Avast WEBforum
Consumer Products => Avast Mac Security => Topic started by: jvmn on February 22, 2009, 08:00:50 PM
-
Hello,
since the last few updates, I cannot clean Word documents anymore from macro virus (MW97:Marker Family). The only message I get: "X Files was not processed successfully".
Avast log file shows only:
22.02.09 19:16:19.749 repaired: "/path/to/word.doc" success 0 (451)I tried "MacAvast v2.74R0 ServiceKit v1.41" with scan engine 0.68, 0.69 & 0.82beta, also a new installation. But nothing changed.
Is there any hint to fix this problem or I must wait till next Avast update?
Thanks
Juergen
-
Hello,
since the last few updates, I cannot clean Word documents anymore from macro virus (MW97:Marker Family). The only message I get: "X Files was not processed successfully".
Avast log file shows only:
22.02.09 19:16:19.749 repaired: "/path/to/word.doc" success 0 (451)I tried "MacAvast v2.74R0 ServiceKit v1.41" with scan engine 0.68, 0.69 & 0.82beta, also a new installation. But nothing changed.
Is there any hint to fix this problem or I must wait till next Avast update?
Thanks
Juergen
Hallo, the cleaner is a part of virus database, thus, changing an engine is not necessary here. 451 is an engine error, thus, the file is maybe protected against modification? (apple-i, then, have a look on the permissions).
What's the version of your virus database?
regards,
pc
-
Hallo, the cleaner is a part of virus database, thus, changing an engine is not necessary here. 451 is an engine error, thus, the file is maybe protected against modification? (apple-i, then, have a look on the permissions).
What's the version of your virus database?
regards,
pc
Hello,
permissions (posix & acl) are the first I looked and they are fine. I changed possix permissions to 777 for testing purpose.
Nothing changed. Same behavior.
Virus database version is 090221-0 - 21.02.2009.
Meanwhile there came a new database version via update. I also tried this (090224-0 - 24.02.2009), but same result.
regards,
Juergen
-
Hallo, the cleaner is a part of virus database, thus, changing an engine is not necessary here. 451 is an engine error, thus, the file is maybe protected against modification? (apple-i, then, have a look on the permissions).
What's the version of your virus database?
regards,
pc
Hello,
permissions (posix & acl) are the first I looked and they are fine. I changed possix permissions to 777 for testing purpose.
Nothing changed. Same behavior.
Virus database version is 090221-0 - 21.02.2009.
Meanwhile there came a new database version via update. I also tried this (090224-0 - 24.02.2009), but same result.
regards,
Juergen
Hallo, I tested this few minutes ago, with different engines - and it works. Please note that not all macro-infections could be flawlessly repaired, but many of them can. I can't spread malware samples, but maybe this is your case. Could you zip the particular file (use password: virus), and send it to me? (cimbal :at: avast.com)?
thanks,
pc
-
Hallo, I tested this few minutes ago, with different engines - and it works. Please note that not all macro-infections could be flawlessly repaired, but many of them can. I can't spread malware samples, but maybe this is your case. Could you zip the particular file (use password: virus), and send it to me? (cimbal :at: avast.com)?
thanks,
pc
Hallo,
i send you an sample via mail. It's an 7 year old Word macro virus (Shankar).
MacAvast was able to clean this macro virus in the past. This was the reason for us, to buy a license. :)
The Avast windows version can clean this file. If i guess, MacAvast should also can do.
I also tried a new installation. First i deleted all MacAvast related files from harddrive:
~/Library/Application Support/com.avast.MacAvast/
~/Library/Preferences/com.avast.MacAvast.plist
/Applications/avast!.app/
Reboot and reinstall. It's weird, always the same error/behavior.
Is there some verbose log output possible? Maybe this helps.
regards,
Juergen
-
Hallo, I tested this few minutes ago, with different engines - and it works. Please note that not all macro-infections could be flawlessly repaired, but many of them can. I can't spread malware samples, but maybe this is your case. Could you zip the particular file (use password: virus), and send it to me? (cimbal :at: avast.com)?
thanks,
pc
Hallo,
i send you an sample via mail. It's an 7 year old Word macro virus (Shankar).
MacAvast was able to clean this macro virus in the past. This was the reason for us, to buy a license. :)
The Avast windows version can clean this file. If i guess, MacAvast should also can do.
I also tried a new installation. First i deleted all MacAvast related files from harddrive:
~/Library/Application Support/com.avast.MacAvast/
~/Library/Preferences/com.avast.MacAvast.plist
/Applications/avast!.app/
Reboot and reinstall. It's weird, always the same error/behavior.
