Author Topic: Virus detected by Windows but not by linux version.  (Read 4873 times)

0 Members and 1 Guest are viewing this topic.

overblood

  • Guest
Virus detected by Windows but not by linux version.
« on: July 23, 2013, 04:39:30 PM »
Hi,
we are using libavastengine-4.7.6-1.i586 with avastlite v3.2.1 and we update the definitions every 3 hours.

Definition number 130723-0 :
ERROR-0: New VPS: 130723-0 (date: 23.07.2013) succesfully installed

Same definitions but the Windows client founded the virus Win32:Dropper-gen [Drp] but linux client not . :(

Why this with the same virus definitions ?
Is this linux client not supported anymore or it will go in a limbo state ?

this is the link on  Virustotal

https://www.virustotal.com/it/file/e7873eb0a3dcaa28082cbf4642344a8b982f40c41fc1fadb92a09095c517647f/analysis/1374586355/

Thanks for the support

Offline Abraxas

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 730
  • Perseverance Furthers...
    • PCLinuxOS-Forums
Re: Virus detected by Windows but not by linux version.
« Reply #1 on: July 23, 2013, 08:28:50 PM »
Hi overblood, and welcome to avast!WEBforums.  :)

Confused as to your problem actually, could you be more specific as to what you are scanning with, and what you are scanning, i.e., A Linux Partition, AND/OR, a Windows Partition, with "Avast xxx".
Thankyou.  ;)

I can  give you an installation link to the Avast! - avast4'Linux'workstation scanne herer:
wget -c http://files.avast.com/files/linux/avast4workstation-1.3.0-1.i586.rpm
This is the scanner for installation in your Linux Distro.
Also it's .vbs http://files.avast.com/files/latest/400.vps

If you're looking for avast! 4 Linux Server (uses license.dat for activation from B2B) go here:
http://forum.avast.com/index.php?topic=115968.msg934007#msg934007

As far as Virus Total, please read there own comments on what it is all about :
http://www.f-secure.com/weblog/archives/00002482.html
https://www.virustotal.com/about/

Regards,

Abraxas.

overblood

  • Guest
Re: Virus detected by Windows but not by linux version.
« Reply #2 on: July 24, 2013, 09:28:28 AM »
Hi , i am scanning a single file submitted my-email.

avast4server-3.2.1-1.i586.rpm
libavastengine-4.7.6-1.i586.rpm

What i find strange is that with this definitions  VPS: 130723-0 the linux client doesn't find the virus while the windows client with the same VPS finds it.

Today with VPS 130723-1 also the avast4server finds the virus but what is strange is the dicrepancy between the 2 versions.

MAG

  • Guest
Re: Virus detected by Windows but not by linux version.
« Reply #3 on: July 24, 2013, 10:27:23 AM »
Hi , i am scanning a single file submitted my-email.

avast4server-3.2.1-1.i586.rpm
libavastengine-4.7.6-1.i586.rpm

What i find strange is that with this definitions  VPS: 130723-0 the linux client doesn't find the virus while the windows client with the same VPS finds it.

Today with VPS 130723-1 also the avast4server finds the virus but what is strange is the dicrepancy between the 2 versions.

Strange as you say.
I guess it's possible that avast for widows made the detection originally using a non-signature-based technique.
That detection was confirmed, and so the signature has now been added?

Offline Abraxas

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 730
  • Perseverance Furthers...
    • PCLinuxOS-Forums
Re: Virus detected by Windows but not by linux version.
« Reply #4 on: July 24, 2013, 01:49:50 PM »
overblood, as mag suggests, the Windows Virus may now be in the Linux '.vbs' (although they both should be same - Linux and Windows)  ::) We have seen in the past slow downs in the Avast4Linux server, updating the .vbs, which may also be a factor.
mag:
Quote
"...I guess it's possible that avast for widows made the detection originally using a non-signature-based technique."
I suspect the Windows scanner uses heuristic techniques, etc., whereas i'm not sure as to the methods of detection of the avast4server scanner, simply the .vbs I believe.

Also, a Linux scanner won't scan protected (root) files, as is the nature of Linux permissions.
Is the Email owned by a 'user', or '/' may be something worth checking ?

If you are having further problems, I suggest contacting Avast.co, as Avast4Server is a paid for and licensed product.

Good luck,

Abraxas