Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: faffy on March 06, 2004, 01:14:16 PM
-
I tried to enable zip scanning in the Tasks -> Resident Protection -> Standard Shield -> Packers. I ticked ZIP in and downloaded the EICAR.ZIP file. No response from avast. I opened the zip file -> nothing. I unzipped the eicar.com to my desktop -> nada. avast only reacted to the test virus when I wanted to execute the com file. Is it supposed to behave like this? Then what's the point of the on-access scanner options?
Faffy
-
You need to set Standard Shield to High Sensitivity.
-
You are partially right,. If I set the Shield to High Sensitivity, avast did not let me download the com file. However, it allowed me to download the zip file even if I set the Standard Shield to High and added the zip extension to be scanned or changed the resident TASK to scan packers.
Faffy
-
I think you need to add some lines about scanning archives as well (it's not active as default in Home edition). There was a thread on this here just a few days ago.
-
I tried to enable zip scanning in the Tasks -> Resident Protection -> Standard Shield -> Packers. I ticked ZIP in and downloaded the EICAR.ZIP file. No response from avast. I opened the zip file -> nothing. I unzipped the eicar.com to my desktop -> nada. avast only reacted to the test virus when I wanted to execute the com file. Is it supposed to behave like this? Then what's the point of the on-access scanner options?
Faffy
I think it should have thrown up an alert when you scanned the zip file. Did you also try right clicking on the zip file name in windows explorer and select scan file (just to scan that one file)?
-
I think you need to add some lines about scanning archives as well (it's not active as default in Home edition). There was a thread on this here just a few days ago.
I read the thread you mentioned, that's the reason I started experimenting with the Standard Shield.
-
I tried to enable zip scanning in the Tasks -> Resident Protection -> Standard Shield -> Packers. I ticked ZIP in and downloaded the EICAR.ZIP file. No response from avast. I opened the zip file -> nothing. I unzipped the eicar.com to my desktop -> nada. avast only reacted to the test virus when I wanted to execute the com file. Is it supposed to behave like this? Then what's the point of the on-access scanner options?
Faffy
I think it should have thrown up an alert when you scanned the zip file. Did you also try right clicking on the zip file name in windows explorer and select scan file (just to scan that one file)?
Well it did not warn me at all opening a virus containing zip file.
Obviously, if I scan the file with the scanner it says that I have a virus otherwise the software would not be worth much, would it?
-
Hello,
The following is my old evaluation data of avast! 4.1 carried out last year.
The original is in Japanese and it was already put on my web page last year.
"Memo of a Little Experiment", Nov. 28, 2003 ~Dec. 05, 2003 (http://iso-g.hp.infoseek.co.jp/storage/en/avast_eval01en.html")
I don't know the exactly behavior of the today's latest avast!, but this data may be consulted for you.
Thanks,
Iso-G
-
Sorry,
I missed typing.
URL is http://iso-g.hp.infoseek.co.jp/storage/en/avast_eval01en.html
-
I'm confused. You want Avast to know there is an infected embedded file within a zip file while it unzipps the zip file and before Avast scans the zip file? I think Avast has the ability to scan within a zip file but I'm not sure it will prevent you from unzipping a zip file with an infected file. I could be wrong. I have been before and probably will in the future. I normally scan individual zip files before opening them.
-
avast! extracts files into TEMP folder (these files are in encrypted form as in chest (quarantine)) and than scannes them. Anyways any virus is harmless even if its on your desktop. You just need to avoid running it (executable).
-
I am sorry I always find the argument that a virus is harmless until it is executed very weak and defensive. I have a virus protection on my machine not to have viruses on it, whether they are executed or not. If I download a zip file from the net, I want my antivirus program to check it by default. I think it is not too much to ask, is it?
Faffy
-
I'm not disagreeing with you just saying I don't believe Avast will scan the inside of a zip file unless you ask it to. I could be wrong and it might be a bug you discovered.
-
I'm not disagreeing with you just saying I don't believe Avast will scan the inside of a zip file unless you ask it to. I could be wrong and it might be a bug you discovered.
The problem is that I asked it to scan inside zip files and yet it did not do that.
(Just a note: Bitdefender blocked the saving of all 4 eicar files by default.)
Faffy
Here is the link to the eicar files:http://www.eicar.org/anti_virus_test_file.htm (http://www.eicar.org/anti_virus_test_file.htm)
-
I downloaded both eicar zip files. I was able to save them to a folder and unzip them without detection. However, Avast detected the infected files when I scanned the "*.zip" files manually. My Standard Shield is set to normal.
-
Faffy:
I suppose the behavior is like this: you cannot prevent avast! from downloading an infected zip file because it cannot know if it is infected or not before you 'have' the file.
After that, if you are using a download manager you can set: c:\ path \ashquick.exe (without parameters) to scan the file. If you are not using it, avast! will only detect the infection when you extract the files from it.
You can set the Standard Shild to Custom and choose the option to scan every open file in your system. You can add especial extensions to the standard list.
Believe us, you will be safe if the resident protection is turned on.
You can run the on-demand scanner frequently too.
Hope this help.
-
Technical
I was able to recreate what Faffy is talking about. I was able to extract the infected files without detection.
-
What are your settings right now when the problem occurs?
-
My Standard Shield is set on "Normal" setting.
Go to Faffy's link he posted and try downloading the eicar.zip files and see what results you get.
-
My Standard Shield is set on "Normal" setting.
Go to Faffy's link he posted and try downloading the eicar.zip files and see what results you get.
The normal sensitivity could react like you are seeing.
Please, use the HIGH. Alwil team will change the normal to high and the high to 'higher' in the new versions by default.
You can add to your Standard Shield settings:
On open: WS?,VBS,VBE,JS,JSE,HTA,WSF,WSH,SHS,SHB,HTM*
Created and modified files: ACE,ARC,ARJ,BZIP2,CAB,COM,GZIP,PST,RAR,TAR,ZIP,ZOO,ECE
-
This line...
Created and modified files: ACE,ARC,ARJ,BZIP2,CAB,COM,GZIP,PST,RAR,TAR,ZIP,ZOO,ECE
...is useless in Home Edition unless you changed archive scanning parameters in avast! system file.
-
oops, you're right.
Can you post that changes, please?
-
Okay, setting the shield to "high" now detects infected files within a zip file when trying to extract the files.
-
Okay, setting the shield to "high" now detects infected files within a zip file when trying to extract the files.
Good! Thanks God!
But, do you use a Download Manager? If so, you can configure it to start ashquick.exe (without parameters) just after the download is finished...
Still waiting for Rejzor's post ;D
-
I just use the browser's download manager.
-
Now, finally when I download a compressed "bug" it gets detected right away. Here are the steps I took.
1. Change Standard Shield to "High Sensitivity".
2. Add the ZIP extension in the "Additional Extensions:" in the Standard Shield.
3. Open up the TASKS in Enhanced mode. Edit the Resident Protection! Click on the "Advanced Configuration" at the bottom left. Search for the Standard Shield -> Packers. Check the ZIP packers.
And now avast should scream when you try to download either the eicar.zip or eicarcom2.zip files.
Faffy
PS: As I remember, I did the same thing on my home computer yesterday, and it did not work. I have to check that after work.