Problem solve Get help with specific problems with your technologies, process and projects.

Detecting viruses in encrypted files

Can antivirus software detect an encrypted file that is infected by a virus?

The answer is yes and no.

Many AV scanners can see inside files that have some simple encryption, such as some versions of Word DOC files that store the macros in an unencrypted state. Some can even see through some other forms of simple encryption.

However, it is safer to assume that all encrypted files will not be scanned properly for viruses. The vast majority of encryption processes are not covered by AV scanners (and that is, in a way, a reassuring fact for those who use encryption).

To properly scan any file, the scanner must have access to the contents in as pure a state as possible. That is just one justification for running a real-time scanner set on detection upon write/create. When a file is decrypted, a temporary or permanent copy is created on the local hard disk, and the real-time scanner would then scan it.

More on this topic

News & Analysis: Scanning encrypted e-mail a tricky proposition
Best Web Links: Encryption



This was last published in June 2002

Dig Deeper on Endpoint protection and client security