OPSWAT、FileScan.IO の資産買収を発表. 詳細情報

How do I scan extractable and zipped files for viruses and other malware?

Archived or extractable files can sometimes present a challenge for reliable threat detection. Scanning a compressed or archived file might not show that infected or suspicious files are contained within it because the threats are hidden within layers of the archive. On the other hand, some file types that can be extracted will have no files in the contents that are individual threats, but as a whole can be malicious, or detected as such.

To test this out, we gathered a sample of extractable files and scanned them using MetaDefender Cloud, our free web-based tool that offers a multi-engine file scanning service and allows you to compare scan results for original and extracted files.

We took a look at the results, seeing how the full, unextracted file was evaluated, as well as checking the scan results after the file had been extracted and each individual file within it had been scanned. We found examples of each scenario:

Clean original file with malicious files found after extracting

Malicious original file with only clean files found after extracting

These results show that it is often helpful to compare the results from scanning the full file vs. scanning the extracted files. For different types of files, one of these methods might be more valuable than the other; for example, files like self-extracting EXEs might be able to be detected as malicious when none of the contents are detected.

Looking at additional data points and performing in-depth analysis can help guide better decisions on the maliciousness of extractable files, ensuring that the risk of unnoticed threats and false positives are reduced. Check back soon for our white paper with more detail on this topic!

Sign up for Blog updates
Get information and insight from the leaders in advanced threat prevention.