That is I believe a repercussion of what is reported of it being a decompression bomb, the file ee.g. the zip file would have to be opened and delete the file/s inside.
Don’t try to delete them from avast, use explorer and open the tvDebug.zip file and delete some of the old .log files contained inside.
system
43
Hello, a new user with another new angle on this decompression bomb business. I note all the preceding caveats about how they probably are nothing to worry about, and how they can be checked out outside of Avast if necessary. The one Avast just reported for me is associated with the intray of a user email account:
… email/mail/local folders/PartNo_0#1328536678
How can I identify which email is responsible? At the very least I want to know what it is and who sent it.
Andy
DavidR
44
What is your emai program ?
It probably won’t be one email, rather the mailbox concerned.
have you any idea how many email programs work in relation to mailboxes (inbox, etc), well it is just a single (database) file with all the emails in that email folder contained within it. That could make for a very large file.
If you use your inbox for general storage, then I suggest you treat it like an in tray in an office, stuff comes in and is place in the in tray. It is then read and any action taken and is then filed into another tray, ‘pending,’ ‘out’ and from there is filed in a filing cabinet under a folder more appropriate for its content. The same applied to your email once dealt with place in a differen folder.
That way you keep the inbox relatively empty; the inbox is the most likely to be corrupted and or deleted as it is to one usually open if you have a crash, etc. This also has the effect of balancing the email folder sizes so one doesn’t get enormous.
So I don’t know what your email client is or how your email folder structure looks like, e.g. if you have one called PartNo_0#1328536678 or if you have an email with that subject title, as such I can’t suggest how to find it.
system
45
We’re using Thunderbird. Yes, I did know that email was often treated as a database, and Thunderbird certainly does - however, it would not have occurred to me that a virus scanner would have to scan the entire intray as a single file, though. I have checked the size of the intray of the user in question and it is nearly 900 MB! Next closest is 230 MB, then 80 MB, then mine at 29 MB. I have had a polite word in the ear concerned and offered assistance in major surgery 
DavidR
46
It only scans the inbox as a single file during an on-demand scan when it only sees it as a single file.
For scanning inbound email it scans that email in the Internet Mail localhost proxy, before it gets to the inbox. So your issue with very large file size only happens during on-demand scans.
There are many that would recommend that you exclude these Thunderbird email database files as effectively if avast actually found anything in there, it wouldn’t really be able to extract the infected email and may corrupt the file if it couldn’t. This could result in loss of the remainder of emails contained in that file.
You should also consider regularly backing-up your email database files against any such eventuality, not just AV related.
system
47
I use Avast! once a week, been clean for many weeks now. Today two files are marked as decompression bombs. They could not be moved to Chest or deleted by Avast. I then tried Repair. That gave me a nice message (successful) on the screen, but the report still said it was a problem.
C:\DocumentsandSettings\LocalSettings\ApplicationData\Mozilla\Firefox\Profiles\g5gu17hs.default\Cache.…{gzip}
… is FC120747d01 for 1st file and
BCA62344d01 for 2nd file.
I have used Mozilla Firefox for years, and get its updates regularly. Why did this suddenly appear? Should I do a boot scan? Why does Mozilla suddenly have 2 files so large? My knowledge of software innards is not good enough to know why a file in Profiles should be so large.
Thanks for any guidance. Scary term, decompression bomb, even when explained.
Sarah
DavidR
48
The cache file/folder can be very large and that is all it means, nothing more nothing less. Exactly what has been covered in this topic.
You should a) periodically clear out the cache, b) restrict the size it can grow to.
system
49
I’m just recovering from a virus, and avast reported a lot of these decompression bombs on my external drive afterward, all in files that have been on my drive for over a year and accessed periodically. What are the chances a virus could’ve slipped into one of the files in those archives? And what purpose would there be to making them decompression bombs; if the intent of a decompression bomb is to completely lock up system resources, would there be any CPU left for a virus to spread?
I’ve deleted some of these, but when I looked into a few I found that some, although large, are packed close to a 1:1 ratio – so what the heck is the criteria for labeling an archive a decompression bomb?
If you read this thread, you’ll see that decompression bomb is not a thing to worry that much.
It’s always better send a file to Chest than direct deleting it.
system
51
When it goes to the Chest, isn’t it compressed into yet another format? What actions can I take on it then?
This decompression bomb detection sounds like a good idea, but it doesn’t seem complete yet. Can’t the end user have at scanned at their own discretion anyway? Should the other issues I brought up be ignored? – ie: why would decompression bombs be considered a primary threat, and under which criteria is an archive identified as a decompression bomb?
It’s encrypted. Outside of the Chest, the files are inert. You can copy, move, paste… you can’t edit, open, etc.
Within Chest, you can scan the file, send it to Alwil for analysis, etc.
I have a file doing this as well, it is avi file (movie), so it is probly compressed. Think this is the prob?
Never mind, scanned the file by itself and scanned just fine.
system
54
And I have a file, called decompression bomb. It is C:\program files\Nero\Nero8\Nero backitup. I really don’t understand anything of computers.Do you think that it might be sth dangerous?Thanx in advance.
No, it’s not. Don’t worry.
Decompression bomb is just something that unpacks to an unusually big amount of data even though it’s rather small (i.e. has a high compression ratio, for example). It’s nothing to worry about, you are just informed that avast! will not try to unpack the archive (you may not even know that it’s an archive, but it seems like it is) because it may take VERY long to process.
(quoted from Igor: http://forum.avast.com/index.php?topic=15389.msg131213#msg131213)
system
56
Thanx very much :).I have just noticed that in fact it is written C:\program files\nero\Nero8\Nero backitup.…\root.img. I didn’t write it that way before(I missed root.img) but I guess it is the same?
system
58
Hi all,
How is avast! able to identify decompression bombs? Does it attempt to extract the contents of an archive, then abort once the extracted contents reach some pre-determined “suspicious” size? Does it estimate the extracted size and compare it to the compressed size? If so, is it able to estimate the sizes of recursively compressed archives?
Thanks in advance!
I also have a question. I don’t see this feature into avast5 GUI. Seems that is “hidden” as in avast4.
Am I right? Would people be able to configure the compression rates, the alerts, etc.?
system
60
Ok so I just did a scan today (Home edition 4.8 with thorough and archives enabled) and ended up with like 39 different ‘unscanables’ as such. Most of them said that it was due to them being compression bombs that they couldn’t be scanned. I’ve read through this thread but was wondering if it is safe for these not to be scanned?