curiosity, why not do it the way many other vendors do, and include an option to scan files based on content-type rather than extension? Is there any particular reason why the "regular" solution isn't adopted in this case?
First, which “other vendors” are you refering to, exactly?
Now, there’s no “content-type” concept in Windows, really. To determine a file’s content-type the AV would need to open the file, read a chunk of its data and based on what’s read, decide of what type it is. This is generally not too fast (but in fact, it is done by avast in certain cases, e.g. while recognizing on-exec (looking for the MZ header) and OLE files on-open (looking for the OLE “d0cf11e” signature)).
But how would that help in the context of scan exceptions?
Thanks for the update. If only the virus analysts at Alwil respond this fast to malware submissions...
I wasn’t sure at the beginning, but now I’m positive this is solcroft from Wilders’ ;D
But of course, this is a valid point, too. I sometimes keep asking the same question myself. :-\ Things are moving forward, though. Infrastructure changes are on the horizon and I believe the improvements it eventually brings will be quite dramatic.
AFAIK, KAV and Avira do this, for one. As for how it would help in the context of scan exceptions, though… my bad, I was thinking of something else when I was typing that post. Guess I got a bit mixed up.
As for specification of what to scan - avast uses the content-type concept, too, of course.
This is what the “Normal” scan sensitivity does.
Quick = based on extensions (no other files are opened)
Normal = based on content-type (all files are opened, content-type is determined and potentially infectable files are scanned)
Thourough = all files are scanned (no matter of extensions and content-types)
I’ve always wondered that myself. ;D Personally I’ve always preferred my applications tell me exactly what their options mean, like “scan extensions only”, “scan by content” and “scan all files”, but I suppose it’s not as “user-friendly”, so to speak…
Yep, we somehow expected the average Joe to hit F1 in case of doubt…
Plus, the Enhanced UI (available in Professional Edition only) lets you customize just about everything…
I think that it is worth adding for solcroft’s information that the avast scanner provided for a “quickscan” in the context menu for a device/folder/file is in fact a thorough scan as defined by Vlk.
In the case, for example, of a USB device added to the system and thus scanned it would detect a malware signature in a file named 1.ini (agreed it would be bypassed as noted in the autorun case).
This is also the scanner recommended to avast users for scanning all downloads.
