Author Topic: eicar over ssl  (Read 15505 times)

0 Members and 1 Guest are viewing this topic.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44958
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: eicar over ssl
« Reply #30 on: September 22, 2015, 11:13:48 PM »
The "https://secure.eicar.org/eicar.com" is on a blacklist and immediately blocked by the web shield even the file can not be analyzed right there.
It is a test file designed to test your AV and see if it blocks it. It is not a virus. There is nothing to analyze.
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v20H2 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline gj_sp

  • Newbie
  • *
  • Posts: 18
Re: eicar over ssl
« Reply #31 on: September 22, 2015, 11:26:10 PM »
There is a huge difference between blocking an URL or downloading the file, analyzing it, and recognizing that this is the test file what is supposed to be marked as an infected one and handle it that way, while the user is also warned about it.

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 44958
  • 61 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: eicar over ssl
« Reply #32 on: September 22, 2015, 11:30:22 PM »
There is a huge difference between blocking an URL or downloading the file, analyzing it, and recognizing that this is the test file what is supposed to be marked as an infected one and handle it that way, while the user is also warned about it.
This certainly isn't blocking the URL:
Free avast! Security Seminar: http://bit.ly/2N1eaR2  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 10 Pro v20H2 64bit, 24 Gig Ram, 1TB SSD, AvastOmni 20.7.xxx, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq

Offline gj_sp

  • Newbie
  • *
  • Posts: 18
Re: eicar over ssl
« Reply #33 on: September 22, 2015, 11:32:40 PM »
Thank you, but on MY system, only the web shield blocked it.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84612
  • No support PMs thanks
Re: eicar over ssl
« Reply #34 on: September 22, 2015, 11:49:29 PM »
The "https://secure.eicar.org/eicar.com" is on a blacklist and immediately blocked by the web shield even the file can not be analyzed right there.

The site isn't blocked or on a black list, clicking on the link you gave is essentially downloading the file. The web shield is scanning the file as it is downloaded to your system and alerts on it as it should and aborts the connection.

If you went to the eicar.org site first  and it was on a blacklist or blocked then you wouldn't even get there to manually download the file.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.1.2449 (build 21.1.5968.561) UI-1.0.597/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline gj_sp

  • Newbie
  • *
  • Posts: 18
Re: eicar over ssl
« Reply #35 on: September 23, 2015, 01:24:35 AM »
Today afternoon the http://www.eicar.org/85-0-Download.html address was available, but clicking on the https://secure.eicar.org/eicar.com was blocked immediately by the web shield. Now, I had to uninstall Avast, but gave it a try on another system where the business suite is installed, and the result is the same:
The test file can not be downloaded for analysis because it's blocked. (I restarted the system after update.)

I can still double click on the previously downloaded file and nothing will happen.

I know it should be in the business product section, but the problem is the same, please move it if neccessary.

Offline Matthew_Wai

  • Full Member
  • ***
  • Posts: 174
  • Chinese is my native language.
Re: eicar over ssl
« Reply #36 on: September 23, 2015, 11:57:30 AM »
Exactly the same is happening at my end, gj_sp.

If I turn on 'Block malware URLs' in 'Web Shield', the following screenshot will pop up and the website will be blocked, i.e. the URL has been blacklisted.
If I turn off 'Block malware URLs' in 'Web Shield', Avast will do nothing to stop it, i.e. 'eicar.com' can be successfully downloaded, saved and run.

My worry is that, if a real virus is on a site whose URL has not been blacklisted, will Avast allow downloading it when 'Block malware URLs' has been turned off?

By the way, gj_sp, can you change your user interface language to English, so that we can understand your screenshots? I have changed mine from Chinese into English.
« Last Edit: September 23, 2015, 12:23:17 PM by Matthew_Wai »

Offline gj_sp

  • Newbie
  • *
  • Posts: 18
Re: eicar over ssl
« Reply #37 on: September 23, 2015, 01:09:58 PM »
Yes, it's my concern too. Of course I can change it, but I hope the important part of the screenshot is understandable.

Offline Matthew_Wai

  • Full Member
  • ***
  • Posts: 174
  • Chinese is my native language.
Re: eicar over ssl
« Reply #38 on: September 23, 2015, 01:13:15 PM »
I don't understand your second screenshot.

Offline gj_sp

  • Newbie
  • *
  • Posts: 18
Re: eicar over ssl
« Reply #39 on: September 23, 2015, 01:31:34 PM »
Oh, sorry, I double clicked on eicar.com, and Windows asked me whether I want to run it or not. Just wanted to show that Avast did nothing.

Offline Matthew_Wai

  • Full Member
  • ***
  • Posts: 174
  • Chinese is my native language.
Re: eicar over ssl
« Reply #40 on: September 23, 2015, 01:47:00 PM »
I am worrying that Avast will still do nothing when it is a real virus.

Offline gj_sp

  • Newbie
  • *
  • Posts: 18
Re: eicar over ssl
« Reply #41 on: September 23, 2015, 02:05:06 PM »
Me too.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11786
    • AVAST Software
Re: eicar over ssl
« Reply #42 on: September 23, 2015, 04:16:40 PM »
What operating system do you have - 32bit or 64bit?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40627
  • Dragons by Sasha
    • Malware fixes
Re: eicar over ssl
« Reply #43 on: September 23, 2015, 04:26:36 PM »
The link posted goes direct to the eicar.com file so it will be blocked by webshield
The main Eicar page can be accessed but the minute you try to download any of the files you get blocked as is to be expected

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36933
Re: eicar over ssl
« Reply #44 on: September 23, 2015, 04:41:20 PM »
Eicar website   http://www.eicar.org/  (should not be blocked)

Eicar website with files info  http://www.eicar.org/85-0-Download.html  (should not be blocked)




Direct download links using the standard protocol http

eicar.com       http://www.eicar.org/download/eicar.com
eicar.com.txt  http://www.eicar.org/download/eicar.com.txt
eicar_com.zip  http://www.eicar.org/download/eicar_com.zip
eicarcom2.zip  http://www.eicar.org/download/eicarcom2.zip

Direct download links using the secure, SSL enabled protocol https

eicar.com        https://secure.eicar.org/eicar.com
eicar.com.txt  https://secure.eicar.org/eicar.com.txt
eicar_com.zip  https://secure.eicar.org/eicar_com.zip
eicarcom2.zip  https://secure.eicar.org/eicarcom2.zip




« Last Edit: September 23, 2015, 04:52:06 PM by Pondus »