For the sake of better performance and stability we've focused on processing several file types and algorithms which could cause potential slowdowns and false positives.
First of all, the new engine caters to the old good PDF.
The revised PDF support now handles linearized and updated PDF files as well as crafted ones. Adobe Reader often opens and repairs broken files successfully (either fully or partially), an aid to this - solid method of PDF-object identification and location helps to deal with broken files, too.
Most PDF objects and their belongings are generally harmless, thus they are not parsed by the engine. However, embedded Java-scripts may pose a real threat, so only the objects that contain those are decompressed and scanned for the presence of malware.
Besides, engine 5.1 smartly deals with SWF format that delivers vector graphics, text, video, and sound over the Internet and is supported by Adobe® Flash® Player.
The engine handles both compressed (CWF) and uncompressed (SWF) Flash files. A valid zlib-compressed CWF is extracted first into a valid uncompressed one. The uncompressed length stored in the file header is ignored for security reasons.
Last but not least, among the changes in Outpost antivirus core come AutoIt handling tweaks. AutoIt is a freeware BASIC-like scripting language designed for automation of Windows GUI and general scripting. The AutoIt format is very similar to self-extractors, it contains a PE executable stub and an overlay part, which encapsulates one or more resources including the powerful AutoIt script itself which can be executed automatically without user interaction. Due to the engine improvement AutoIT scripts are now normalized to help generic detections.
Minor improvements include:
- BZIP extra header is handled correctly
- MS CAB uses calculated compressed size instead of a stored one
- Unsupported ZIP compression methods are now accepted
- More tolerant ZIP detection is developed to recognize crafted ZIP files with hidden content
- Auto-scanned archive layers are processed during quarantine file scan
- Cleaning of locked files on Windows has been partially fixed
- Office Open XML format (Office12) fixes:
- The internal object limit has been increased to avoid errors on valid PPT files.
In the bottom line, the new engine makes another firm step towards the golden balance of rock-solid security and impeccable performance. Antimalware 5.1 addresses problematic file formats and algorithms used in everyday computer life to eliminate possible issues and turn malware checks into a truly seamless process.
Pavel Goryakin
Agnitum
2 comments:
First of all i want to says that you people are working really hard to make a outpost 7 a flawless product.
One Suggestion i have to add "is to remove virus from boot memory".
here is the sanario which help to understand the problem.
if a person who pc is already infected with viruses.how u can remove if it is already in boot memory the only way to remove it is to scanned that partition in other o.s like linux and dos etc if u people make a possible a scanning in dos mode when virus is detected in boot memory it will help to remove virus completely from system and the reliability of your product increases even with new user.
Is Antivirus engine 5.1 a new scanner available. Seems to work very good.
Post a Comment