Welcome, Guest. Please Login or Register.
Search
Members
Login
Register
   Mischel Internet Security Forum
   TrojanHunter
   Bugs (Moderators: Helena, Gavin_Coe, Magnus)
   [CLOSED] Compressed WinRar Files are not scanned		 « Previous topic | Next topic »
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: [CLOSED] Compressed WinRar Files are not scanned  (Read 952 times)
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
[CLOSED] Compressed WinRar Files are not scanned
« on: Mar 3rd, 2010, 11:08pm »		 Quote Quote  Modify Modify
This is on Windows x86 and x64 with WinRar V3.92 installed and TH V5.3.993 Beta 1
 
Folders that are compressed via WinRar are not unzipped and fully scanned by TH right-click scan.  
 
1.  Have WinRar installed on computer.
 
2.  Select a folder with multiple files in it.  Right click on the folder and select Send to>Compressed (zipped) folder to create a compressed folder.  This folder has a .zip extension.
 
3.  Right click scan the compressed folder with TH.
 
The compressed folder is not unzipped and each file scanned.
 
4.  Open the TH scanner GUI and run a Scan File on the same compressed folder.
 
The compressed folder is not unzipped and each file scanned.
 
-  I do not know if this also happens without WinRar.  Both of my systems have WinRar installed.
 
-  I also did not test if such a folder is unzipped and fully scanned during a normal FULL scan by TH GUI or thcl.
 
-  Right click scanning does unzip and scan a downloaded .ZIP file.   Huh  (corrected on 07-Mar-10)
« Last Edit: Mar 14th, 2010, 1:00pm by Magnus » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4523
Re: Compressed WinRar Files are not unzipped/scann
« Reply #1 on: Mar 6th, 2010, 10:38am »		 Quote Quote  Modify Modify
Hi Tom,
 
Quick question: When you get this result, do you have "Scan zip-files" checked or unchecked in the TrojanHunter options?
IP Logged
Follow me on Twitter: http://twitter.com/mmischel
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: Compressed WinRar Files are not unzipped/scann
« Reply #2 on: Mar 6th, 2010, 10:20pm »		 Quote Quote  Modify Modify
on Mar 6th, 2010, 10:38am, Magnus wrote:
Hi Tom,
 
Quick question: When you get this result, do you have "Scan zip-files" checked or unchecked in the TrojanHunter options?

 
Scan zip-files is checked.  This bug is 100% repeatable on Windows 7 x86 and x64 on any folder compressed as per the above method.  These are type- WinRar ZIP archives with .zip extension.
 
On further investigation, it does not appear that right-click scanning or "Scan File" handle (uncompresses) files with a .RAR extension either.
« Last Edit: Mar 6th, 2010, 11:28pm by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4523
Re: [OPEN]Compressed WinRar Files are not scanned
« Reply #3 on: Mar 7th, 2010, 2:50pm »		 Quote Quote  Modify Modify
I have reproduced this now. A fix should be in the next beta.
IP Logged
Follow me on Twitter: http://twitter.com/mmischel
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: [OPEN]Compressed WinRar Files are not scanned
« Reply #4 on: Mar 8th, 2010, 12:55am »		 Quote Quote  Modify Modify
This bug is not fixed in TH V5.3.994 Beta 2.
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4523
Re: [OPEN]Compressed WinRar Files are not scanned
« Reply #5 on: Mar 11th, 2010, 10:01am »		 Quote Quote  Modify Modify
Strange, I can't reproduce this and was sure it was fixed. Can you email me a zip/rar file that reproduces this? You could for example compress the TSServ.exe file included in the Trojan Simulator archive.
IP Logged
Follow me on Twitter: http://twitter.com/mmischel
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: [OPEN] Compressed WinRar Files are not scanned
« Reply #6 on: Mar 11th, 2010, 11:44pm »		 Quote Quote  Modify Modify
I emailed you a .RAR archive.  The email topic is  
 
Quote:
WinRAR file with .RAR extension.
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: [OPEN] Compressed WinRar Files are not scanned
« Reply #7 on: Mar 14th, 2010, 3:28am »		 Quote Quote  Modify Modify
Magnus,
 
Were you able to duplicate the .RAR failure using the WinRAR file I emailed you?
IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4523
Re: [OPEN] Compressed WinRar Files are not scanned
« Reply #8 on: Mar 14th, 2010, 6:31am »		 Quote Quote  Modify Modify
Hi Tom,
 
No, when I scan that rar file you sent I get "50 objects scanned".  
 
Can you replace the beta executable with this one just to make sure we're using the same version? http://www.misec.net/temp/TrojanHunter.exe
 
Does the problem still occur with this scanner executable?
« Last Edit: Mar 14th, 2010, 6:33am by Magnus » IP Logged
Follow me on Twitter: http://twitter.com/mmischel
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 7358
Re: [OPEN] Compressed WinRar Files are not scanned
« Reply #9 on: Mar 14th, 2010, 12:04pm »		 Quote Quote  Modify Modify
Quote:
No, when I scan that rar file you sent I get "50 objects scanned".  
 
Can you replace the beta executable with this one just to make sure we're using the same version? http://www.misec.net/temp/TrojanHunter.exe  
 
Does the problem still occur with this scanner executable?

 
The downloaded TrojanHunter.exe above resolves the issue.  It scans the .RAR archive correctly now.
 
It also shows/demonstrates that the Scan>Scan Folder bug is also fixed.
 
Thanks much!  Cheesy
« Last Edit: Mar 14th, 2010, 12:11pm by siliconman01 » IP Logged
______
TrojanHunter V5.5.1002...No. 1 AT in my Book and on my Box(es)! Windows 7 x64 Professional on a Dell XPS 410, 8 gbyte RAM, dual WD VelociRaptors, dual 24" UltraSharp FPD monitors, Logitech 5.1 Surround Sound; Windows 7 x86 Professional on a Dell Vostro 220s, 4 gbyte RAM, dual WD VelociRaptors. Common: router, cable modem.
Magnus
Administrator
*****



Ad astra per aspera.

   
WWW  

Posts: 4523
Re: [OPEN] Compressed WinRar Files are not scanned
« Reply #10 on: Mar 14th, 2010, 1:00pm »		 Quote Quote  Modify Modify
Excellent, closing this one Smiley
IP Logged
Follow me on Twitter: http://twitter.com/mmischel
Pages: 1  Reply Reply  Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »