6 Replies Latest reply on Jan 13, 2011 10:33 AM by sgrimmel

    Test Virus Scan in Zip file

      Hi all

       

      I refer to this page: http://www.eicar.org/anti_virus_test_file.htm

      When I tested the virus scan (8.7) with the file eicar.com - the threat was found and respomd triggered ok.

      when I copied the sip file I did not get any notification of the thread.

      "Scan in Zip files" is enabled in defualt policy.

      What can be the problem? how can i make sure zip files are being scanned?

       

      Thanks

      Sam

        • 1. Re: Test Virus Scan in Zip file

          You're on the right track, because the best way to check if files are being scanned is to use the eicar test pattern. There must be something misconfigured, and it might take some searching to find the correct setting.  First, is this a workstation or server? Is it managed by ePO or not?

          • 2. Re: Test Virus Scan in Zip file

            Hi

            I did my test on Workstation xp prof. which is managed by epo4.5, VirusScan8.7.

            My "On-Access Default Processes Policiy" is set to scan compressed files (e.g. ZIP), but yet no success - the scanner did not pick the file. i tried that on 2 test workstations

            Thanks for your help

            • 3. Re: Test Virus Scan in Zip file

              Ok, since the workstation is managed by ePO, you need to change the policy on the ePO server and then also verify that the workstation gets the policy from the ePO server.

               

              First, find the policy on the ePO server that applies to that workstation.  Do you have configured "Configure different scanning policies for high-risk, low-risk, and default processes "?

              • 4. Re: Test Virus Scan in Zip file

                yes, I have these 3 policies configured. in all of them I enabled "scan all files" and scan compressed files (e.g. ZIP)

                • 5. Re: Test Virus Scan in Zip file

                  Ok, if the policies are correct on the ePO server, then bring up the VirusScan Enterprise console on the client machine where you're testing.  Check that the policy on the workstation exactly matches what you expect to see.  If it doesn't, then you need to figure out why the policy is not getting from ePO to the client.

                   

                  If it does, make sure you're not copying the .zip file to a location that is excluded from scanning.  (try the root of the c: drive).  Make sure the .zip file is not encrypted or password-protected.

                  • 6. Re: Test Virus Scan in Zip file

                    Hi

                     

                    Please let me know if you copied a file from one location on your hard drive to another location on the same drive.

                     

                    If this is the case, please copy the file to a different drive and let me know if that does trigger a detection.

                     

                    Regard