Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: LAB on March 31, 2004, 07:40:39 PM
-
I have seen quite a few posts concering Avast detecting the Eicar test files and if I am not mistaken, most of the people writing in were a little disappointed in that they said they had to actually download the file first and either scan it or try to open the file before Avast would detect it.
I am using the Home version w/Win98se and have never made any modifications to Avast but I decided to try and download the Eicar test files just to give me the satisfaction of knowing that Avast was installed correctly. To my suprise, no matter which Eicar file I clicked on, Avast came to life and told me the files were infected prior to my download manager box popping up asking me where to save the file at.
Does this depend on the browser or operating system you are using? I am glad that Avast would not even allow me to download the files but was just curios to see why most people said they had to download the files first in order to get Avast to catch them. Any ideas?????
-
I also had a play with the Eicar test virus files with Avast! home edition and found that the email virus was picked up straight away whatever the setting, but the the one that tests internet explorer was only picked up when the standard shield was set to 'high'.
I didn't have to download the file though and 'manually' test it, Avast! jumped on them straight away. I set mostly every setting to high now as it doesn't appear to make any performance difference between normal and high with my Barton XP2500 :P
Overall i'm well impressed with Avast! and recommend it to everyone I know!
;D
-
ST,
The actions of Avast depend on the way the virus enters your system.
In general, Avast will monitor your computer and scan files upon exection or opening.
For email, the scan is immediate on the content of the message, but the attachments will be scanned if an attempt is made to open them.
Although Eicar is not a "harmful" virus, its' structure is that of a "virus" so Avast will act on it appropriately.
Glad you like the program.
I am puzzled by the fact that you have stated Avast did not pick up Eicar in IE until Standard Shield was set to HIGH. I will forward this on the the Avast team for them.
Take Care,
techie
-
I know that I have Avast set on high also, but I use Netscape 7.1. I will change Avasts settings and try the test again to see if it works on both settings or just high and will post the results by tomorrow. Then we can see if it is just specific to IE or to both browsers.
-
maybe you all are interested in these... ;)
http://forum.avast.com/index.php?board=2;action=display;threadid=3113;start=0
http://forum.avast.com/index.php?board=2;action=display;threadid=3522;start=0
-
I know that I have Avast set on high also, but I use Netscape 7.1. I will change Avasts settings and try the test again to see if it works on both settings or just high and will post the results by tomorrow. Then we can see if it is just specific to IE or to both browsers.
I took Avast off of the "High Setting" and tried again. A rectangular box appeared at the bottom left of my screen showing Avast was detecting it, but my Windows working flag was waving for about 4 minutes and nothing was happening. I did a ctrl-alt-delete and the task manager showed that Ashserv was not responding. I let it go a while and finally had to end task to unlock my pc. Any reason why Ashserv would lock up?????
-
I know that I have Avast set on high also, but I use Netscape 7.1. I will change Avasts settings and try the test again to see if it works on both settings or just high and will post the results by tomorrow. Then we can see if it is just specific to IE or to both browsers.
I took Avast off of the "High Setting" and tried again. A rectangular box appeared at the bottom left of my screen showing Avast was detecting it, but my Windows working flag was waving for about 4 minutes and nothing was happening. I did a ctrl-alt-delete and the task manager showed that Ashserv was not responding. I let it go a while and finally had to end task to unlock my pc. Any reason why Ashserv would lock up?????
I'm becoming cetic about this freezing...
Are you really sure that there is not a little 'incompatibility' between ashServ and other Windows XP drivers... I tried to debbug it with Vlk's help but I cannot find a 'racional' way to do it. I cannot be on-line all the time and debbugers need it for some obscure Microsoft symbols need :(
We want to help but we do not know how... How can we do more research about freezing and ashServ? ::)
-
It was SuperTrooper who is using XP, not I. I have Win98se but I was just trying to give a hand to see if IE was the culprit in his case or if it could be duplicated with Netscape 7.1. Avast detected the Eicar Test File as a virus prior to downloading with both standard shield set to high and standard in my case but for SuperTrooper, he said it only was detected on the high setting. The freeze up of Ashserv on my end might have just been a hiccup! ;D.
-
if you use netscape...then you will love firefox!!!..... ;D
-
I've tested my avast! home edition with Eicar. Avast! worker perfectly. It's the best free antivirus program i've ever had! 8)
-
cochise: Try to disable the "Show detailed info on performed action" option of the Standard Shield provider...
-
cochise: Try to disable the "Show detailed info on performed action" option of the Standard Shield provider...
