Author Topic: New Avast User - Not scanning Network files.  (Read 18253 times)

0 Members and 1 Guest are viewing this topic.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: New Avast User - Not scanning Network files.
« Reply #15 on: February 27, 2005, 12:27:07 PM »
Thanks for the post but I'd probably need you to do the test once more :-\
The thing is - I don't see the files I need here (namely, \\tambu... files) which may be caused by the fact that they were placed in the "virus-free" cache before...

Did you do steps 4 and 5 in this order? That is, didn't you simulate the problem before starting DebugView?

Also, did you see the info messages as on your previous screenshot http://members.cox.net/~tambu/Avast%20Problem.JPG ?

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Tambu

  • Guest
Re: New Avast User - Not scanning Network files.
« Reply #16 on: February 27, 2005, 04:02:37 PM »
How odd. I did do the steps in order for some reason I didn't get it in the log. Perhaps I didn't scroll down enough when I copied the text. I've redone the test. I executed the eicar.com file several times without it being detected and then I attempted to copy it to my desktop which it was detected.

Thanks for the help
Tambu

[\\BIGGLES]
00000003   8.85534083   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000004   8.85813057   [484] E:\Archives\Utilities\Codecs\[CODEC] Nimo50Build9Beta1.exe
00000005   8.85818114   [484] Called avfilesScanReal - return code 0.
00000006   11.86086081   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000007   11.86102563   [484] \\tambu\tambu\eicar.com
00000008   11.86165253   [484] Called avfilesScanReal - return code 3.
00000009   11.87633708   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000010   11.89171166   [484] C:\WINDOWS\system32\ntvdm.exe
00000011   11.89176110   [484] Called avfilesScanReal - return code 0.
00000012   11.89889832   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000013   11.89954310   [484] C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWMONVD.DLL
00000014   11.89958919   [484] Called avfilesScanReal - return code 0.
00000015   11.90273820   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000016   11.90963321   [484] C:\WINDOWS\SYSTEM32\WINMM.DLL
00000017   11.90968433   [484] Called avfilesScanReal - return code 0.
00000018   11.91303085   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000019   11.91528672   [484] C:\WINDOWS\SYSTEM32\NTVDMD.DLL
00000020   11.91533924   [484] Called avfilesScanReal - return code 0.
00000021   11.91840974   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000022   11.94163588   [484] C:\WINDOWS\SYSTEM32\USERENV.DLL
00000023   11.94551514   [484] Called avfilesScanReal - return code 0.
00000024   11.94556710   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000025   11.94865576   [484] C:\WINDOWS\SYSTEM32\COMMAND.COM
00000026   11.95162933   [484] Called avfilesScanReal - return code 0.
00000027   11.95180114   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000028   11.95224868   [484] C:\WINDOWS\SYSTEM32\MSCDEXNT.EXE
00000029   11.95625589   [484] Called avfilesScanReal - return code 0.
00000030   11.95630394   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000031   11.95689312   [484] C:\WINDOWS\SYSTEM32\REDIR.EXE
00000032   11.95697135   [484] Called avfilesScanReal - return code 0.
00000033   11.95881432   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000034   11.96069640   [484] C:\WINDOWS\SYSTEM32\DOSX.EXE
00000035   11.96113333   [484] Called avfilesScanReal - return code 0.
00000036   12.00563787   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000037   12.00872457   [484] C:\WINDOWS\SYSTEM32\COMMAND.COM
00000038   12.00964759   [484] Called avfilesScanReal - return code 0.
00000039   12.01760643   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000040   12.01802464   [484] C:\WINDOWS\system32\MSCDEXNT.EXE
00000041   12.01901359   [484] Called avfilesScanReal - return code 0.
00000042   12.01905577   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000043   12.01962289   [484] C:\WINDOWS\system32\REDIR.EXE
00000044   12.02062217   [484] Called avfilesScanReal - return code 0.
00000045   12.02066380   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000046   12.02254644   [484] C:\WINDOWS\system32\DOSX.EXE
00000047   12.02338677   [484] Called avfilesScanReal - return code 0.
00000048   12.02650868   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000049   12.02664557   [484] \\TAMBU\TAMBU\EICAR.COM
00000050   12.02737918   [484] Called avfilesScanReal - return code 3.
00000051   13.93084624   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000052   13.93391115   [484] C:\WINDOWS\SYSTEM32\COMMAND.COM
00000053   13.93482272   [484] Called avfilesScanReal - return code 0.
00000054   13.94021782   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000055   13.94066760   [484] C:\WINDOWS\system32\MSCDEXNT.EXE
00000056   13.94071174   [484] Called avfilesScanReal - return code 0.
00000057   13.94172919   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000058   13.94230412   [484] C:\WINDOWS\system32\REDIR.EXE
00000059   13.94300561   [484] Called avfilesScanReal - return code 0.
00000060   13.94331766   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000061   13.94630826   [484] C:\WINDOWS\system32\DOSX.EXE
00000062   13.94727989   [484] Called avfilesScanReal - return code 0.
00000063   13.95023921   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000064   13.95037665   [484] \\TAMBU\TAMBU\EICAR.COM
00000065   13.95111669   [484] Called avfilesScanReal - return code 3.
00000066   16.94912342   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000067   16.94950084   [484] C:\Documents and Settings\Tambu\Desktop\eicar.com
00000068   16.94960952   [484] Called avfilesScanReal - return code 0.
00000069   20.79166291   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000070   20.79885432   [484] E:\Archives\Utilities\Codecs\wma8_redist.exe
00000071   20.79941110   [484] Called avfilesScanReal - return code 0.
00000072   28.85914327   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000073   28.86279848   [484] C:\WINDOWS\system32\NOTEPAD.EXE
00000074   28.86341616   [484] Called avfilesScanReal - return code 0.
00000075   28.87920699   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000076   28.88551310   [484] C:\WINDOWS\SYSTEM32\WINSPOOL.DRV
00000077   28.88556423   [484] Called avfilesScanReal - return code 0.
00000078   28.88777680   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000079   28.89120601   [484] C:\WINDOWS\SYSTEM32\SHIMENG.DLL
00000080   28.89125601   [484] Called avfilesScanReal - return code 0.
00000081   28.89407648   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000082   28.89451704   [484] C:\Documents and Settings\Tambu\Recent\dbgview2.log.lnk
00000083   28.89614490   [484] Called avfilesScanReal - return code 0.
00000084   28.90056250   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000085   28.91560017   [484] C:\WINDOWS\APPPATCH\ACGENRAL.DLL
00000086   28.91566666   [484] Called avfilesScanReal - return code 0.
00000087   28.91849579   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000088   28.94207225   [484] C:\WINDOWS\SYSTEM32\OLEAUT32.DLL
00000089   28.94216416   [484] Called avfilesScanReal - return code 0.
00000090   28.94829091   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000091   28.95182544   [484] C:\WINDOWS\SYSTEM32\MSACM32.DLL
00000092   28.95187601   [484] Called avfilesScanReal - return code 0.
00000093   28.95490321   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000094   28.95677104   [484] C:\WINDOWS\SYSTEM32\VERSION.DLL
00000095   28.95692330   [484] Called avfilesScanReal - return code 0.
00000096   28.95993485   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000097   28.99059908   [484] C:\WINDOWS\SYSTEM32\WIN32K.SYS
00000098   28.99065691   [484] Called avfilesScanReal - return code 0.
00000099   31.65571071   [484] x_AavmCheckFileDirectEx - calling GetFileTimeoutAndValidityW for
00000100   31.65819427   [484] C:\WINDOWS\system32\xpsp1res.dll
00000101   31.66462693   [484] Called avfilesScanReal - return code 0.

