1. Manuals
  2. Brands
  3. KAPERSKY Manuals
  4. Software
  5. ANTI-VIRUS 5.7 - FOR NOVELL NETWARE
  6. Administrator's manual

Executable Module Extracting Engine - KAPERSKY ANTI-VIRUS 5.7 - FOR NOVELL NETWARE Administrator's Manual

Hide thumbs
Table of Contents

Advertisement

Appendix B
Kaspersky Anti-Virus does not disinfect archived files; it only detects
viruses in them. To disinfect such files you should extract the files from the
archive, disinfect them, delete the old archive and repack the clean files.
Extracting Engine unpacks the archived files to the temporary file storage and
passes them to the main module for scanning. After scanning, the temporary files
are deleted.
Temporary files are stored in a special working directory. You can manually
specify the path to this directory (see section A.2 on page 113).
B.2.1.3. Executable Module Extracting Engine
The Executable module extracting engine is used for searching and removing
viruses from packed executable files.
Packed executables contain a special unpacking program. When such a file is
launched, the main program is first unpacked in the RAM and then executed.
Infected files can be packed in the same way as uninfected ones. Regular scans
will recognize such infected files as clean, since the virus body is packed with the
program code.
With the executable module Extracting Engine enabled the anti-virus program
will unpack files created with different versions of the most popular packing
utilities, including DIET, PKLITE, LZEXE, EXEPACK etc., into the temporary file
area and then rescan them using the main module. After scanning, the
temporary files are deleted.
Temporary files are stored in a special working directory. You can manually
specify the path to this directory (see section A.2 on page 113).
If a known virus is detected in the packed file, it can be removed (if disinfection is
set as an action to be applied to infected files – see section B.2.2 on page 144).
The initial file will be replaced with its unpacked and disinfected copy. With the
extracting engine disabled, executable modules will be scanned as unpacked
and a virus can only be detected if it has infected the packed file itself.
The extracting engine works correctly with iteratively packed files. In addition, it
works with some versions of file immunizers – the programs that protect
executable files from infecting by adding checksums (CPAV and F-XLOCK), as
well as with some versions of encryption software (CryptCOM).
If both archive and executable file extracting engines are enabled, then
Kaspersky Anti-Virus will detect an infected file even if it is, for example,
encrypted with CryptCOM, then packed with PKLITE and finally archived using
PKZIP.
143

Advertisement

Table of Contents
loading

Related Manuals for KAPERSKY ANTI-VIRUS 5.7 - FOR NOVELL NETWARE

Related Content for KAPERSKY ANTI-VIRUS 5.7 - FOR NOVELL NETWARE

This manual is also suitable for:

Anti-virus 5.7 for novell netware

Table of Contents