D E F I N I N G S E T T I N G S
The unpacking engine unpacks files that have been packed by various ver-
sions of the most popular utilities: DIET, PKLITE, LZEXE, EXEPACK etc.,
to temporary files so the anti-virus scanner can check them. When the
check is completed the temporary files are deleted.
The unpacking engine generates temporary files in the directory de-
fined by the
TempPath
parameter in the
[TempFiles]
(see subchapter 5.4.2).
If a virus known to
Kaspersky Anti-Virus for xBSD Mail Server
was
detected in some packed file, it can be deleted (if your Scanner was preset
to disinfect files — see subchapter 5.3.3). In this case the infected file will
be replaced by the unpacked and disinfected one. If the unpacking engine
is disabled, packed executable modules will be scanned as unpacked and
your Scanner will only be able to detect viruses that infected the files when
they were already packed.
The unpacking device is able to correctly unpack files that have been com-
pressed multiple times. It can also deal with some versions of immunizers,
programs protecting executable files from viruses by attaching checking
code blocks (like CPAV and F-XLOCK) and enciphering programs (like
CryptCOM) to them.
If the unpacking and extracting (see subchapter 5.3.2.5) engines are en-
abled,
Kaspersky Anti-Virus for xBSD Mail Server
is able to detect an
infected file even though it was enciphered by the CryptCOM utility, then
packed by PKLITE and, finally, added to the PKZIP archive.
5.3.2.5. Archives
You can enable your Scanner to check for viruses in archived files (includ-
ing self-extracting archives) that are extracted by the special engine.
The extracting engine
is designed to check for viruses in files archived with
various versions of the following archivers: ZIP, ARJ, LHA, RAR, CAB etc.
Ability to check for viruses in archives is very important as an in-
fected file can stay in your archive for months or years, and the virus
46
