Q

Detecting viruses in encrypted files

Can antivirus software detect an encrypted file that is infected by a virus?

The answer is yes and no.

Many AV scanners can see inside files that have some simple encryption, such as some versions of Word DOC files that store the macros in an unencrypted state. Some can even see through some other forms of simple encryption.

However, it is safer to assume that all encrypted files will not be scanned properly for viruses. The vast majority of encryption processes are not covered by AV scanners (and that is, in a way, a reassuring fact for those who use encryption).

To properly scan any file, the scanner must have access to the contents in as pure a state as possible. That is just one justification for running a real-time scanner set on detection upon write/create. When a file is decrypted, a temporary or permanent copy is created on the local hard disk, and the real-time scanner would then scan it.

More on this topic

News & Analysis: Scanning encrypted e-mail a tricky proposition
Best Web Links: Encryption

 


 

This was first published in June 2002

Dig deeper on Client security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close