By Reason Cybersecurity
on Mon Jan 13 2020
Before answering the question, ‘can antivirus scan zip files?’, we should first take a brief look at what .zip files actually are. Simply put, zip files are files that have been compressed to reduce storage space. Zip files are identified by their .zip file extension and are easily created on your desktop. Once a .zip file has been created, accessing the files within, requires first ‘unpacking’ or extracting them. Zip files have other uses as well such as file encryption and for creating different kinds of archives. Then there’s the more harmful use favored by cyber criminals who use .zip files to send malicious files.
Fortunately, antivirus software can and do scan .zip files, but how the scan is performed depends on the antivirus software. Some antivirus software, for example, can scan and detect viruses that are inside the archived file. They do this by temporarily decompressing the archived files and scanning the contents. Others scan the files for viruses once they’ve been extracted, which is also a perfectly safe method of scanning since the AV will still clean, quarantine or delete (depending upon the method chosen) any infected files before they can infect your system or other files. An antivirus software’s ability to scan archived files also depends on the format of the archived files. Sometimes, the AV software can only detect a virus in a .zip file, but it can’t take any further steps to remove or delete it. When this happens, you will usually have to run the antivirus directly on the infected file after you’ve extracted it.
Zip bombs work differently than other viruses that are delivered by .zip files, in that they are crafted in such a way that an enormous amount of time, space, and system memory is required to unpack them. Unpacking them thus makes it harder for other programs, like antivirus software, which are the main targets of these zip bombs, to operate. One very well known example of a zip bomb is called ‘42.zip’. The file itself is only a few kilobytes, but when it’s decompressed it takes up an astonishing 4.5 petabytes worth of disk space!
It’s easy to understand, therefore how zip bombs can crash a computer system. Essentially, zip bombs are designed to exhaust your system’s resources so that it crashes and your antivirus software is disabled, which then creates an opening for other types of malware. Fortunately, AV software can detect zip bombs too. It does this by looking for overlapping files and by knowing not to unpack layer after layer of recursive data, a sure sign of a zip bomb.