Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: galloway_777 on November 14, 2006, 03:36:08 AM
-
Hi everyone. I'm a newb here so let me start by saying "hello."
I have Avast 4.7 and I have a couple questions about the Eicar test files. Awhile back I went to http://www.eicar.org/anti_virus_test_file.htm and tested avast against all four of the files on that site. It detected all of them, and I would click delete, and avast would close the download box. NOW, when I do it, it detects the first one, but will not close the download box after pressing delete. The second file opens some kinda script page, and the 3rd and 4th aren't detected! Anyone know why this could be?
I'm worried that perhaps avast isn't performing as well as it should be due to a glitch or something.
-
Been there, done that! No problem at all. Unless I'm wrong, you saved the file rather than running it. (This hopefully mimics real life.) Avast doesn't detect the second file because it is simple text, not anything executable. If you tried to run it it would alarm. The third and fourth files are zipped and double zipped respectively. Nothing (I believe) can run from a zipped file until it is unzipped. (The 4th one needs 2 unzippings.) Try it, and you'll see what happens.
If you go to the Eicar site again, and just click to run each of these in turn from the upper menu, Avast won't even let the page load-it will block it.
This was kindly explained to me by one of the more senior people here when I had a similar query. http://forum.avast.com/index.php?topic=24566.msg201358#msg201358
-
If the Eicar file is detected during download (i.e. the "Virus found!" window has the "Abort connection" button), then it's detected by the Web Shield provider. If you don't get this detection anymore, Web Shield is probably not scanning the traffic. This could be e.g. because
- you stopped/disabled it (check the status of this resident provider)
- your web browser configuration bypasses Web Shield somehow (what browser and operating system do you have? Do you use any proxy)?
- the Eicar test file is already in browser's cache, so it's not really downloaded from web anymore when you click the link (could happen if you previously downloaded these files with avast! disabled)
-
Been there, done that! No problem at all. Unless I'm wrong, you saved the file rather than running it. (This hopefully mimics real life.) Avast doesn't detect the second file because it is simple text, not anything executable. If you tried to run it it would alarm. The third and fourth files are zipped and double zipped respectively. Nothing (I believe) can run from a zipped file until it is unzipped. (The 4th one needs 2 unzippings.) Try it, and you'll see what happens.
If you go to the Eicar site again, and just click to run each of these in turn from the upper menu, Avast won't even let the page load-it will block it.
This was kindly explained to me by one of the more senior people here when I had a similar query. http://forum.avast.com/index.php?topic=24566.msg201358#msg201358
Well previously avast would detect the file before I was given the chance to save or run. That's when it would either say "abort connection" or "delete." Would click whichever one was available and it would shut out the download box.
And I did unzip the 3rd one by the way, and Avast didn't tell me anything. Even tried a custom folder scan where I saved the file. Nothing. Finally caught it when I right-clicked the file and chose scan with Avast. I have a feeling I may need to reinstall this thing...
-
If the Eicar file is detected during download (i.e. the "Virus found!" window has the "Abort connection" button), then it's detected by the Web Shield provider. If you don't get this detection anymore, Web Shield is probably not scanning the traffic. This could be e.g. because
- you stopped/disabled it (check the status of this resident provider)
- your web browser configuration bypasses Web Shield somehow (what browser and operating system do you have? Do you use any proxy)?
- the Eicar test file is already in browser's cache, so it's not really downloaded from web anymore when you click the link (could happen if you previously downloaded these files with avast! disabled)
1) WebShield provider is on. All scanners are set to "high."
2) This is occuring in both IE and FireFox. (Didn't used to be a problem in either one, and the change seemed to be simultaneous)
3) XP Media Center
4) Don't know what a Proxy is
5) I clean my cache daily with ZoneAlarm Pro. So I believe I can rule that out.
Thanks for the replies. Maybe this is normal, but it didn't use to do this. I'm positive that I recall a time when if I clicked any one of the four test files, Avast would alert me, and I would click abort connection BEFORE I could save or run. And Avast would abort the connection. Now, it only detects the first one and says delete (also before I save or run). Then it proceeds to let me carry out the download if I wanted to (download box doesn't disappear) ???
-
And I did unzip the 3rd one by the way, and Avast didn't tell me anything. Even tried a custom folder scan where I saved the file. Nothing. Finally caught it when I right-clicked the file and chose scan with Avast. I have a feeling I may need to reinstall this thing...
