Author Topic: repair, delete, verification  (Read 3772 times)

0 Members and 1 Guest are viewing this topic.

mbush

  • Guest
repair, delete, verification
« on: August 13, 2005, 03:06:31 AM »
Avast 4.6 Home Edition
Windows XP Pro Service Pack 2
Intel Pentium II
334 MHz 384 MB of RAM


During s scan the program interrupts itself to display a window to indicate an infection and makes recommendation to repair, delete, etc. which gives the impression that something favorable will happen.  However, see reports attached, Avast continues on as if something has been done until it has processed all records and then give a results log with the option to highlight and select an action and all along the way you think something has been done.  Not so, if the program is searching .pst files I've gotten can not scan due to password protection, 42060, file is not packed, and MS Word doc's that have MW97:Marker Family Malware that can't be repaired or even deleted.  Unfortunately, there is no verification as to results and Avast takes foreever scanning.  Ive tried scanning and repairing the .pst files, closing down all programs other than Avast while it runs, scanning prior to boot, and nothing seems to work.  Also, I'd like to terminate the option for displaying a window every time an infection is encountered but I can't determine which option that might be because of the way it is worded.  I would appreciate some help with these issues.  Thanks!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: repair, delete, verification
« Reply #1 on: August 13, 2005, 03:31:52 AM »
Avast continues on as if something has been done until it has processed all records and then give a results log with the option to highlight and select an action and all along the way you think something has been done.
Home version has limited automatic actions. If a virus is found, you're warned and the scan is interrupted. You must choose an action to scan to continue.

I'd like to terminate the option for displaying a window every time an infection is encountered but I can't determine which option that might be because of the way it is worded.
As I said, only in Professional version (see picture here: http://forum.avast.com/index.php?topic=13315.msg112285#msg112285).

In Home version you can only use Silent Mode:
Left click the 'a' blue icon.
It will start On-access protection

Click on Internet Mail and then on Customize.
Go to Advanced tab and select Silent Mode and the default answer No. This will send the file (email) to Chest.

Do the same for the and Outlook/Exchange plugin.
The answer Yes in Silent Mode keeps the virus in the file or into the message (attach) and continue the scanning. You can't configure 'delete the infected file' in the Home version.

You can do the same for Standard Shield provider, but it won't be a good idea...
Silent mode in the case of the WebShield provider simply means that avast will keep pressing the "Abort connection" button for hte user automatically.
The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11813
    • AVAST Software
Re: repair, delete, verification
« Reply #2 on: August 13, 2005, 02:50:25 PM »
Well, the reason why the files cannot be repaired is actually quite simple - you are trying to perform actions on files inside of an archive.
The actions are archives are somehow limited; some archives (e.g. ZIP) allow even recompression (i.e. repairing files inside), some archives (e.g. ARJ) allow only deletion of the compressed files, and some archives can only be scanned - no action can be performed on their content. That's the case of .PST files - avast! is able to scan their content, but it cannot do any actions if a virus is found.
Also, when scanning an archive, the actions are performed after the scanning of the whole archive was finished; that's by design.

However, the error you are getting is certainly wrong ("File is not packed"); the correct message would be "The action is not supported for this kind of archive". I'll check the reason...


Also, I'd like to terminate the option for displaying a window every time an infection is encountered but I can't determine which option that might be because of the way it is worded.

For Simple User Interface, you can check the option "Don't show this window again" as soon as the first virus warning appears, and click on "No action" button. This way, nothing will be done and you will be presented the results at the end (and you can perform actions from there).


mbush

  • Guest
Re: repair, delete, verification
« Reply #3 on: August 14, 2005, 06:01:16 AM »
All of the records in the first Avast Report are apparently compressed in one way or another (i.e. zip, .pst, etc.),  but not all records are in an archive folder that may or may not be password protected.   

For example, the 1st group of records at the beginning of the report are a result of running SpyBoot and are compressed in a zip file which may be password protected (only Spybot can access)--error 42056. 

The 2nd grouping of records are in an MS Outlook .pst file that is compressed, in an archive folder, and all are infected with MW97:Marker Family viruses.  The 3rd grouping of records was generated as a result of Avast trying to repair the previous grouping of MS Outlook .pst files and the error should read "Avast can not change anything in a compressed file, especially a MS Outlook .pst file".

The 4th grouping of records was generated via VueScan and they are Archive  and password protected. again giving the 42056 error code.

The 5th grouping of records is a different Outlook .pst file that is in an archive folder that is also infected with MW97: Marker Family viruses.  And again the grouping of records that follows is a result of Avast trying to repair the previous grouping of MS Outlook .pst files.     

