Question How can I check for malware in password-protected zip, rar etc files?

Studynxx · Aug 5, 2024

Is unlocking them with the password on an isolated VM the only way? I want to scan them with NPE

lokamoka820 · Aug 5, 2024

Unlocking them with the password and scan them immediately, no harm will affect your system.

mlnevese · Aug 5, 2024

No need to do it in a VM unless you have the intention of running the content. For scanning purposes only, it's safe to just unlock.

ForgottenSeer 114834 · Aug 5, 2024

As others have stated just be careful you don't accidentally execute the file once extracted.

Divine_Barakah · Aug 5, 2024

mlnevese said:
No need to do it in a VM unless you have the intention of running the content. For scanning purposes only, it's safe to just unlock.

I was using Heimdal Home Premium a long time ago. Running a right-click scan excuted the malicious file I scanned. I remember contacting support and we were not able to reproduce the issue.

andytan · Aug 5, 2024

I'm not sure how but zonealarm was detecting viruses within password protected .rar files I downloaded off malware bazaar

Divine_Barakah · Aug 5, 2024

andytan said:
I'm not sure how but zonealarm was detecting viruses within password protected .rar files I downloaded off malware bazaar

Was it detecting files inside or the archive itself? Maybe the archive name plays a role? Maybe the source of download?

lokamoka820 · Aug 5, 2024

andytan said:
I'm not sure how but zonealarm was detecting viruses within password protected .rar files I downloaded off malware bazaar

Maybe the password was in the most commonly used password list, like 123456.

Divine_Barakah · Aug 5, 2024

I like BD's approach. When the scanner detects password-protected archives, it asks you to enter password.

Eset just skips them with an error message in red in scan log.

lokamoka820 · Aug 5, 2024

Divine_Barakah said:
I like BD's approach. When the scanner detects password-protected archives, it asks you to enter password.

I like this too in Bitdefender, although I always choose to ignore all when this happens.

lokamoka820 · Aug 5, 2024

Divine_Barakah said:
I was using Heimdal Home Premium a long time ago. Running a right-click scan excuted the malicious file I scanned. I remember contacting support and we were not able to reproduce the issue.

There is a reason why Heimdal not recommended in MT.

mlnevese · Aug 6, 2024

A password protected file is not a danger to your system unless you have the intention to open it later and execute whatever is inside. Anyway, your security should detect any malware payload inside if it's uncompressed.

Zartarra · Aug 6, 2024

andytan said:
I'm not sure how but zonealarm was detecting viruses within password protected .rar files I downloaded off malware bazaar

I have sometimes the same behavior with MS Defender. It looks like they detect the archivefile and not the file within.

Search

Question How can I check for malware in password-protected zip, rar etc files?

Studynxx

Level 3

lokamoka820

Level 21

mlnevese

Level 28

ForgottenSeer 114834

Divine_Barakah

Level 33

andytan

Level 1

Divine_Barakah

Level 33

lokamoka820

Level 21

Divine_Barakah

Level 33

lokamoka820

Level 21

lokamoka820

Level 21

mlnevese

Level 28

Zartarra

Level 7

Similar threads