Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Vlk on May 15, 2008, 09:15:48 AM

Title: aswAr.log
Post by: Vlk on May 15, 2008, 09:15:48 AM

Just to let you know that with the latest VPS (080515-0), the antirootkit log file should now also contain the footer (with ending time etc).

Cheers
Vlk

Title: Re: aswAr.log
Post by: alanrf on May 15, 2008, 09:49:27 AM

Ask and ye shall receive

Not quite like winning the lottery ... but very nice.

Thanks to you Vlk.

Title: Re: aswAr.log
Post by: DavidR on May 15, 2008, 03:50:33 PM

Great, all I have to do is get it to work, today I was waiting in ambush for the rootkit scan to start so I could pin down when it actually starts, e.g. what delay after the desktop. after a period of time I checked the aswAr.log and it still had the details from yesterdays scan.

So I don't know what happened why the log wasn't updated as a0 my VPS would have been 080514-0 but that would just means it wouldn't have had the footer information, but it should have been updated.

So two <off-topic ish> questions.
1. What is the delay before the rootkit scan on 4.8.1195 as this has cropped up in a couple of topics and we the users don't know for sure but it seems like 5 minutes as best as I can determine ?

2. How can we determine if the rootkit scan has taken place ?
e.g. if the log hasn't been updated it could be a failure of the logging or the rootkit scan didn't run.
</off-topic>

Title: Re: aswAr.log
Post by: alanrf on May 15, 2008, 09:24:21 PM

As near as I can tell the scan on my system startup of the day ran 8 minutes after system start (and ran for 3 seconds).

Title: Re: aswAr.log
Post by: DavidR on May 15, 2008, 09:34:30 PM

Well my aswar.log has miraculously updated itself as it is now showing details of today's scan. Obviously no footer info as when it ran I hadn't got the latest VPS that changed the file format.

My boot was at 13:23 and the scan kicked off at 13:31 and that matches your 8 minutes, but I though it didn't start the delay until the desktop came up.

I guess it would take somewhere around 1:30 - 2:00 minutes from boot to desktop and no activity, which would bring that down.

Title: Re: aswAr.log
Post by: Vlk on May 15, 2008, 09:38:13 PM

Quote from: DavidR on May 15, 2008, 03:50:33 PM

1. What is the delay before the rootkit scan on 4.8.1195 as this has cropped up in a couple of topics and we the users don't know for sure but it seems like 5 minutes as best as I can determine ?

The delay is currently 8 minutes but we're playing with this to minimize the risk of FP's.... so it cannot be really relied upon.

Quote from: DavidR on May 15, 2008, 03:50:33 PM

2. How can we determine if the rootkit scan has taken place ?
e.g. if the log hasn't been updated it could be a failure of the logging or the rootkit scan didn't run.

There's probably no other way to tell besides the log file. But it should really get generated. ;)

Title: Re: aswAr.log
Post by: DavidR on May 15, 2008, 11:24:35 PM

Thank you Vlk.