On 21 Mar 2008 at 18:22, Marc Maiffret wrote: > This is actually an ok option to take and the only thing you are not going > to catch is malicious code within things like .zip files. However, once the > zip file is extracted and the .exe is then attempted to run you will catch > it anyways. I never really did understand why AV systems by default scanned > every file rather than just executing files. I mean it is great to know if a > virus file is on your file system (not to be confused with infected) but it > is a huge performance impact without any added security, really.
Unfortunately Windows has "smarts" and while you can't infect an RTF file, you can infect a DOC file and rename it to RTF. If your AV doesn't scan RTFs, it'll open without being scanned. Windows looks at the internal structure of the file when you double-click it, and it opens it as a DOC file. > The only thing you want to be careful about though is making sure that your > AV system is still scanning for malicious contented embedded in things like > Word documents. You would not want to set your scan policy to only include > .exe types files and then miss Word, Excel, macros and related. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +-----------------------------------+ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