Tambu

  • Guest
Re: New Avast User - Not scanning Network files.
« Reply #17 on: February 27, 2005, 04:04:13 PM »
On a side note that  dbgview.exe program seems to lockup if you click Save As while its logging.  Happened several times now. Just to let you know.

Thanks Tambu

Tambu

  • Guest
Re: New Avast User - Not scanning Network files.
« Reply #18 on: February 27, 2005, 04:18:57 PM »
I guess I never did and you never asked for system specs but just incase its useful I've included them below.

AMD Athlon 64bit 3500+ (CPU)
MSI NEO K8N Neo2 Platinum (Motherboard)
Coursair DDR400 512meg x 2 (1gig memory)
Western Digital WD750GD (Raptor 10,000RPM) 74GB (Harddrive - Windows)
2x Western Digital 80gig Harddrives (RAID 0) (Harddrive - Games/Storage)
SoundBlaster Audigy 2 MP3 (Soundcard)
Sony DRU-500 DVD+ / - RW
Toshiba DVD-ROM  SD-M1612
Floppy Drive
Network Card 10/100
Windows XP w/ SP2 and all windowsupdate.com

Thanks
Tambu

Tambu

  • Guest
Re: New Avast User - Not scanning Network files.
« Reply #19 on: March 01, 2005, 03:41:00 AM »
A minor bump for progress. Any other info I can provide Vlk?

Tambu

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: New Avast User - Not scanning Network files.
« Reply #20 on: March 01, 2005, 06:58:55 PM »
Hi Tambu, I have just uploaded a modified version of the patch (to the same location - http://www2.asw.cz/misc/aavm4h.zip ).
Do you think you could retry the test?

Maybe it could even solve the problem... :) (maybe not :-[)

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Tambu

  • Guest
Re: New Avast User - Not scanning Network files.
« Reply #21 on: March 03, 2005, 01:09:22 AM »
Ok here we go again. I download the updated .dlls and installed them as previously told. I ran Avast as administrator. I then started the debug program. I then executed several files in my \\tambu\tambu directory and it appears from the debug window it scans those. I then executed the eicar.com virus and it ran without finding the virus. I did this several times. I then executed the eicar.com virus in \\tambu\tambu\test\ and it was executed without a problem. I then manually scanned the eicar.com virus and it found it as a virus.

