Author Topic: the insignificance of files that were unable to be scanned  (Read 775 times)

0 Members and 1 Guest are viewing this topic.

Offline email.dave2

  • Newbie
  • *
  • Posts: 6
the insignificance of files that were unable to be scanned
« on: November 03, 2018, 08:05:56 PM »
Some files are unable to be scanned because they are password-protected, decomprssion bombs, too big, or corrupted. Before putting the non-scanned files out of my mind, here are a few questions:

1 - If Avast cannot scan them, does that mean that malware could not penetrate them either?

2 - Or does it mean that they are unlikely to be infected because only uncommonly sophisticated malware could penetrate them?

3 - Is such malware known for Mac OS, or has it not yet been seen in the wild?

Basically, if the file could not been scanned, does that mean it can't be infected or does it mean that it is unlikely to be infected? I just want to understand the rationale for not worrying about it. I am new to this and want to make sure I’m not missing something important.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81012
  • No support PMs thanks
Re: the insignificance of files that were unable to be scanned
« Reply #1 on: November 03, 2018, 08:27:49 PM »
Whilst I'm not a Mac user, the concept that a file can't be scanned (given the reason) I believe is the same.

1 -  Not a hard and fast NO

2 - No

3 - Since 1 & 2 above are No - I don't believe it is likely these would be targeted, be that for a Mac or Windows system.

Whilst this is a very old windows related topic - See http://forum.avast.com/index.php?topic=35347.msg297170#msg297170 this topic for more information on why files can't be scanned.

Files that can't be scanned are just that, not an indication they are suspicious/infected, just unable to be scanned.

Many programs (usually security based ones) password protect their files for legitimate reasons, there are others (and avast doesn't know the password or have any way of using it even if it did know it).

By examining 1) the file name, 2) reason given by avast! for not being able to scan the files, 3) the location of the files, you can get an idea of what program they relate to. You may need to expand the column headings to see all the text.

- Decompression Bomb, a file that is highly compressed, which could be very large when decompressed. This used to be a tactic long ago to swamp the system.

The name really is the most dangerous thing about this and I wish they would change it or simply not report it, a real PITA.

These highly compressed files are generally 'archive' files which are inert, don't present an immediate risk until they are unpacked. If you happen to select 'All packers' in your on-demand scans then you are more likely to come across this type of thing. Personally it is a waste of time scanning 'all packers' and that is why it isn't enabled by default (may differ in the Mac version of avast).

- Corrupted Archive file, this could simply mean that avast is unable to unpack it to scan the contents of the archive and assuming it is because it is corrupt. Even if it were corrupt there is nothing that a user can do to resolve any corruption, short of replacing the file..
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.2.2364/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline Pondus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 35475
Re: the insignificance of files that were unable to be scanned
« Reply #2 on: November 05, 2018, 04:02:25 PM »
avast team reply from @ondrej.kolacek  >>  https://forum.avast.com/index.php?topic=222793.msg1482054#msg1482054



Quote
just ignore the ignored files. In the new GUI we are working on, these won't even be displayed. You can not do anything regarding them. This is a case of "we know something about some files, lets show it". I guess the insane way how to display them shows how much we want people to view them. Maybe originally it may have been for our internal information (for testing etc.), but since there is the counter of ignored files visible, people started to ask us about them, and we have publicised it (the person who did the decision no longer works here so we do not know :) ).





Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 4999
Re: the insignificance of files that were unable to be scanned
« Reply #3 on: November 06, 2018, 12:16:49 AM »
As Pondus shows in the quote, this will not be reported in GUI in future release. These locations are generally in a real where the engine (and hence your user profile) can not read them, or are in formats not likely to be infected to begin with.

If you have concerns about a specific one, post it here and we can clue in on the possible reasons, but again, generally these are nothing to worry on.
"People who are really serious about software should make their own hardware." - Alan Kay