BStill 0 Posted May 31, 2013 Share Posted May 31, 2013 (edited) HelloI have an .exe file that I'm tring to scan with ESET Smart Security 6 for viruses. When I attempt a scan, it stops after 2 seconds and states that the archive is damaged and not scanned. Actually it's not a damaged file and will run and patch as it is supposed to.Why is it that the a/v can't scan the file? Thanks for any help on this! Edited May 31, 2013 by BStill Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted May 31, 2013 Administrators Share Posted May 31, 2013 Maybe it's a specially crafted (patched) archive. Please submit it to ESET as per the instructions here. Link to comment Share on other sites More sharing options...
Janus 210 Posted May 31, 2013 Share Posted May 31, 2013 (edited) Hey! An answer to that could be that eset is not able, for some reason, to unpack and scan the file, and therefore assuming it is corrupt. ( have you tried to scan the file with other on-demand scanners to see if it state the same erro.) Regards, Janus Edited May 31, 2013 by Janus Link to comment Share on other sites More sharing options...
BStill 0 Posted May 31, 2013 Author Share Posted May 31, 2013 (edited) Hello, and thank you for the replies. It is specially crafted in a sense that it's for a specific game. However it is a 3rd party patch, so therefore is more suspect than if it were an "official" patch. The file zipped up is still 140mb, most ISP's won't allow email's over 20mb some up to 25mb, so it seems sending the file through email is not an option. I have not tried any other a/v program to scan it yet, as two a/v programs usually end up in a multitdue of errors on a microsoft operating system. I was going to try a site like virus total but for some reason the site wont load, so that seems to be a dead end. The error reads.. Scan completed in 0 seconds Number of objects scanned: 0 Number of infected objects: 0 Number of cleaned objects: 0 ...\Downloads\cm-patch0140hf\cm-enable.exe » INDIGOROSE - archive damaged It seems to me that if it could falsely report a damage then a virus could be hidden. Any help on forcing a scan or any other ideas would be greatly appreciated. Update: I scanned the downloaded .zip file with the current version of Clam A/V on a Linux operating system. The scan took 5 seconds to finish and came back with no infections of the two .exe files. The virus database recognizes over 2.2 million variations of viruses. It seems to me to "fool" ESET anti-virus all a malicious attacker would have to do is plant a virus into an indigorose package. So my questions are now... 1.) Why is it that a free and open source anti virus program can scan a file that the a/v program I'm paying for can not? 2.) Is there a way to force ESET into scanning the indigorose packed file? Thanks Edited May 31, 2013 by BStill Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted June 2, 2013 Administrators Share Posted June 2, 2013 You can upload the file to a safe location and email ESET just the download link. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,234 Posted June 5, 2013 Administrators Share Posted June 5, 2013 One thing to keep in mind - even if an error is reported during archive extraction, it doesn't mean the archive was not scanned at all. It's rather that some files were not unpacked completely. Moreover, potential malware in an Indigorose installer package would be detected upon installation by real-time protection so the user would be protected anyways. As for why some free AV programs don't report any errors, it's likely they don't scan inside Indigorose packages at all. You can check out the number of scanned files; if only 1 is reported as scanned, then the archive was not scanned internally. Link to comment Share on other sites More sharing options...
Recommended Posts