I hope this helps find the problem.

Tambu

[log text is too log so I've attached it.

Tambu

  • Guest
Re: New Avast User - Not scanning Network files.
« Reply #22 on: March 03, 2005, 01:18:20 AM »
Btw if it helps feel free to contact me by IM.
My info is in my profile section.

Thanks for the Help.

Tambu

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: New Avast User - Not scanning Network files.
« Reply #23 on: March 03, 2005, 11:01:33 PM »
hmm, from the log it's clearly visible that the attempt to access the network share was rejected with error code 5 - access denied.

I have a question. When you're accessing the network drive (from Explorer or otherwise), can you access it automatically (just like that) or you're asked to fill in username/password details and only after that you're permitted to access it?


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Tambu

  • Guest
Re: New Avast User - Not scanning Network files.
« Reply #24 on: March 03, 2005, 11:33:47 PM »
Well if I restart windows when I intially connect to \\tambu\tambu it will ask for username password. However that it will "remember" the password until I restart my system.  so basically I login once per system start and then all my programs can access network drives without a problem.

Tambu

Tambu

  • Guest
Re: New Avast User - Not scanning Network files.
« Reply #25 on: March 03, 2005, 11:57:16 PM »
Bingo! I figured it out. Not sure what you guys will have to do to fix the problem though.

Ok here goes I hope you know about samba.conf on linux

Here is the config for the directoryies inquestion with the eicar.com virus

[homes]
   comment = Home Directories
   browseable = yes
   writable = yes

By testing I have found that apparently Avast doesn't use windows networking to access shares. I have found that if I create another share with these options.

[Test3]
 path= /test
 browseable = yes
 public = yes
 read only = yes
 guest ok = yes  <----- This is what makes Avast work.

Then Avast reads the virus and stops the execution. YES!!

Course the problem is you have to enable guest access so it can be read by users that aren't logged in. Not a normal option for Samba or Windows Shares.

I guess other virus programs must use windows networking to access shares so they get the passwords and the problem is avast tries to look for \\tambu\tambu\eicar.com and my linux box spits back it doesn't have access or something so it fails.

I've included another log showing first where it doesn't access the file and then when it does access the file because it has the "guest ok = yes  " enabled.

Please let me know if this is fixable or something I can do to make avast do this? Otherwise will it later be included? As stated before network shares are a requirement for me as I would think it is for others. And since I would be using the computer as a user if I have access to the files they should be scannable by AVAST.

I would point out (and please don't think me bashing I rather like Avast) that both Norton and AVG will both use windows networking to properly scan the files.

Thanks for you responses Vlk
Tambu

PS> Found another feature I rather like apparently if avast detects a virus and you tell it to continue without fixing/repairing the problem it won't let you execute the file after. I found this out when I was trying to test the \tambu\test3\eicar.exe and it gave me windows access errors. I had to stop and then restart AVAST before it would scan and detect the virus. REALLY NICE.

Tambu

  • Guest
Re: New Avast User - Not scanning Network files.
« Reply #26 on: March 05, 2005, 02:37:34 AM »
Quick Bump for help.

Thanks for your assistance Vlk
Tambu

Tambu

  • Guest
Re: New Avast User - Not scanning Network files.
« Reply #27 on: March 07, 2005, 01:31:35 PM »
Hey All

Just trying to see if I can get a finally response to the solution I've found. I was hoping to hear that there is some option to enable Avast to scan network shares. As I said before I am concerned that a virus scanner can't scan files that the user is logged in can scan. especially when it works for manual scan but won't scan on execution. I realize there may not be a solution yet.. but I'd just like to know if I should try the next version or something.

Tambu

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: New Avast User - Not scanning Network files.
« Reply #28 on: March 07, 2005, 01:48:59 PM »
Hi Tambu,

there's a couple of innaccuratenesses in your post.
First, it's not a matter of whether an app uses "Windows Networking" (how you called it) or not. All apps access the network in pretty much the same way. The difference is, however, where from. Logon sessions are associated with so-called desktops. I.e. logged on user, his workspace. A system service runs on a different dekstop than the logged on user. This is why the avast service is unable to access the share even thought you have already filled in the credentials (on your desktop).

But to discuss the actual problem: I'd say that it's not too relevant whether guest access is enabled or not on the share. The interesting part is, why is the networking manager asking you for username/password in the first place? This is not how it should work - it should open the share automatically, without the need of reentering the logon data every time you start your machine. That is, it should work automatically. Of course, only if the account under which you're logged on on your machine has access to the share (not a different account). Please note that you must have a computer name specified as part of the logon name when specifying the access control list on the server. I.e. COMPUTER\Account, instead of simple Account. Otherwise, the name Account will be considered as an account called Account on the target, not on the machine from which your making the connection.

Can you check the ACL's on the Samba share and verify this?

Vlk
If at first you don't succeed, then skydiving's not for you.