Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2861 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Antivirus: Scan malicious code in double zip archives ?

AndiS
We received today a double Zip compressed archive file with malicious code by email. 
The file was not recognized by the UTM as malicious code. 
Scans the UTM ever double packed archive files ? We have activated the 'Dual Scan' option, but there are no option for the 'scan depth' of an archive file.


This thread was automatically locked due to age.
Parents
  • 0
    This information is for the web-proxy scanner.  Similar testing could be done for email.

    I dusted off some previous informal nested zip testing and it looks like:
    9.113, Avira engine: detected EICAR at 100 layers, download passed at 101.
    9.113, Sophos engine: detected EICAR at 10 layers, download passed at 11.
Reply
  • 0
    This information is for the web-proxy scanner.  Similar testing could be done for email.

    I dusted off some previous informal nested zip testing and it looks like:
    9.113, Avira engine: detected EICAR at 100 layers, download passed at 101.
    9.113, Sophos engine: detected EICAR at 10 layers, download passed at 11.
Children
No Data
Unfiltered HTML