Eicar inside ISO file and inside zip within a zip file is not scanned/detected.

SEC 5.5.1

So i have been testing sophos alot, and for some reason it will not scan inside .iso files or a zip within a zip file.

I placed Eicar-test files on a ISO file and when i ran the right click "scan now" it just cleard the file instantly, the same happend with the zip file with in a zip file.

I tried this on a diffrent AV- software and it found this files instantly.

Is there anyway to configure sophos to actually scan iso-files and inside of a zip file without using sav32cli.exe with the -zip command?

 

Best Regards

T

  • Hi  

    Please refer to this document and check the step no. 7 which has a setting for the archive file scanning.

    Please verify that this option is enabled on your console and the policy is applied to the machine properly but this will significantly slow down the PC.  

  • In reply to Jasmin:

    Jasmin

    Hi  

    Please refer to this document and check the step no. 7 which has a setting for the archive file scanning.

    Please verify that this option is enabled on your console and the policy is applied to the machine properly but this will significantly slow down the PC.  

     

     

    Hi Jasmin.

    Yes we have checked the "scan inside archive files" option, but if its a compressed file within a compressed file it will not be scanned.

    I will test if the on access scan" will pick up the Eicar files when i unzip it from the zip-file.

     

    Any thoughts about the iso-file issue?

     

    BR

    T

  • In reply to Tobbe_h:

    Hi  

    You can probably mention the iso extension file in the on-access scanning option. Please refer to this document and check the below options are correctly configured.

    1. Scan all files are checked.

    2. Check whether .iso extention is mentioned in the "Additional file type extensions to be scanned".