Is there some verbose log output possible? Maybe this helps.
regards,
Juergen
Hallo,
what was the subject/sender of the mail? Can't locate it in my mail Inbox. Maybe try to send it pass-protected, to be able to pass through various mail filters along the path.
regards,
pc
-
Hallo, I tested this few minutes ago, with different engines - and it works. Please note that not all macro-infections could be flawlessly repaired, but many of them can. I can't spread malware samples, but maybe this is your case. Could you zip the particular file (use password: virus), and send it to me? (cimbal :at: avast.com)?
thanks,
pc
Hallo,
i send you an sample via mail. It's an 7 year old Word macro virus (Shankar).
MacAvast was able to clean this macro virus in the past. This was the reason for us, to buy a license. :)
The Avast windows version can clean this file. If i guess, MacAvast should also can do.
I also tried a new installation. First i deleted all MacAvast related files from harddrive:
~/Library/Application Support/com.avast.MacAvast/
~/Library/Preferences/com.avast.MacAvast.plist
/Applications/avast!.app/
Reboot and reinstall. It's weird, always the same error/behavior.
Is there some verbose log output possible? Maybe this helps.
regards,
Juergen
Hallo,
what was the subject/sender of the mail? Can't locate it in my mail Inbox. Maybe try to send it pass-protected, to be able to pass through various mail filters along the path.
regards,
pc
Hallo,
I resend the virus sample. It's an zip file with password on (password=virus)
First mail was send on:
Message-ID: <49A56FAD.5030704@jvm.de>
Date: Wed, 25 Feb 2009 17:19:57 +0100
Subject: Virus Sample
second on:
Message-ID: <49AD1B4F.1020107@jvm.de>
Date: Tue, 03 Mar 2009 12:58:07 +0100
Subject: Virus Sample /2
Second mail was also send to my privat mail account and it came through. Hope this time you will receive the sample.
Regards
Juergen
-
Hallo, I tested this few minutes ago, with different engines - and it works. Please note that not all macro-infections could be flawlessly repaired, but many of them can. I can't spread malware samples, but maybe this is your case. Could you zip the particular file (use password: virus), and send it to me? (cimbal :at: avast.com)?
thanks,
pc
Hallo,
i send you an sample via mail. It's an 7 year old Word macro virus (Shankar).
MacAvast was able to clean this macro virus in the past. This was the reason for us, to buy a license. :)
The Avast windows version can clean this file. If i guess, MacAvast should also can do.
I also tried a new installation. First i deleted all MacAvast related files from harddrive:
~/Library/Application Support/com.avast.MacAvast/
~/Library/Preferences/com.avast.MacAvast.plist
/Applications/avast!.app/
Reboot and reinstall. It's weird, always the same error/behavior.
Is there some verbose log output possible? Maybe this helps.
regards,
Juergen
Hallo,
what was the subject/sender of the mail? Can't locate it in my mail Inbox. Maybe try to send it pass-protected, to be able to pass through various mail filters along the path.
regards,
pc
Hallo,
I resend the virus sample. It's an zip file with password on (password=virus)
First mail was send on:
Message-ID: <49A56FAD.5030704@jvm.de>
Date: Wed, 25 Feb 2009 17:19:57 +0100
Subject: Virus Sample
second on:
Message-ID: <49AD1B4F.1020107@jvm.de>
Date: Tue, 03 Mar 2009 12:58:07 +0100
Subject: Virus Sample /2
Second mail was also send to my privat mail account and it came through. Hope this time you will receive the sample.
Regards
Juergen
Hallo Juergen,
thanks for details, your samples were burried in junk-folder. Yes, the "bug" is reproducible, MW97:Marker family is detected, but trying to clean the file returns "Not succesfully processed". Why?
Internally, there are two distinct repair levels - weak-failsafe (tries to remove the infection), and stronger-cruel (would remove all macros). By default, gui applies the first level, but here the 451/42060 is returned ("file was not repaired"), and the higher level isn't used in turn. Thanks for report, we'll add this "stronger repair" fix to the present alpha.
regards,
pc
PS: if you still wanna repair your particular file, you can do it manually:
- open terminal, and type: telnet -u `pwd`/Library/Application\ Support/com.avast.MacAvast/socket
- then, type: license path path_to_your_license_file
- then, type: repair 1 0 path_to_the_infected_doc
-
Hiya,
I have the same problem, MW97:Marker-D detected but not fixed by newly installed Avast up to date.
I even try the terminal command (even though it would be a pain with that amount of files with it... but it says "licence: commande not found"
there is no informatons i could find on the net about how to really fixe the problem, even tough it is very documented.
can somebody has a real solution ? I am exhausted to drag those macros since years.
cheers
-
Hello,
try to create ticket on https://support.avast.com/
Milos
-
thanks, i did put a ticket