Author Topic: Avast Home: System freeze on W98 with Calypso email reader  (Read 9631 times)

0 Members and 1 Guest are viewing this topic.

jmdelatre

  • Guest
Avast Home: System freeze on W98 with Calypso email reader
« on: September 29, 2003, 09:41:34 PM »
Hi,

I am a user of avast Home on WXP for months now, and I am very happy with it.
So happy that I decided to install it on my sister's PC, which is a W98, with ZoneAlarm 3.1.291 and Calypso 3.3 (free email client).
I installed the latest version of avast : 4.1.268. Then I tested the effectiveness of avast settings by using the "Test Virus Sender" service of www.declude.com. This latter sends the usual eicar.com test file.
The virus was properly caught upon reception (after having modified avast4.ini of course), now if I say "Continue" instead of "Delete", the virus file is kept in the message as expected BUT ...
when I subsequently try to open the attachement of the mail (ie. eicar.com), all the system freezes almost 3 out of 4 times, and this before the warning window of avast appears on the screen!
I don't understand neither why it freezes, nor why it is not 100% of time.
A last notice: I figured out that if I forcibly kill Calypso, the system gets back to life, and I finally see the avast warning window!

Any clue?

Thanks in advance

Jean-Marc

techie101

  • Guest
Re:Avast Home: System freeze on W98 with Calypso email reader
« Reply #1 on: September 30, 2003, 12:18:58 AM »
jm,

Firstly let me say that in choosing Avast, you have one of the best Avs around.

Now...the Eicar test file can cause  weird problems in systems using W98, and it is not easy to remove completely from some hard-drives.  I would remove the file as instructed on the www.eicar.com web site.

This is a quote from the Eicar site which you should read!
Important note:  cannot be held responsible when these files or your AV scanner in combination with these files cause any damage to your computer. You download these files at your own risk. Download these files only if you are sufficiently secure in the usage of your AV scanner.  cannot and will not provide any help to get rid of these files from your computer. Please contact the manufacturer/vendor of your AV scanner to provide such help.


Secondly....What changes did the Eicar make to the Avast.ini file?  Eicar should not have made any.

Thirdly, after removing the Eicar file, re-run the Avast Email Wizard to make sure that the settings have not been changed by the Eicar file.

As for why the system freezes 3 out of 4 times, I would venture that since the Eicar attempts to attack the .com files (as a real virus would), your W98 system reacts violently to the attempted change even if it is not real.
This is what I meant when I said that some systems just don't like the Eicar test.
The Avast window will not appear because the system has not proceeded far enough for Avast to display it.

More than likely, if you fix the settings in Calypso, and remove the Eicar test file, your system should return to normal.

If not, we are here.

Good luck
 :D
« Last Edit: September 30, 2003, 12:22:13 AM by techie101 »

trigger

  • Guest
Re:Avast Home: System freeze on W98 with Calypso email reader
« Reply #2 on: September 30, 2003, 08:46:13 AM »
Hi,

I have been having problems with calypso and zonealarm. specifically the zonealarm plus and higher options to isolate suspicious attachments by renaming them. zonealarm changes the extention to zl9 and keeps track of this itself. calypso freaks out when something is changed to the mail stream while it is downloading it. some way it expects the original attachment name, but gets the modified one. I can imagine that avast changes the things calypso gets. either by removing the virus, or deleting the attachment or whatever. calypso can not handle this. nor will it, because development has stopped. For that reason I changed my email client.

Peter

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11863
    • AVAST Software
Re:Avast Home: System freeze on W98 with Calypso email reader
« Reply #3 on: September 30, 2003, 09:55:46 AM »
Considering the Eicar test file - it is NOT a virus. It is a completely innocent file that antivirus programs consider to be a virus (that's how it was meant to) - but it is not.
So, it certainly does not spread, attack any other files, modifies avast settings or anything like that.
The only thing Eicar does when you start it is displaying the test string on the screen.

The warning noted above means that sometimes, inexperienced users may have problems deleting the file - the antivirus protection considers the file to be a virus and does not permit the user to access the file - maybe not even delete it. Some antiviruses may even freeze the system, such as if it was a real virus. So, it may be necessary to disable the resident protection temporarily (or something like that). But that's all the warning is about. You really don't have to worry about any damages caused by the "virus" behavior.

And, if you are experiencing such virus-like problems, they are not caused by eicar.

jmdelatre

  • Guest
Re:Avast Home: System freeze on W98 with Calypso email reader
« Reply #4 on: September 30, 2003, 10:06:32 AM »
Hi Techie ;-),

First of all thanks for this prompt reply.

