Solved

When scanning a network drive does antivirus load the whole file locally to scan it?

Posted on 2009-04-07
4
589 Views
Last Modified: 2013-12-09
Im trying to understand something, not fix anything. This question seems so noob Im almost afraid to ask it but hear I go. If I map a network drive and open a 1MB word document , 1MB worth of data needs to travel from the mapped location to my PC for me to view it  correct?  If so what if I scan the same 1MB file with Antivirus from my PC? Is 1MB travelling from the mapped location to my location or does Antivirus only check certain aspects of a file not requiring a full transfer?
0
Comment
Question by:ksachs
  • 3
4 Comments
 
LVL 5

Accepted Solution

by:
Mechanic_Kharkov earned 500 total points
ID: 24093226
It all depends on method that your AV uses to scan file. Using Netbios software can read file data partially from network. There is no need to AV to get all file locally to start to process it unlike the Word that need the whole file to be loaded to temporary location to open it. Word depend on format of file that is container with complex structure that cannot be used partially.
So, Your question cannot have unambiguous answer. All is in AV hands. It can decide to load entire file if it is container (e.g. archive file), or just check it's header to understand that file is not infectable.
0
 
LVL 5

Assisted Solution

by:Mechanic_Kharkov
Mechanic_Kharkov earned 500 total points
ID: 24093256
In addition some AV (like Kaspersky's) use NTFS streams to store extra info about scanned files, and use this info to speed up next scans. Upon this info AV can accept file scanned even don't trying to open it. But as far as I know, this feature is available locally only because there is no way to access NTFS streams remotely via netbios.
0
 
LVL 5

Assisted Solution

by:Mechanic_Kharkov
Mechanic_Kharkov earned 500 total points
ID: 24093287
If this question is really annoying for You and You are ready to experiment then I would recommend to use nice monitor of file access (and network too) activity to solve the question with empiric experience. :-)
It shows in which way files are opened, at which offset and which amount of data is read. And it has filter with desired process, so You will be able to monitor the AV's file accesses only.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now