Author Topic: eicar test-SSL protocol failure (Read 4909 times)

lbubb · « **on:** February 22, 2006, 01:40:08 PM »

I was putting Avast! through an eicar test, it passed all test but the SSL Protocol test for eicar.com.txt. It let me open & displayed the text with no warnings. Any insight would be helpful. Otherwise I like Avast alot & it's overall functionality is very goodwith low impact on the system, just curious as to why it would miss this test, thanks in advance...

hlecter · « **Reply #1 on:** February 22, 2006, 02:47:25 PM »

AFAIK, the reason for this is that the Webshield which we are talking about here, only supprts HTTP and not HTTPS.

But otherwise the webshield rocks!

lbubb · « **Reply #2 on:** February 22, 2006, 03:24:07 PM »

is this to be fixed? and I mean soon?...it's not good to have an antivirus program miss one in a secure connection, at least IMHO...

hlecter · « **Reply #3 on:** February 22, 2006, 03:30:54 PM »

I can't answer for Avast!, but in my opinion the webshield as it is now is a very good feature. Not many AV's have such a feature at all.
HTH

Lisandro · « **Reply #4 on:** February 22, 2006, 03:33:45 PM »

lbubb, in fact, I think the problem is that SSL (Secure Socket Layer) is an encripted protocol that won't allow scanning.
Avast mail scanner doesn't support SSL (Secure Socket Layer) connections. But take a look here: http://forum.avast.com/index.php?topic=10428.0 to see how to set up secure email with avast!.

Since SSL/TLS e-mail is encrypted and decrypted in the client, external virus scanners (including avast!) can't read or scan it.
The solution is to pass e-mail in and out un-encrypted from your client (Outlook Express, Thunderbird, ...) to a proxy program (Stunnel) that does the actual ssl or tls encryption/decryption of the pop3/smtp e-mail and communicates directly with the ISP server on the appropriate ports. Another drivers (OpenSSL) are need as a library of encryption/decryption routines.

Stunnel now comes as an installer which installs Open SSL and Stunnel so now you just have to download the installer version from here http://www.stunnel.org/download/binaries.html

Besides this, eicar tests have their rules. I think this was discussed and posted in the past in this forum. Maybe it's not a problem of avast.

lbubb · « **Reply #5 on:** February 22, 2006, 03:37:37 PM »

good point, I'll give it a review. Overall I find Avast a solid antivirus, overall I don't think this situation would show itself often...

hlecter · « **Reply #6 on:** February 22, 2006, 03:40:58 PM »

Tech, out of curiousity:

You are talking about e-mail scanning in your reply.

Does the answer also apply to the webshield?

HL

Lisandro · « **Reply #7 on:** February 22, 2006, 03:49:59 PM »

hlecter, I was talking about e-mail (Internet Mail Provider) because I thought the SSL protocol was refering to that.

The HTTPS protocol will behave the same as you've posted, I mean, WebShield Provider can't scan the encripted https protocol. The contents of protected browsing (bank browsing and operation, etc.) will be scanned by the Standard Shield when the files are saved into the computer, but can't be scanned before (like WebShield does with other http non-encripted communication).

Hope it helps.

Author Topic: eicar test-SSL protocol failure (Read 4909 times)

lbubb

eicar test-SSL protocol failure

hlecter

Re: eicar test-SSL protocol failure

lbubb

Re: eicar test-SSL protocol failure

hlecter

Re: eicar test-SSL protocol failure

Lisandro

Re: eicar test-SSL protocol failure

lbubb

Re: eicar test-SSL protocol failure

hlecter

Re: eicar test-SSL protocol failure

Lisandro

Re: eicar test-SSL protocol failure