Bug report from Japanese forums:
Even after cleaning infected ZIP archive by File System Shield (on-access), denying access to cleaned ZIP archive continues.
“Scan all archive” in the File System Shield enabled
With on-demand scan this symptom does not happen.
If we open file properties, change file name or save File System Shield settings, we can access cleaned ZIP again.
Windows 7 x64 (Original poster’s computer)
avast! Free Anti-virus
Well I would ask why enable scanning zip/archive files in the file system shield in the first place. Archived files are inert by their nature and until they are opened, their contents extracted and any executable run, then they present no immediate risk.
Long before that happens the file system shield would have scanned any newly created file (the act of extraction to your hard disk) and also scanned any executable before it is allowed to run.
Yeah mostly agreed.
If I were Op I don’t scan all archives on-access, though I want avast to scan all archive on-demand (i.e. default full scan).
You may feel we (I?) are some kind of paranoia… there are some people worry something or other which seems groundless fear.
Since I got a bug report on Japanese forum, I thought I should at least report it here.
what was inside of that ZIP archive (only one infected file, multiple infected files, one infected and other clean files, nested archives with infected files, …)
what was the detection (name) on the infected file?
what exactly does it mean “cleaning” - delete, move to chest… or repair?
the “All archives” option in the File System Shield (which I wouldn’t really recommend to use, but doesn’t matter) only enables archive unpacking… so was also the ZIP extension added to “Scan when opening” or “Scan when writing”? (or was the “Scan all files” option checked in one of those windows?)
was the initial detection triggered when accessing (e.g. opening) the ZIP file, or when writing (e.g. copying) it?
@NON
do mean like this (see picture)
in that case the explanation is, there is an update in every software. protected to avoid the corruption.
and no anti virus can take that off.
@igor
I asked OP to add these information. As far as my confirmation, details as follows:
Inside of the zip archive:
One or two infected file(s) (eicar / real malware) and one clean file (plain text file).
Detection Name:
Eicar / Win32:Small-NEG [Trj]
Action:
Delete / Move to chest.
- the "All archives" option in the File System Shield (which I wouldn't really recommend to use, but doesn't matter) only enables archive unpacking... so was also the ZIP extension added to "Scan when opening" or "Scan when writing"? (or was the "Scan all files" option checked in one of those windows?)
Firstly I checked "Scan all files", next added ZIP extension to "Scan when opening" option ("Scan all files" unchecked).
Now I uncheck both options, but alert continues... ???
It seems avast continues to scan added extensions even if I uncheck “Scan with custom extensions”
If I delete added extensions, avast stops to scan it.
Initial detection trigger:
Accessing. No alert when copying (I didn’t add extensions to “Write” section).
@bong2x
Unfortunately not.
This related to on-access scan, not on-demand (right-click) scan.