>Now...the Eicar test file can cause  weird problems in systems using W98, >and it is not easy to remove completely from some hard-drives.  I would
>remove the file as instructed on the www.eicar.com web site.

What do you mean exactly? What weird problems? Why specifically on W98?
Really don't understand...
Indeed, if you have a look at what is actually eicar.com, you'll see it is perfectly inoffensive, and this is deliberate as a test file.
Here its the exact and exhaustive contents:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
And here is a quote from eicar.com about this file:
" It is safe to pass around, because it is not a virus, and does not include any fragments of viral code. Most products react to it as if it were a virus (though they typically report it with an obvious name, such as "EICAR-AV-Test").
The file is a legitimate DOS program, and produces sensible results when run (it prints the message "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!").
It is also short and simple - in fact, it consists entirely of printable ASCII characters, so that it can easily be created with a regular text editor. Any anti-virus product that supports the  test file should detect it in any file providing that the file starts with the following 68 characters, and is exactly 68 bytes long"

About the quote of www.eicar.com, it is therefore just legal stuff FMPOV.

>Secondly....What changes did the Eicar make to the Avast.ini file?  Eicar
>should not have made any.

It did no change at all, I just said I had to change avast4.ini to give the names of my pop and smtp servers, to have my email client working with avast, and as documented in avast help file. Nothing more.

>As for why the system freezes 3 out of 4 times, I would venture that since
>the Eicar attempts to attack the .com files (as a real virus would), your W98
>system reacts violently to the attempted change even if it is not real.

No, sorry, but I used eicar.com for a while now, and I can confirm it is really safe and inoffensive, this is the aim of such a test file!

So my problem remains complete and not solved...!
If you or anybody else have any other idea or experience, I would greatly appreciate!

Thanks again

Jean-Marc

jmdelatre

  • Guest
Re:Avast Home: System freeze on W98 with Calypso email reader
« Reply #5 on: September 30, 2003, 10:18:55 AM »
Igor,

Thanks for your clarification, it confirms my latest post which was done concurrently with yours by the way...

Anyway, if we left apart the specific case of eicar.com, do you have any idea or suggestion to solve my problem?
Indeed, I'm afraid that behavior could happen anytime with any virus if somebody in my sister's familiy incorrectly choose "continue" on the avast warning window upon reception!
So I'd really like to solve this issue, and this while continuing to keep avast as her AV (BTW I replaced Panda by avast on her PC, as I think it is better, but I'm wondering if I would have rather to restore Panda if that problem cannot be solved!)

And Igor, what do you think about Trigger experience?
BTW Trigger, it is true that Calypso development was stopped years ago, but it was bought recently by Rose City Softw. and re-branded "Courier", and new devs are going ahead (with a 3.5 version already available for a small fee)
About this, while my sister has the free Calypso 3.3 installed, I have the non-free Courier (which must be seen as Calypso v3.5) _on_WXP_, and I don't experiment what Trigger describes ...so I really wonder if that could be the cause... Igor what do you think?

Thanks in advance for your help

Jean-Marc

trigger

  • Guest
Re:Avast Home: System freeze on W98 with Calypso email reader
« Reply #6 on: September 30, 2003, 11:12:21 AM »
Did not know about the courier thing. Thats great, calypso allways has been a favorite. because of the problems i had with it i switched. my problems were with the 3.3 version. the upgrade is cheap indeed! but this is off-topic.

as for the freezing problem, the guys at zonelabs could reproduce the problem I had, so I am sure the calypso-ZA problem is real. I don't know if the same kind of problem is between calypso-avast however.

Peter

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11863
    • AVAST Software
Re:Avast Home: System freeze on W98 with Calypso email reader
« Reply #7 on: September 30, 2003, 11:57:47 AM »
As for the problem - I understand it's Windows 98, right?
What are the settings of the Standard Shield (I guess that's the provider that catches the virus at this stage)?
I know it sounds strange, but do you have any sounds enabled (to announce the virus)? If yes, could you try to disable them and try to open the Eicar attachment again?

jmdelatre

  • Guest
Re:Avast Home: System freeze on W98 with Calypso email reader
« Reply #8 on: September 30, 2003, 12:29:48 PM »
Hi again Igor,

>I understand it's Windows 98, right?

Correct

>What are the settings of the Standard Shield (I guess that's the provider that catches the virus at this stage)?

Correct, the settings are the default ones

>I know it sounds strange, but do you have any sounds enabled (to announce the virus)? If yes, could you try to disable them and try to open the Eicar attachment again?

yep, shoudl be enabled, as it is by default IIRC, OK I'll try to disable this and I'll let you know (will take some time as I'm now several hundred kilometers away from that PC ;-)

I'll keep you updated, thanks for your help Igor