It seems that whenever someone uploads a RAR file using HFS (http://www.rejetto.com/forum), Avast seems to rescan the RAR many times and causes a huge lag of the system. I guess the RAR was continuously modified when the upload is in progress. The RAR size is only 2 MB btw.
First, the RAR hasn’t changed for a long time so this is most likely not a 418-specific thing (I hope :)).
Second, your saying that your scanning RAR files on-access? Hmm… well - what can I say? Especially if the file is continuously written, avast will be triggered many times and the overhead will of course be enormous.
Is there a way to recognize that the file is not comletely there yet? Like a different file name or something? So that you could put it to the exclusion list…
Is there a way to recognize that the file is not comletely there yet? Like a different file name or something? So that you could put it to the exclusion list...
What does that suppose to mean?
The filename for the RAR(s) are random so... :-\
Hopefully pk has worked out the problem.
Thanks pk.
If you have the on-access scanner configuration that includes created/modified files scanning with RAR extension, there is nothing to be “worked out” here, sorry.
No, it won’t.
Sorry, but it’s doing exactly what you instructed it to. You want all the created/modified files to be scanned… if the file is written by parts, closed and reopened again after each few kilobytes, it’s simply being modified very frequently - so, an enormous number of scans occurs. There is nothing we can do about it.
I don’t think having all the created/modified files be scanned is a good idea (or even necessary).
Well, how can you know that, if you didn’t write the application that handles the upload?
No, it wouldn’t.
I didn’t say you should disable the option completely (even though it shouldn’t cause any bigger security risk either) - I meant that having all the files to be scanned like this is a little overkill, in my opinion. The standard set of extensions should be enough.
;D… You are right! I will have to ask the author later on. :-\
Anyways, I think a solution for this maybe to integrate the Smart File Detection feature into Resident Protection? Should speed up the process and increase system performance.
Not really - you may have the scanning of archives turned on - then it wouldn’t speed up anything.
How about doing the “smart file detection” yourself and telling avast! not to scan modified RAR files?
… Eh
Avast definition of packers = archives.
Then I wonder what Avast will do when it encounters a UPX compressed EXE. No option to select anything? Or are they automatically scanned anyways?
I would turn off scanning of archives though… since they cannot infect without being decompressed first.