RCFalcon
asked on
Symantec scanning compressed files
We use Symantec corporate edition version 8.x for Antivirus. When it scans a message appears on certain files in the event viewer on files such as compressed files or exe. The message reads
Could not scan file "which has the path and name of file" due to extraction errors encountered by the decomposer engines. Thanks for any assistance. Mark
Could not scan file "which has the path and name of file" due to extraction errors encountered by the decomposer engines. Thanks for any assistance. Mark
ASKER
The files are not corrupted or password protected.
You probably have a self extracting zip. They should be DL'd to temp, extracted, and deleted. Once extracted, (before executed/installed) then they can be more properly scanned. Good clues can come from filenames, storage locations, and size of file(s). You might try program(s) such as pkUnzip (DOS) or WinZip to better see what the contents may be once they are identified.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will check on your suggestions, thank you.
ASKER
The files are not corrupted, password protected, LZH extensions, or in use by another user. How do you check within the scan engine how many levels deep it's set to scan? Thanks
This was a problem with v7...
Symptom: The following error message would appear when scanning compressed files that did not appear to be corrupt:
Warning: Could not scan 1 files inside X:\ . . .\ . . .\[filename].XXX due to extraction errors encountered by the Decomposer Engines
Solution: This error showed a false alarm. The error no longer occurs under the aforementioned conditions.
and a live-update solved it - are yu all caught up with updates?
Symptom: The following error message would appear when scanning compressed files that did not appear to be corrupt:
Warning: Could not scan 1 files inside X:\ . . .\ . . .\[filename].XXX due to extraction errors encountered by the Decomposer Engines
Solution: This error showed a false alarm. The error no longer occurs under the aforementioned conditions.
and a live-update solved it - are yu all caught up with updates?
Did you catch up with updates?
Falcon?
ASKER
Yes, Symantec corporate edition is configured to automatically update and it does have the current antivirus files. Thanks
Did you examine the compressed files in these messages for password-protection?
Are the appropriate decompressors installed (rar, etc.)
Are the appropriate decompressors installed (rar, etc.)
ASKER
The files are not password protected. Where would I look for the appropriate decompressors installed? Thanks
Can you view the archives on that machine?
ASKER
What actually do you mean archives on that machine?
from the console of the mail server can you decompress the archives (zip, rar, etc.) files that the AV software is choking on?
ASKER
Most of the files are zipped files and they are part of different software programs such as Microsoft office, etc.
are these CAB files?
I am getting the same errors in my event viewer. (About 810 times yesterday) I looked at several and they were all "zip" files. If I right click and select scan, Norton scans the file, and says there were no viruses found. No error message.
ASKER
But do you know how to prevent it from getting the error messages?
I don't know how to prevent the error message. I just thought it was weird that it gives the error messages when performing a system scan, but no error message when scanning an individual file.
I though there was an option in the Event Viewer, where you could select events to be logged or not logged, but I can't find it on my XP machine. There are several other file types that are generating the error also. .dat .sys .log I think this is something that Symantec needs to work on... Why not just have NAV generate a log file of the files it cannot open instead of filing the event viewer with error messages. It would be much easier to look at a list of the files it can't scan as opposed to looking at individual errors for each file.
I though there was an option in the Event Viewer, where you could select events to be logged or not logged, but I can't find it on my XP machine. There are several other file types that are generating the error also. .dat .sys .log I think this is something that Symantec needs to work on... Why not just have NAV generate a log file of the files it cannot open instead of filing the event viewer with error messages. It would be much easier to look at a list of the files it can't scan as opposed to looking at individual errors for each file.
Sounds as it a component of NAV is missing/damaged/corrupted.
I'd - reinstall and update NAV
I'd - reinstall and update NAV
As far as I'm concerned, Symantec Corporate Edition has always been, at the least "damaged/corrupted". I can live with this event problem. In fact this is the best it's ever worked! I had a failed installation on a NAV server, after three calls and about three hours on the phone with Symantec, I was emailed a set of instructions on how to manually uninstall NAV. Nineteen printed pages of registry edits. Needless to say, I was not happy, and it did not work! I still could not get NAV to re-install successfully. Version 8 was the first to actually complete the installation process.
ASKER
I have changed the time for our servers to be scanned. The full scan of the servers was set at a time when our backups in backup exec was still running. I'm going to monitor and see if this resolves the error messages.
My workstations scan around 2:00am and do not have any scheduled task that run during that time. I just looked at another workstation and the first errors were from trying to scan the recyle bin?
It is possible they are password protected or that the mime type related to the file is wrong.
And how can it distinguish exe files from zipped exe files?