I guess you just didn't select the needed scan sensitivity (the "right click scan" uses maximum possible sensitivity with archive scanning enabled).
-
Now, it only detects the first one and says delete (also before I save or run). Then it proceeds to let me carry out the download if I wanted to (download box doesn't disappear) ???
Where does it detect it (i.e. what's the filename)?
If you open the On-access scanner console, select Web Shield and watch the "Last scanned" item during browsing - does it change?
-
Hmmm....doesn't say anything actually. That doesn't seem good. ::)
-
So, the number of scanned items is 0 for Web Shield?
-
Looks like this---
Last Scanned:
Last Detected:
Scanned Count: 0
Infected Count: 0
Task Name: Resident Protection
-
Might seem a bit obvious, but check all the providers you want running are actually running, not paused or off.
Sounds perhaps like a fresh install might be in order?
Any other significant events around the time you first noticed this problem? eg: new programs installed, sys restore, anything?
-
Well nothing is paused. I just went to my desktop comp, and it's exhibiting the same behavior across the board. It wouldn't have anything to do with the serial number would it? I believe I used the same serial number for both installs.
-
Does the link for the download begin with https: (secure, encrypted connection) that would/could be the reason for it not being scanned by the web shield as it doesn't monitor https: traffic.
You can use the same registration key for any number of installs so long is it is still in date, you would get an error when entering it if there were any problems.
Does this eicar test alarm when you click the link ?
http://www.eicar.org/download/eicar.com
-
Yes it does alert me, but that brings me back to my initial problem. Avast won't divert me away from the download. I can either move/rename it, repair, delete, or send to chest. After chosing one, Avast just leaves the download box there waiting for me to download a virus. I used to not do that!!! >:(
-
Would ZoneAlarm Pro have anything to do with these problems?
-
Yes, if you answered YES to the compatibility question that will disable the transparent proxy and you need to manually set up your browser to use the proxy. So the web shield is running but it isn't scanning as the transparent side of it is disabled. See the tutorial links below to manually set your browser/s to use the proxy.
http://www.avast.com/eng/webshield_issues.html
- ZONE ALARM - AVAST Web Shield compatibility dialogue - Install/Update Question - YES or NO
If you are using ZoneAlarm Free you should click NO, because privacy features are not present in ZoneAlarm Free this will not turn off web shield transparent mode proxy.
Use a text editor and edit the avast4.ini file, the default installation location is C:\Program Files\Alwil Software\Avast4\DATA\avast4.ini (I would advise you copy avast4.ini before editing it, just in case).
If you answered incorrectly, Locate the line containing ZoneAlarmCompatibility= and delete that line (avast will ask again, answer NO) or change the value to =0. Save the edited avast4.ini file.
If you are using ZoneAlarm Pro and Privacy Control in ZoneAlarm is set to High and if you click YES in avast compatibility dialogue box the transparent mode proxy in web shield will be turned off you have to manually configure browser to access internet. To manually configure your browser watch instructional video
For IE - broadband users: - Tutorial - Web Shield Proxy Set-up for IE (http://www.avast.com/files/tutorials/ws_ieproxy.htm)
For IE - dialup users - Tutorial - Web Shield Proxy Set-up for IE (Dial-up) (http://www.avast.com/files/tutorials/ws_ieproxy_dialup.htm)
For Firefox users - Tutorial - Web Shield Proxy Set-up for Firefox (http://www.avast.com/files/tutorials/ws_ffproxy.htm)
-
WOW ;D !!!!!!!! Thanks so much everyone that replied. I did the whole proxy bit on IE and FireFox, and I now have the ability to abort connection again. Also, avast detects the zipped eicars, and my webshield works again. Thanks so much to everyone I feel so much better now 8)
-
Well it took a little time to pin it down, but glad that the problem is resolved. You might consider putting some system information in your signature (Profile button), OS, RAM, CPU, Antivirus version, firewall, email, main anti-spyware programs, see my signature.
-
Yeah man, like I said - Thanks alot - to everyone who helped out. I feel 1000 times better now. I just don't like it when things don't work, ya know?
Btw I updated my sig like ya told me to.
-
Saves us asking questions about your system (and you answering them lots of times ;D) if you have a question, assuming we remember to look.