Jump to content

Indigorose

BStill
 Share

Recommended Posts

BStill

BStill 0

Posted
Posted (edited)

Hello

I have an .exe file that I'm tring to scan with ESET Smart Security 6 for viruses. When I attempt a scan, it stops after 2 seconds and states that the archive is damaged and not scanned. Actually it's not a damaged file and will run and patch as it is supposed to.
Why is it that the a/v can't scan the file? Thanks for any help on this!

Edited by BStill
Link to comment
Share on other sites
Janus

Janus 210

Posted
Posted (edited)

Hey!

 

An answer to that could be that eset is not able, for some reason, to unpack and scan the file, and therefore assuming it is corrupt. ( have you tried to scan the file with other on-demand scanners to see if it state the same erro.)

Regards, Janus
 

Edited by Janus
Link to comment
Share on other sites
BStill

BStill 0

Posted
  • Author
Posted (edited)

Hello, and thank you for the replies.

 

It is specially crafted in a sense that it's for a specific game. However it is a 3rd party patch, so therefore is more suspect than if it were an "official" patch. The file zipped up is still 140mb, most ISP's won't allow email's over 20mb some up to 25mb, so it seems sending the file through email is not an option.

 

I have not tried any other a/v program to scan it yet, as two a/v programs usually end up in a multitdue of errors on a microsoft operating system. I was going to try a site like virus total but for some reason the site wont load, so that seems to be a dead end.

 

The error reads..

 

Scan completed in 0 seconds

 

Number of objects scanned: 0

Number of infected objects: 0

Number of cleaned objects: 0

 

...\Downloads\cm-patch0140hf\cm-enable.exe » INDIGOROSE - archive damaged

 

It seems to me that if it could falsely report a damage then a virus could be hidden. Any help on forcing a scan or any other ideas would be greatly appreciated.

 

Update: I scanned the downloaded .zip file with the current version of Clam A/V on a Linux operating system. The scan took 5 seconds to finish and came back with no infections of the two .exe files. The virus database recognizes over 2.2 million variations of viruses.

 

It seems to me to "fool" ESET anti-virus all a malicious attacker would have to do is plant a virus into an indigorose package. So my questions are now...

 

1.) Why is it that a free and open source anti virus program can scan a file that the a/v program I'm paying for can not?

 

2.) Is there a way to force ESET into scanning the indigorose packed file?

 

Thanks

 

 

 

 

 

Edited by BStill
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

One thing to keep in mind - even if an error is reported during archive extraction, it doesn't mean the archive was not scanned at all. It's rather that some files were not unpacked completely. Moreover, potential malware in an Indigorose installer package would be detected upon installation by real-time protection so the user would be protected anyways. As for why some free AV programs don't report any errors, it's likely they don't scan inside Indigorose packages at all. You can check out the number of scanned files; if only 1 is reported as scanned, then the archive was not scanned internally.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...