Archive Extraction

Improve Detection and Prevent Archive Bombs

MetaDefender supports over 30 archive file types and supports both unextracted scanning (which scans the entire archive as a whole) and extracted scanning (which scans each file within an archive individually), detecting more threats and preventing archive bombs.

Fast & Flexible Archive Scanning

Detecting threats in compressed files, such as .ZIP or .RAR, can be difficult due to their large file size and ability to mask hidden threats such as archive bombs (malicious files designed to crash anti-malware programs). MetaDefender offers fast processing of archives by allowing administrators to perform archive handling once for each file type, instead of requiring each individual anti-malware engine to use its own archive handling methods. Additionally, administrators can customize the way archive scanning is performed to avoid threats like zip bombs. 

Key Benefits

  • Improve detection capabilities of anti-malware engines by using both extracted and unextracted scanning
  • Decrease scanning time and improve processing time by removing redundant scanning of archives
  • Prevent archive bombs by extracting files and scanning them individually

Catch Threats Hidden Within Archives

Scanning an archive as a whole may be faster, but extracting files and scanning them individually often reveals hidden threats that would have otherwise been missed. 

To see examples of threats missed by unextracted scanning, view the table below where the original scan was marked as clean but the extracted scan revealed threats within the archive.

Original Scan ResultsExtracted Scan Results

Original Scan Results Extracted Scan Results

Customized Archive Handling Options

MetaDefender allows you to specify the depth of archive scans, the maximum number of files extracted, the size of extracted files, and the maximum recursion level. This gives administrators control over how archives are scanned to avoid risks associated with scanning larger files and performing deeper file extraction. 

Support for over 30 Compressed Files Types

MetaDefender currently supports archive scanning for more than 30 types of compressed files (with more to come). In addition to the file types below, MetaDefender supports extraction of AKs, JARs, and other types of extensions. 

Supported File Types

7z, XZ, BZIP2, GZIP, TAR

ZIP, WIM, ARJ, CAB, CHM

CPIO, CramFS, DEB, DMG, FAT

HFS, ISO, LZH, LZMA, MBR

MSI, NSIS, NTFS, RAR, RPM

SquashFS, UDF, VHD, WIM, XAR, Z

To learn more about extracted and unextracted file scanning, please download our white paper Best Practices for Detecting Threats in Compressed Files.

Try MetaDefender

Start Free Trial