Not what you are looking for? Ask the experts!
NIS 2009 needs to be a little less agressive with compressed file - it can corrupt compressed files
I noticed this in NIS 2008, but it's still doing it in NIS 2009. I thought maybe the having the "Remove infected Files Automatically" under "Compressed Files Scan" turned off would help, but it doesn't do anything.
Basically the problem is when NIS 2009 thinks it finds a virus inside a compressed file. It blows away the virus which can corrupt the compressed file making the rest of the files in that compressed files unreadable.
I have a zip file of email messages downloaded from Yahoo (in .eml format). Inside one of those eml files is a base64 encoded zip file. Inside that zip file is a program that can decrypt passwords in Firefox, call Firepassword. Even though this program works the same way Firefox does to decrypt passwords and can only decrypt passwords if the master password is specified NIS flags that program as Hacktool.PassReminder which is deemed a critical exploit. This is wrong since the Hacktool.PassReminder category is supposed to be for programs that recover the windows or system password, but that's not really the point of this post.
So in case you lost track we have a program, within a zip file, within a b64 encoded file, within a zip file. NIS 2009 removes the program from the inner most zip file. Now trying to open the main zip file results in an error message that the zip file is corrupt. So NIS corrupted a very large zip file to remove a program that wasn't doing any harm. Basically it's the equivalent to corrupting your hard drive because a zip file in one of the folders might have something bad in it.
Fortunately I had a backup of the file and I then excluded firepassword.exe from scans, but if I forget to do so again if I reinstall and lose the backup file, NIS will go ahead and corrupt the archive file again.
BTW it also corrupted an email file with the same b64 encoded zip file that was stored elsewhere on the drive.