Author Topic: eicar test-SSL protocol failure  (Read 4429 times)

0 Members and 1 Guest are viewing this topic.

Offline lbubb

  • Jr. Member
  • **
  • Posts: 43
eicar test-SSL protocol failure
« on: February 22, 2006, 01:40:08 PM »
I was putting Avast! through an eicar test, it passed all test but the SSL Protocol test for eicar.com.txt. It let me open & displayed the text with no warnings. Any insight  would be helpful. Otherwise I like Avast alot & it's overall functionality is very goodwith low impact on the system, just curious as to why it would miss this test, thanks in advance...

Offline curious!

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 531
Re: eicar test-SSL protocol failure
« Reply #1 on: February 22, 2006, 02:47:25 PM »
AFAIK, the reason for this is that the Webshield which we are talking about here, only supprts HTTP and not HTTPS.

But otherwise the webshield rocks!
 :)

Offline lbubb

  • Jr. Member
  • **
  • Posts: 43
Re: eicar test-SSL protocol failure
« Reply #2 on: February 22, 2006, 03:24:07 PM »
is this to be fixed? and I mean soon?...it's not good to have an antivirus program miss one in a secure connection, at least IMHO...

Offline curious!

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 531
Re: eicar test-SSL protocol failure
« Reply #3 on: February 22, 2006, 03:30:54 PM »
I can't answer for Avast!, but in my opinion the webshield as it is now is a very good feature. Not many AV's have such a feature at all.
HTH

 :)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: eicar test-SSL protocol failure
« Reply #4 on: February 22, 2006, 03:33:45 PM »
lbubb, in fact, I think the problem is that SSL (Secure Socket Layer) is an encripted protocol that won't allow scanning.
Avast mail scanner doesn't support SSL (Secure Socket Layer) connections. But take a look here: http://forum.avast.com/index.php?topic=10428.0 to see how to set up secure email with avast!.

Since SSL/TLS e-mail is encrypted and decrypted in the client, external virus scanners (including avast!) can't read or scan it.
The solution is to pass e-mail in and out un-encrypted from your client (Outlook Express, Thunderbird, ...) to a proxy program (Stunnel) that does the actual ssl or tls encryption/decryption of the pop3/smtp e-mail and communicates directly with the ISP server on the appropriate ports. Another drivers (OpenSSL) are need as a library of encryption/decryption routines.

Stunnel now comes as an installer which installs Open SSL and Stunnel so now you just have to download the installer version from here http://www.stunnel.org/download/binaries.html

Besides this, eicar tests have their rules. I think this was discussed and posted in the past in this forum. Maybe it's not a problem of avast.

The best things in life are free.

Offline lbubb

  • Jr. Member
  • **
  • Posts: 43
Re: eicar test-SSL protocol failure
« Reply #5 on: February 22, 2006, 03:37:37 PM »
good point, I'll give it a review. Overall I find Avast a solid antivirus, overall I don't think this situation would show itself often...

Offline curious!

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 531
Re: eicar test-SSL protocol failure
« Reply #6 on: February 22, 2006, 03:40:58 PM »
Tech, out of curiousity:

You are talking about e-mail scanning in your reply.

Does the answer also apply to the webshield?

HL

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
Re: eicar test-SSL protocol failure
« Reply #7 on: February 22, 2006, 03:49:59 PM »
hlecter, I was talking about e-mail (Internet Mail Provider) because I thought the SSL protocol was refering to that.

The HTTPS protocol will behave the same as you've posted, I mean, WebShield Provider can't scan the encripted https protocol. The contents of protected browsing (bank browsing and operation, etc.) will be scanned by the Standard Shield when the files are saved into the computer, but can't be scanned before (like WebShield does with other http non-encripted communication).

Hope it helps.
The best things in life are free.