White Paper: Best Practices for Detecting Threats in Compressed Files

Detecting threats in compressed files, such as .ZIP or .RAR, can be difficult due to their large file size and ability to mask hidden threats such as archive bombs (malicious files designed to crash anti-malware programs). Archives can be scanned for threats using either unextracted scanning (scans entire archive as a whole) or extracted scanning (scans each file within an archive individually).

Due to the various compression algorithms employed to reduce file size, like De ate or LZMA, archived files can present an additional challenge for threat detection so special care must be taken to ensure that a given file is not malicious. This white paper provides a comparative analysis of malware detection rates of archive file containers versus their extracted contents.