Anti-virus Exluded Extension List?

[Veazer]

I was watching the realtime scanner for nod32 and noticed it was scanning lots of files that are not "infectable". Seemed like a major waste of time and system resources, so I started entering some extensions to NOT scan in NOD32 when it occurred to me that surely someone else has taken the time to do this, but i can't find any lists out there. Anyone know of any?

Or is this not needed because AV programs already ignore filetypes that are not virus prone? I noticed it said it was scanning an AVI file, but there's no way that it actually did because the file was 700MB and the scan completed almost instantly.

My list (far from complete) is starting with:

VOB, PSD, TIF, TIFF, ICO, JPG, JPEG, LOG, INI, TXT, !UT, TTF, MP3, SQLITE, CACHE, DB, RDF, DBX, TMP, BMP, PNG, AIF, AIFF, WAV, AVI

There's obviously many more that should be on the list. Technically, files like 'tmp' and others could contain a virus but as soon as they're renamed with an executable extension the scanner should find them.

[MarkBKK]

I was watching the realtime scanner for nod32 and noticed it was scanning lots of files that are not "infectable". Seemed like a major waste of time and system resources, so I started entering some extensions to NOT scan in NOD32 when it occurred to me that surely someone else has taken the time to do this, but i can't find any lists out there. Anyone know of any?

Or is this not needed because AV programs already ignore filetypes that are not virus prone? I noticed it said it was scanning an AVI file, but there's no way that it actually did because the file was 700MB and the scan completed almost instantly.

My list (far from complete) is starting with:

VOB, PSD, TIF, TIFF, ICO, JPG, JPEG, LOG, INI, TXT, !UT, TTF, MP3, SQLITE, CACHE, DB, RDF, DBX, TMP, BMP, PNG, AIF, AIFF, WAV, AVI

There's obviously many more that should be on the list. Technically, files like 'tmp' and others could contain a virus but as soon as they're renamed with an executable extension the scanner should find them.

I believe several of those file types can contain a variety of malware. The old JPEG Trojan downloader comes to mind. There are also ways to disguise executables (using a variety of extensions like those listed above) and run them.

[Veazer]

I believe several of those file types can contain a variety of malware. The old JPEG Trojan downloader comes to mind. There are also ways to disguise executables (using a variety of extensions like those listed above) and run them.

You're correct, there is a GDI+ exploit related to JPEGs. Windows has patched it but it would still be a good idea to remove them from the exclusion list. After all, the point of scanning files is to stop the spread of viruses and not merely protect yourself.

If you know of any others on my list, please post. I tried to google each carefully before adding them.

There's certainly ways to disguise executables, ie 'Hot Girl.jpg.exe', on machines with known extensions disabled but the AV scanners are still going to see the actual extension.

[MarkBKK]

I believe several of those file types can contain a variety of malware. The old JPEG Trojan downloader comes to mind. There are also ways to disguise executables (using a variety of extensions like those listed above) and run them.

You're correct, there is a GDI+ exploit related to JPEGs. Windows has patched it but it would still be a good idea to remove them from the exclusion list. After all, the point of scanning files is to stop the spread of viruses and not merely protect yourself.

If you know of any others on my list, please post. I tried to google each carefully before adding them.

There's certainly ways to disguise executables, ie 'Hot Girl.jpg.exe', on machines with known extensions disabled but the AV scanners are still going to see the actual extension.

I believe you can rename an executable to anything you like and run it from the Registry.

Of course, YMMV.