The box was not check marked but I think I might have found the problem. My brother had once told me that if you are having problems with Netscape download problems, to clear the cache. I cleared the Netscape cache file and tried it again and it worked fine. It does not freeze and when I clicked on the Eicar test file download link, Avast sounded off and told me a Virus was detected in C:\Windows\Temp before the download manager box appears.
The only question I had was that Avast gives you the option of permanently deleting the file or send it to the trash bin. If you choose the trash bin, the file never shows up there. If in a different circumstance, you find out that you deleted a non-virus file and needed to restore it from the trash bin, how would you be able to do that? Am I missing something on this or is it because the file was never actually downloaded onto my pc for Avast to move it to the trash bin.
-
You won't belive,but one of the best AVs on market has the same problem. And this AV is called NOD32. Doesn't help even if you enable scan all files. But hey,who needs archive scanning which is machine killing process? Files are scanned anyway when extracted. avast! has archive scanning as bonus,so you can enable it if you really really really need this function (NOD32 doesn't even have this option :P )
-
The only question I had was that Avast gives you the option of permanently deleting the file or send it to the trash bin. If you choose the trash bin, the file never shows up there. If in a different circumstance, you find out that you deleted a non-virus file and needed to restore it from the trash bin, how would you be able to do that? Am I missing something on this or is it because the file was never actually downloaded onto my pc for Avast to move it to the trash bin.
Igor, can you answer the cochise's question?
There are some forums discussing the options while 'repairing/cleaning' viruses but not conclusive: delete file on next boot seems no to work either... :'(
Why does ashServ seem to freeze? (my original problem...)
-
I think they scheduled this bugfix for the next build.
Will there be any soon? ;)
-
I just checked and deleting to Trash bin works here... what exactly did you do?
The only fix done, considering the deleting of files, is the "delete after restart" option - now, it tries to delete the file in an "ordinary" way first, and only if it fails, it marks it to be deleted on restart (in build 357, the checkbox makes avast! mark the file to be deleted on restart in any case and not even try to delete it normally - which is not correct, of course).
-
I clicked on the Eircar file link to start the download. As soon as I clicked on the link, Avast stated that the Eicar file was detected in C\windows\temp and gave me the option to delete to trash bin and I believe the second choice was delete permanently next restart. I chose the trash bin option, but noticed on the desktop that my trash bin was empty. I opened the trash bin and there were no files in it. My down load manager box was still open waiting for me to start the down load but I never did start it since Avast stated it was infected. I actually wanted to see when Avast would detect the test virus, before or after downloading. I did do a scan the windows temp file afterward and the file was deleted by Avast but just not to the trash bin.
-
I actually wanted to see when Avast would detect the test virus, before or after downloading.
It can only detects after the download, when saving the file to the HDD (if avast is configurated to do so: Standard Shield > created/modified files) or when you try to open the downloaded file (if avast is configurated to do so: Standard Shield > on open files).
I do not think it can detects 'before' downloading... Of course, Igor can correct me and said what happened to the 'deleted' file ::)
-
Igor can correct me and said what happened to the 'deleted' file
Well, I am not aware of every deleted file in the world, so I can only guess ;D
I don't know what was the "action" that the browser was supposed to do with the downloaded file, but I believe the scanerio was like that:
The Standard Shield level was set to High, i.e. it was scanning created/modified files (as Technical said). However, this scanning (virus warning) is not blocking - i.e. it doesn't stop access to the file. So, when you clicked the link, the file was downloaded to the TEMP folder. avast! detected the infected file being written there and gave you the warning.
In between, the browser may have deleted the temporary file - so, when you told avast! to delete the file (to the trash bin), the file was already deleted by the browser. Therefore, avast! couldn't delete anything - so, the trash bin was empty.
I cannot guarantee that it really went like this... but in general, when we are talking about temporary files, we have to consider the possibility of the file being removed - that's what the temporary files/folders are for.
-
Igor can correct me and said what happened to the 'deleted' file
Well, I am not aware of every deleted file in the world, so I can only guess ;D
I don't know what was the "action" that the browser was supposed to do with the downloaded file, but I believe the scanerio was like that:
The Standard Shield level was set to High, i.e. it was scanning created/modified files (as Technical said). However, this scanning (virus warning) is not blocking - i.e. it doesn't stop access to the file. So, when you clicked the link, the file was downloaded to the TEMP folder. avast! detected the infected file being written there and gave you the warning.
In between, the browser may have deleted the temporary file - so, when you told avast! to delete the file (to the trash bin), the file was already deleted by the browser. Therefore, avast! couldn't delete anything - so, the trash bin was empty.
I cannot guarantee that it really went like this... but in general, when we are talking about temporary files, we have to consider the possibility of the file being removed - that's what the temporary files/folders are for.
Well explained Igor... makes sense. Thank you ;)