Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: guitar_billy on December 11, 2003, 10:11:26 PM

Title: avast and scanning archives
Post by: guitar_billy on December 11, 2003, 10:11:26 PM
hello all,
i recently upgraded to Avast! 4, and i get this message (each time) i scan with "scan archive files " enabled:

"Unable to scan: ZIP archive is corrupted"
and
"Unable to scan: UPX archive is corrupted"
(see attachment)

i'm curious.... because the listed java files seem to work okay for me. anybody else gotten similar messages???

and why would avast list a .jar file as ZIP archive and a .zip file as UPX type file?

thanks, ALEX
Title: Re:avast and scanning archives
Post by: igor on December 11, 2003, 10:38:50 PM
The java .jar files are .zip archives in fact - you can try to unpack them with some zip-unpackers (WinZip, WinRAR, Total Commander,...). Some of them are known to be "corrupted" (at least in the ZIP sense of the word).

avast! is announcing .zip as UPX? That's strange... isn't it rather one of the files inside of the zip? Or maybe a SFX ZIP archive, having the SFX part compressed with UPX?

If you could post the exact messages (i.e. together with the full filenames), it may be helpful.
Title: Re:avast and scanning archives
Post by: guitar_billy on December 11, 2003, 11:29:31 PM
hi there,

weird,  there should have been an attachment with a screenshot of the results =>
Clipboard01.png, 12Kb.

maybe it got lost because i previewed before posting? hmmm i tried to modify the post without success... where does the attachment dissappear to???  :)

anyway, i just opened one of the fava .jar files with WinZip and interestingly when i try to view or extract that file WinZip gives me a CRC error.

does Avast! use external programs to access the archives or does it have its own archiver?
gr, ALEX
Title: Re:avast and scanning archives
Post by: pk on December 11, 2003, 11:37:15 PM
...list a .jar file as ZIP archive...

Igor is RIGHT, .jar files have ZIP internal structure - some .jar files have bad CRC and they are unable to unpack with WinRAR or WinZIP.

avast! is announcing .zip as UPX?
isn't it rather one of the files inside of the zip?


ZIP archive has bigger priority in scanning than UPX, so file was not detected like ZIP or SFX ZIP. Please, guitar_billy, send me this file, thanks.
Title: Re:avast and scanning archives
Post by: pk on December 11, 2003, 11:44:29 PM
does Avast! use external programs to access the archives or does it have its own archiver?

In most cases, we have own unpacker (or packer) - we use external library only for ACE (because author wrote unpack in WatcomC and he doesn't want to share it), CAB (but at present, we're trying to get source code for avast) and CHM packer will use windows library to unpack.
Title: Re:avast and scanning archives
Post by: MikeBCda on December 11, 2003, 11:57:25 PM
If you're referring to Sun Java, rather than the MS virtual-machine version, I ran into exactly the same error messages the first time avast (admittedly a few versions back) encountered Sun Java for the first time after I installed the latter.

The Sun Java is notorious for not downloading properly, which is why you'll see warnings all over their site to check file sizes both after downloading and after installing.

I un-installed the Java and re-downloaded and re-installed a couple of times, and of course have tried to ensure my avast is up to date (both program and database).  No problems with scans in quite a while, so I assume I finally got a good clean download of Java, and/or more recent avast updates handle its archives better.
Title: Re:avast and scanning archives
Post by: guitar_billy on December 12, 2003, 12:15:18 AM
MikeBCda -- yes, i was referring to .jar files from the Sun Java installation. i uploaded the screenshot to: http://www.volny.cz/pavlaj/Clipboard01.png

pk -- i just send you the .zip file that avast claims is UPX.

some additional notes:

this .zip file is handled by my WinZip without problems, this in contrary to the .jar archives.
the 'localedata .jar' archive makes WinZip give a CRC error; on the same file that Avast! complains about (MANIFEST.MF, top listed on Clipboard01.png)

interestingly when i choose to manual scan the .jar file from Windows Explorer (right mouse click menu), Avast does not complain... but does it scan okay?? result:
http://www.volny.cz/pavlaj/Clipboard02.png

lastly, Avast! version 3 which i used until recently, never gave me archive scan errors, but scanning took much much much longer   :)

cau, ALEX
Title: Re:avast and scanning archives
Post by: pk on December 12, 2003, 12:33:24 AM
pk -- i just send you the .zip file that avast claims is UPX.

thx, i got it; as i answered you in email, we have some UPX files which may be corrupted, it could be one of them.

lastly, Avast! version 3 which i used until recently, never gave me archive scan errors, but scanning took much much much longer   :)

I dont remember it well, but we replaced ??? ZIP unpacker in version4 - if not, we did _lot of_ changes in this unpacker - you cant compare version3 and 4.