 The 7th grouping of 4 records are from a totally different Outlook .pst file BUT UNLIKE THE previous .pst files, they are not a part of an archive folder, but generate the same code error as those in an archive folder.

In summation, correct me if I'm wrong, Avast Home can examine a compressed file (pst, zip, etc.) to read content and determine if individual records or files are infected but can not do anything about repairing or deleting a virus attached to or contained within a record (doc, txt, etc), these files will remain infected and should be placed in the Avast Chest!  Furthermore, Avast Pro has additional automation features over and above what the Home version has, however, it also is not able to repair (remove the infection) or delete the infected virus and record, perhaps it can at best move the file to the Avast Chest where it will remain inactive.  This means that an infected file can not be opened or used again unless a future version of Avast is given the capable of changing and/or deleting records that are in compressed files(i.e. Microsoft .pst, zip, etc. files)?

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11813
    • AVAST Software
Re: repair, delete, verification
« Reply #4 on: August 14, 2005, 12:33:05 PM »
For example, the 1st group of records at the beginning of the report are a result of running SpyBoot and are compressed in a zip file which may be password protected (only Spybot can access)--error 42056.

Yes, Spybot files are known to be password protected.

The 2nd grouping of records are in an MS Outlook .pst file that is compressed, in an archive folder, and all are infected with MW97:Marker Family viruses.  The 3rd grouping of records was generated as a result of Avast trying to repair the previous grouping of MS Outlook .pst files and the error should read "Avast can not change anything in a compressed file, especially a MS Outlook .pst file".

Yes, as I said, the error message is wrong - I'll check the reason.

The 7th grouping of 4 records are from a totally different Outlook .pst file BUT UNLIKE THE previous .pst files, they are not a part of an archive folder, but generate the same code error as those in an archive folder.

There is nothing different about this group. The files are in a .pst archive (9-26-1999 to 8-24-2000.pst) - it doesn't matter whether it's "Archive Folder" directory or any other.

In summation, correct me if I'm wrong, Avast Home can examine a compressed file (pst, zip, etc.) to read content and determine if individual records or files are infected but can not do anything about repairing or deleting a virus attached to or contained within a record (doc, txt, etc)

No - as I said, it depends on archive type. If the infected file is inside of a ZIP archive (for example), all the actions are supported. For PST files, however, they are not. (Many archive formats or compression algorithms are closed, so it's hard to do anything about it).
Of course, password-protected archives are not supported, but they cannot be even scanned, so there's pointless to speak about actions there.

these files will remain infected and should be placed in the Avast Chest!

They cannot be placed to Chest when they cannot be deleted from the source archive (as the "Delete" action is not supported for the particular archive format).

Furthermore, Avast Pro has additional automation features over and above what the Home version has, however, it also is not able to repair (remove the infection) or delete the infected virus and record

The additional capabilites of avast! Pro are related to the possibility of automatic actions, etc. - but their performing is identical to those in avast! Home, i.e. the archive operations capabilities are exactly the same.

This means that an infected file can not be opened or used again unless a future version of Avast is given the capable of changing and/or deleting records that are in compressed files(i.e. Microsoft .pst, zip, etc. files)?

Well, normally, the virus shouldn't get into the PST file and be detected by an on-demand scan - it should be handled by the resident protection (Outlook plugin). The plugin can delete the infected messages, of course.


mbush

  • Guest
Re: repair, delete, verification
« Reply #5 on: August 14, 2005, 11:39:40 PM »
Thanks for responding IGOR, the reason I would like to recover some of the files that have the MW97 Marker Family virus relates to them being documents that are required by the IRS.  At the time these files were created I had McAfee virus protector until 2003 which failed to catch these infections, then Norton Virus Pro till 2005 and recently I decided to use Avast.     I can appreciate Avast having the capability to pro-actively keep MW97 Marker Family viruses from becoming a part of a newly created or saved email and/or document, however, that always assumes that Avast is a step ahead of the bad guys.  Unfortunately, there are going to be times when an email and/or document that has a new virus slips through and becomes a part of the .pst file before Avast is updated or capable of blocking it and there will be no way to repair or delete it with existing capabilities.  In essence, no matter how good we are there are going to be times when we have to play catch-up and will have to be concerned about repair or deletion for things unforseen.  Perhaps it would be prudent to add a routine to Avast that can respond to such a need having the capablity of repairing and/or deleting .pst entries that are infected and somehow have become a part of a .pst file? 

IGOR, I am not currently aware of any virus scanning software that can penetrate, change/repair, or delete information in an Outlook .pst file let alone even detect viruses, perhaps, you might know of software having such an ability that currently exists?  Also, if you faced a similar situation, how would you handle it?