I just tested the eicarcom2.zip (which is a ZIP file containg a ZIP file)
the results:
On demand scanner caught it and was able to move it to the chest!
Neither of the resident scanners (Standsrd Sheild or Outlook plugin (All settings on High) and with patched DefTasks.xml file) were able to detect it.
Iāve enclosed an article from the LangaList about detecting password protected archive files (havenāt tried it yet but I hope it works)
opps used the wrong file type :)With the release of Beagle.H and Beagle.I, virus writers
started enclosing the infected files within password protected
ZIP filesā¦ Iāve found that the A/V software does see the
file within the ZIP archive, but cannot process it because it
does not recognize the extension. When the archive is
password protected, the file enclosed receives a ā+ā character
at the end of the extension (ie test.exe becomes test.exe+)
Since the A/V software doesnāt recognize that kind of
extension, it lets it pass thru.
I found that by adding the "+" character to file extensions
that are blocked (.exe+, .cmd+, .vbs+ etc etc), the A/V
software can now recognize that file extension and perform the
necessary actions on it.
I've only tested this out on Norton Anti-Virus for Exchange
V2.1, but it should work on the other A/V software programs. -
--Mike Maloney, Sr. System Engineer, Middlesex County College
Click to email this item to a friend
http://langa.com/sendit.htm
I am afraid I am going to disappoint you, but it is a nonsence. There is nothing like EXE+ extension. avast! knows the true name of the file inside the archive, it doesnāt append any + after the extension. But since the file is password protected, it cannot be unpacked and scanned.
In the latest update, a special detection of the Beagle password-protected ZIP files has been added - but it has nothing to do with scanning of S&D recovery files. If avast! doesnāt give you any warning, that you may have changed something such that they are not scanned at all (or not reported) - but you certainly didnāt make avast! scan its password protected files.