Ask the Expert

Detecting viruses in encrypted files

Can antivirus software detect an encrypted file that is infected by a virus?


    Requires Free Membership to View

The answer is yes and no.

Many AV scanners can see inside files that have some simple encryption, such as some versions of Word DOC files that store the macros in an unencrypted state. Some can even see through some other forms of simple encryption.

However, it is safer to assume that all encrypted files will not be scanned properly for viruses. The vast majority of encryption processes are not covered by AV scanners (and that is, in a way, a reassuring fact for those who use encryption).

To properly scan any file, the scanner must have access to the contents in as pure a state as possible. That is just one justification for running a real-time scanner set on detection upon write/create. When a file is decrypted, a temporary or permanent copy is created on the local hard disk, and the real-time scanner would then scan it.


For more information on this topic, visit these other SearchSecurity resources:
News & Analysis: Scanning encrypted e-mail a tricky proposition
Best Web Links: Encryption


This was first published in June 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: