Zip Files

:-
I was a user of AVG and switched to Avast because I thought it looked better. I really like the program however…when I scan the EICAR virus test files I only get a positive result on the .com and .txt files. The zipped files show no infection. Is there an issue with .zip files or other archive types?

Are talking about on-demand or on-access?

If on-demand, you just need to turn on archive scanning.
If on-access, yes, avast by default doesn’t look for viruses in packed files. However, it can be enabled. Look at the deftasks.xml file in the avast folder - all you need to do to enable scanning of archives on-access is to add the line

EXE;ZIP;MIME;RAR;ARJ;TAR;GZ

after the line
1

If you’re using avast 4 Professional, the same thing can be done in a more convenient way by editing the resident task.

Vlk

Thanks for the reply. I have a question though…I can’t find any settings to enable archive scanning. Is this available in the home edition?

Yes, it is. It can be turned on after scan area is selected in simple user interface. Small window is shown then with slider to set test sensitivity and check box to enable scanning of archives…

;D
Thanks. I see that option. I was actually looking for some way to turn on the archive option for the Quickscan in the right click context menu. However, the XML code I was given works very well for on access scanning and that is good enough for me.

Detail option settings for ashQuick.exe program is available in Professional Edition of avast! version 4.0 - it is managed by enhanced user interface…

We have modified defaults for ashQuick.exe to scan all known archives - you are right that program should do this.

If you want to enable archives scanning for ashQuick.exe on your computer right know add following lines into your DefTasks.xml file:

1 *Quick All

Then restart avast! service (if you are using Win9x, ME restart your computer) to reflect made changes…[/me]

;D
Great responses. Thanks for the XML Code for quickscan, although it is kinda redundant now. With the XML code for on access scanning inserted into the deftasks file as soon as you click on an infected archive file the alarm sounds.

I looked at the lines further down in the file and the looked similar, but had some extra file-extensions, and “overwrite=no” in the tag, should those additions be added to the tag you suggested too (are they newer additions since your original posting) or…

  <OUTLOOK--ScanPackers overwrite="no">EXE;ZIP;MIME;RAR;ARJ;TAR;GZ;CAB;ARC;ACE;ZOO;BZIP2;WinExec</OUTLOOK--ScanPackers>
  <MAIL--ScanPackers overwrite="no">EXE;ZIP;MIME;RAR;ARJ;TAR;GZ;CAB;ARC;ACE;ZOO;BZIP2;WinExec</MAIL--ScanPackers>
  <P2P--ScanPackers overwrite="no">EXE;ZIP;MIME;RAR;ARJ;TAR;GZ;CAB;ARC;ACE;ZOO;BZIP2;WinExec</P2P--ScanPackers>
  <IM--ScanPackers overwrite="no">EXE;ZIP;MIME;RAR;ARJ;TAR;GZ;CAB;ARC;ACE;ZOO;BZIP2;WinExec</IM--ScanPackers>

It’s actually not file extensions, it’s file formats (unpacker engines)…

You can set those for STANDARD (The Standard Shield) as well, but avoid the overwrite=“no” attribute, it would make the changes unusable…

Vlk may I ask what is the correct setting to do this on avast 4 Pro to setup all the ScanPackers, do you understand what I am trying to say.

Right click on the task, choose properties, go to page ‘Packers’ and choose ‘All Packers’. You can do for all tasks that you want.

Hope this help :wink:

Mmmm I found it I better not edit the DefTasks.xml is too risky for me, better leave it alone not unless I know what I am doing with the DefTasks.xml.

It’s pointless to do the DefTasks.xml trick if you have avast Pro. That’s what the Enhanced GUI is for!

i tried it…but the deftasks.xml file changes everytime i reboot…EXE;ZIP;MIME;RAR;ARJ;TAR;GZ disappeared… ??? ???

For me too… What are we doing wrong?
If we have the Pro version, what does change the deftask.xlm file? A though that the GUI will read the file and keep the values…
If I go to the GUI, I set all packers but that line does not appear as stated before:

…EXE;ZIP;MIME;RAR;ARJ;TAR;GZ

oh… :o…weird…think we will wait for the guru to comment…we know who you are!!!.. ;D