Method and apparatus for detecting malicious content in protected archives

摘要

In one embodiment, a protected archive is checked for malicious content by checking a file size of the archive and/or examining the archive for notable characteristics indicative of malicious content. The notable characteristics may include values in a header of the archive. For example, the file name extension of a file contained in the archive and the compression method used to create the archive may be taken into account in determining whether the archive has malicious content, such as a worm or a virus. Embodiments of the present invention allow for detection of malicious content in the protected archive without necessarily having to extract files from the archive.