102
Kaspersky Anti-Virus for Novell NetWare
When scanning the code for the presence of possible viruses, heuristic analyzer
checks multiple paths of the program's algorithm including several sub-layers.
This procedure detects about 92% of viruses (including many encrypted ones)
from the range of viruses known to Kaspersky Lab. Therefore we expect that
new and unknown viruses will be detected with similar probability.
B.2.1.2. Extracting Engine
The Extracting Engine
is used for searching viruses in archived files (ZIP, ARJ,
LHA and RAR). If the extracting engine is disabled, archives will be scanned as
usual files. This means that only viruses that have infected the archive itself will
be detected, but not the files stored in it.
The current version of Extracting Engine is capable of unpacking all the existing
versions of ARJ, ZIP, LHA and RAR archives.
Detecting viruses in archives is of the utmost importance, since a virus
can be stored in an archive as long as several months or even years
bringing no harm, but can then spread very quickly causing a lot of
trouble. The most dangerous in this sense are archives stored in BBS
(Bulletin Board Systems).
Using its Extracting Engine, Kaspersky Anti-Virus detects viruses in archived files
and informs the user.
Extracting Engine does not unpack password-protected archives.
Kaspersky
Anti-Virus
does not disinfect archived files; it only detects
viruses in them. To disinfect such files you should extract the files from
the archive, disinfect them, delete the old archive and repack the clean
files.
Extracting Engine unpacks the archived files to the temporary file storage and
passes them to the main module for scanning. After scanning, the temporary files
are deleted.
Temporary files are stored in a special working directory. You can
manually specify the path to this directory (see section A.2 on page 75).
B.2.1.3. Executable Module Extracting Engine
The
Executable module extracting engine
is used for searching and removing
viruses from packed executable files.