Qustion: How does Newsbin handle Viruses in rar's

Technical support and discussion of Newsbin Version 6 series.

Qustion: How does Newsbin handle Viruses in rar's

Postby jimerb » Fri Jul 30, 2021 5:28 pm

Sometimes when I'm downloading things, Windows defender throws a virus alert and quarantine's the download (which I'm fine with).

I'm not trying to download executiables but I guess there is one in the rar.

In the "Spam Filter Settings" i have "Fail EXE files and RAR files that contain EXE's" checked so I'm wondering why it presents itself to Windows Defender as something to block.

Why does it put the rar to disk?

Also, if windows defender doesn't detect the executable can I be sure it won't make it's way to disk?

Just wondering of the order of things to see what type of risk exposure i have.
User avatar
jimerb
Seasoned User
Seasoned User
 
Posts: 293
Joined: Mon Mar 28, 2005 4:07 pm

Registered Newsbin User since: 11/04/06

Re: Qustion: How does Newsbin handle Viruses in rar's

Postby Quade » Fri Jul 30, 2021 10:05 pm

It just doesn't download any executable unless you force it. Whether it catches it in the first chunk or not is a function of the file order in the rar set. If the exe is the first file in the first rar, it catches it immediately. If it's not it might not catch it. I don't consider download of EXE's to be particularly dangerous. It's running them that can infect you. Once the rar downloads completes download. I imagine defender takes a look.

I don't recommend downloading any programs from usenet but, I'm not trying to stop you if that's what you want.
User avatar
Quade
Eternal n00b
Eternal n00b
 
Posts: 44984
Joined: Sat May 19, 2001 12:41 am
Location: Virginia, US

Registered Newsbin User since: 10/24/97

Re: Qustion: How does Newsbin handle Viruses in rar's

Postby jimerb » Fri Jul 30, 2021 10:26 pm

Thanks Quade! That's very helpful.

I'm not trying to get exe's at all. They are just lurking in the rar sets.

Will it also do the same thing for other thing that can be executed such as a .bat file?
User avatar
jimerb
Seasoned User
Seasoned User
 
Posts: 293
Joined: Mon Mar 28, 2005 4:07 pm

Registered Newsbin User since: 11/04/06

Re: Qustion: How does Newsbin handle Viruses in rar's

Postby Quade » Sat Jul 31, 2021 8:30 am

bat files aren't executable to Newsbin. They're just text files. So Newsbin won't touch bats. The real danger is either an unknown zero day exploit that bypasses UAC or that you run programs with elevated privileges. Anytime you run something and see a UAC prompt, you need to be wary. It might be a good idea to always cancel UAC prompts as the default unless you know you need to bypass UAC. Assuming you're running regular windows security and cancel any UAC prompts when you accidentally run something, the thing you run shouldn't normally be able to write to "Program Files" to infect other files. Nothing is 100% though.
User avatar
Quade
Eternal n00b
Eternal n00b
 
Posts: 44984
Joined: Sat May 19, 2001 12:41 am
Location: Virginia, US

Registered Newsbin User since: 10/24/97

Re: Qustion: How does Newsbin handle Viruses in rar's

Postby jimerb » Sat Jul 31, 2021 3:44 pm

Understood. and i agree completely.

It's great understanding what's going on as these rar's hit the disks.

My big fear is that media files like mp3; .jpg or .mp4 could cause a buffer overflow and execute an exploit from within a popular media viewer.

I have not seen that but i fear it could exist.
User avatar
jimerb
Seasoned User
Seasoned User
 
Posts: 293
Joined: Mon Mar 28, 2005 4:07 pm

Registered Newsbin User since: 11/04/06

Re: Qustion: How does Newsbin handle Viruses in rar's

Postby Quade » Sat Jul 31, 2021 5:21 pm

I just keep current backups and am willing to wipe and re-install as needed. Ransome-ware would cost me a day at worst. I've been pretty lucky so far.
User avatar
Quade
Eternal n00b
Eternal n00b
 
Posts: 44984
Joined: Sat May 19, 2001 12:41 am
Location: Virginia, US

Registered Newsbin User since: 10/24/97


Return to V6 Technical Support

Who is online

Users browsing this forum: No registered users and 4 guests