Title: Re:avast and scanning archives
Post by: Vlk on December 12, 2003, 08:07:31 AM
Quote
lastly, Avast! version 3 which i used until recently, never gave me archive scan errors, but scanning took much much much longer


Actually, version 3 never gave any errors :) But not because it didn't encounter any, but because it was ignoring them.

We've completely rewritten the engine for version 4, and one of the enhancements was proper error handling - now all the problems are reported (instead of being swallowed :))

Vlk
Title: Re:avast and scanning archives
Post by: guitar_billy on December 12, 2003, 11:00:07 AM
hi again,

still curious about the Sun Java .jar files, i send a few of the files (which Avast! complained as corrupted) to my work, where we have the Sun Java SDK kit. this contains the jar tool, with which you can create, view, and extract jar-files.

and guess what? even for the Sun jar tool the files are not correct.


jsse.jar -- java.util.zip.ZipException: invalid entry crc-32 (expected 0x0 but got 0x83919057)

javaws.jar -- java.util.zip.ZipException: invalid entry crc-32 (expected 0x0 but got 0x6cdda3aa)

localedata.jar -- java.util.zip.ZipException: invalid entry crc-32 (expected 0x0 but got 0xf1e4e34c)


i find it funny that my java installation actually works   :)   so i conclude that in case of the .jar files, Avast! is correctly reporting them as corrupt. good work!

nashledanou, ALEX
Title: Re:avast and scanning archives
Post by: Vlk on December 12, 2003, 11:09:05 AM
Good. :)

Quote
cau
Quote
nashledanou

What the...?  ;D

Vlk
Title: Re:avast and scanning archives
Post by: guitar_billy on December 12, 2003, 11:18:54 AM
okay, long story made short  ;D

i'm Dutch, currently living and working in Czech Republic. in fact, i live very close to your office.... Zahradni Mesto, near the big shopping centre Hostivar....

houdoe, ALEX   (now that's Dutch for a change   :P)
Title: Re:avast and scanning archives
Post by: Vlk on December 12, 2003, 11:35:18 AM
Really?? Hehe, that's funny! ;D

Quote
i'm Dutch, currently living and working in Czech Republic. in fact, i live very close to your office.... Zahradni Mesto, near the big shopping centre Hostivar....


Zahrani Mesto is really just across the freeway.
Maybe we'll see each other there - I sometimes go to the 'H' for a movie (there's a pretty nice cinema there...). :)

Take care,
Vlk
Title: Re:avast and scanning archives
Post by: Freeman on January 24, 2004, 02:03:15 AM
Greetings,

I thought I'd bump an old topic since I'm having a similair problem as guitar_billy. When I run a standard or thorough scan (with scan archive files turned on) I get the error: "Unable to scan: UPX archive is corrupted" on an .exe file which I'm sure is fine.
However, when I right-click on the folder with the file in question and scan it that way, I don't receive the error message.

Windows ME
avast v4.1 HE 4.1.335
vps 401-1

PS The file is too large to post as an attachment, but I can email it to whoever needs it.

Cheers!
Title: Re:avast and scanning archives
Post by: Vlk on January 24, 2004, 09:43:29 AM
Hi Freeman, here I'm again... ;)

The rule of thumb is: these "XXX archive is corrupted" are really no errors, these are just warnings - telling you that the avast unpacker was somehow unable to unpack the file (but of course, the scanner still did scan it without unpacking, just as if it wasn't packed).

E.g., many software authors have the tendency to use some anti-cracking, anti-hacking, anti-tampering or anti-debugging techniques to protect their programs. Probably the most popular method is to take a commercial-grade EXE packer and modify it a bit (scramble the file afterwards or add extra encryption loops to it etc.). Naturally, such a file cannot then be unpacked by the avast unpacking engine (as well as by the official UPX unpacker) because the format is changed....
Title: Re:avast and scanning archives
Post by: Freeman on January 25, 2004, 07:29:22 AM
Vlk,

Cheers for the response, that's good to know.