Author Topic: Pro effectiveness?  (Read 11479 times)

0 Members and 1 Guest are viewing this topic.

Offline Culpeper

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1187
Re:Pro effectiveness?
« Reply #15 on: January 18, 2004, 05:50:05 PM »
I don't understand why the script blocker didn't block the vbs file when he tried to open it as an email attachment.  Afterall, the vbs file was designed to write to the registry and create a file.  That should have at least threw up a warning from the script blocker if it is programmed to work with email attachments.
The wind in the wires made a tattletale sound
And a wave broke over the railing
And every man knew, as the Captain did, too,
T'was the witch of November come stealing.

Offline Waldo

  • Sr. Member
  • ****
  • Posts: 397
  • Avast does the ownage
Re:Pro effectiveness?
« Reply #16 on: January 18, 2004, 07:01:03 PM »

So how does one run meaningful tests for comparison?
Thanks

I can send you a few live virusses or trojans if you want ? even some rootkits...? ;)

Just pm your email-adres.

No, just kidding (although i can do it, if you persist) but can't you just use a different email adress (from yourself or friend) with EICAR attached in different ways and mail it to yourself ? Just to see AVAST mail provider do his work.

Send EICAR packed, unpacked, plain etc...This is the safest way, really. :)

Btw: Get rid of Norton > I consider it to be malware itself.

Waldo

« Last Edit: January 18, 2004, 07:02:53 PM by Waldo »
**Guns are for show, knifes for a pro**

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re:Pro effectiveness?
« Reply #17 on: January 18, 2004, 07:36:40 PM »
All emails were correctly handled by avast!

The emails contents were:
Note to the email/network administrator: This email
security test was requested by Technical and sent to <myemail>. It does not contain any harmful code, even though your anti-virus software may have trapped it. For more info about this test, please
visit www.gfi.com/emailsecuritytest

Some of them did not have the attach deleted but I cannot 'run' the attachments anyway... Did I do something wrong? or avast! did its job?  :-*
The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11796
    • AVAST Software
Re:Pro effectiveness?
« Reply #18 on: January 18, 2004, 07:37:52 PM »
The Script Blocker doesn't have anything to do with e-mail attachments. It's the protection for web browsers (and detects viruses only).

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re:Pro effectiveness?
« Reply #19 on: January 18, 2004, 07:50:58 PM »
The Script Blocker doesn't have anything to do with e-mail attachments. It's the protection for web browsers (and detects viruses only).

Igor, I know this... I just want to know if I did something wrong or if avast! did its job...
Can I send you that emails for you in order to see what are the attachments and if they are 'safe' ones?  ;)
The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11796
    • AVAST Software
Re:Pro effectiveness?
« Reply #20 on: January 18, 2004, 07:58:29 PM »
What I wrote should have been a reply to Culpeper's question :)

Offline Culpeper

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1187
Re:Pro effectiveness?
« Reply #21 on: January 18, 2004, 08:01:28 PM »
The Script Blocker doesn't have anything to do with e-mail attachments. It's the protection for web browsers (and detects viruses only).

Igor,

Thanks for the clarification.
The wind in the wires made a tattletale sound
And a wave broke over the railing
And every man knew, as the Captain did, too,
T'was the witch of November come stealing.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re:Pro effectiveness?
« Reply #22 on: January 18, 2004, 08:03:55 PM »
What I wrote should have been a reply to Culpeper's question :)

Oh, I see now  ;)
But, now, can you answer my questions?  ;D
The best things in life are free.

Offline Culpeper

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1187
Re:Pro effectiveness?
« Reply #23 on: January 18, 2004, 08:05:35 PM »
I revert back to my original post on the NAV and Avast comparison.  Norton may already know about this test and included the harmless files in their virus definition file.  That could be one explaination.  Also, the Avast email scanner did a good job of identifying suspicious email.  As igor confirmed, the script blocker works within the browser environment and is not associated with email attachments.
The wind in the wires made a tattletale sound
And a wave broke over the railing
And every man knew, as the Captain did, too,
T'was the witch of November come stealing.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11796
    • AVAST Software
Re:Pro effectiveness?
« Reply #24 on: January 18, 2004, 08:08:46 PM »
Some of them did not have the attach deleted but I cannot 'run' the attachments anyway... Did I do something wrong? or avast! did its job?

And what did you choose when avast! gave you the warning? "Continue"?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re:Pro effectiveness?
« Reply #25 on: January 18, 2004, 10:28:56 PM »
Some of them did not have the attach deleted but I cannot 'run' the attachments anyway... Did I do something wrong? or avast! did its job?

And what did you choose when avast! gave you the warning? "Continue"?

Igor, I have the Pro version. The automatic action is: "Move to chest" and so avast! did  ::) Is anything wrong?
The best things in life are free.

Offline Culpeper

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1187
Re:Pro effectiveness?
« Reply #26 on: January 18, 2004, 11:37:59 PM »
Okay, I ran the email tests using OE 5.5 with the latest security patches from Microsoft.  Avast email scanner did not detect the following tests.  Nevertheless, the messages that Avast did not detect were unable to do what they were intended to do except for the EICAR fragmented file test.  The others that Avast did not detect AND had attachments were blocked by Script Sentry when I tried to open them.  On each test that Avast gave a warning I selected the "delete" option.

o Fragmented Message test (detected but allowed to download single intact file)
o Attachment with no filename vulnerability test
o Long Filename vulnerability test
o Popup Object Exploit vulnerability test



I also ran the test using Mozilla Thunderbird 0.3.  Avast detected all the tests except for the following of which Thunderbird did not download from the server.


o Attachment with no filename vulnerability test
o Long Filename vulnerability test
o Popup Object Exploit vulnerability test


So the tests should be viewed as a combination of Avast email scanner results and the security levels incorporated within the emial client software itself.  In which case, none of the tests were allowed to complete their tasks except in the case of Outlook Express, in which case, the added layer of Script Sentry came in handy and prevented the last layer of "offense" from occuring.  
« Last Edit: January 19, 2004, 12:06:30 AM by Culpeper »
The wind in the wires made a tattletale sound
And a wave broke over the railing
And every man knew, as the Captain did, too,
T'was the witch of November come stealing.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11796
    • AVAST Software
Re:Pro effectiveness?
« Reply #27 on: January 19, 2004, 09:39:30 AM »
Quote
Igor, I have the Pro version. The automatic action is: "Move to chest" and so avast! did.
Hmm, I thought the automatic actions are only for real viruses, not for heuristic warnings...  ???

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67255
Re:Pro effectiveness?
« Reply #28 on: January 19, 2004, 12:30:05 PM »
Quote
Igor, I have the Pro version. The automatic action is: "Move to chest" and so avast! did.
Hmm, I thought the automatic actions are only for real viruses, not for heuristic warnings...  ???

Igor, you're right (as usual  :P). I was running a scan simultaneously with the e-mail test and the files into Chest were from the scanning (I posted the thread in other forum). The heuristic warnings are shown in the picture I've posted here before.  ;)
The best things in life are free.