Author Topic: avast!4.x bug ? still can download eicar.com with the browser refresh (Read 4371 times)

pangeran · « **on:** December 06, 2006, 11:25:59 AM »

i'm using avast home (4.7.892) free edition. After I installed, i tested it with download file "fake virus tester" from eicar.org, eicar.com (http://www.eicar.org/download/eicar.com), and as expected, it worked, avast can detected it (pop up "avast! Warning") and telling me that eicar.com is virus and given me an option to abort the connection. I clicked "Abort Connection", i stopped On-Access Protection and tried again... firefox save window appeared, indicated that the On-Access Protection is stopped 100%. Well... I didn't download file eicar.com yet because i aborted and close that save window.
After that, i started On-Access Protection again, and refresh a link address (http://www.eicar.org/download/eicar.com)... strangely, pop up "avast! Warning" doesn't pop up and i can still download that file!!!, it means, avast! doesn't detect eicar.com as a virus anymore.

Is that a bug ? I tested it with IE and still found a same problem.

Thank's

igor · « **Reply #1 on:** December 06, 2006, 11:29:50 AM »

In my opinion, the browser downloaded the file into its cache at the moment you stopped avast! On-Access Protection (doesn't matter that you closed the download dialog; most browsers today use some speculative download while the save dialog is still opened). So, the subsequent access to that link doesn't really go to network (i.e. Web Shield can't do anything about it), but simply loads the file from browser cache.

Lisandro · « **Reply #2 on:** December 06, 2006, 11:37:20 AM »

Quote from: pangeran on December 06, 2006, 11:25:59 AM

i stopped On-Access Protection...

Why?

pangeran · « **Reply #3 on:** December 08, 2006, 05:05:19 PM »

Quote from: Tech on December 06, 2006, 11:37:20 AM

Quote from: pangeran on December 06, 2006, 11:25:59 AM
i stopped On-Access Protection...
Why?

i stopped it for testing purpose, after my friends told me that he found this strange problem after (accidently) he turn off On-Access Protection and after turn it on again, he still can open virus file's he downloaded from internet with refresh firefox browser

Quote from: igor on December 06, 2006, 11:29:50 AM

In my opinion, the browser downloaded the file into its cache at the moment you stopped avast! On-Access Protection (doesn't matter that you closed the download dialog; most browsers today use some speculative download while the save dialog is still opened). So, the subsequent access to that link doesn't really go to network (i.e. Web Shield can't do anything about it), but simply loads the file from browser cache.

so you mean avast cannot detect that file with Standard Shield ? Because after i download it, i can execute that file and i still didn't received any virus notify from avast that this file is virus.

pangeran · « **Reply #4 on:** December 08, 2006, 05:14:30 PM »

btw i'm sorry about my posted before, ast posted i told that i found this problem with IE too, actually i found this problem only when i use firefox browser, i'm sorry

Lisandro · « **Reply #5 on:** December 08, 2006, 05:56:00 PM »

Quote from: pangeran on December 08, 2006, 05:05:19 PM

so you mean avast cannot detect that file with Standard Shield ? Because after i download it, i can execute that file and i still didn't received any virus notify from avast that this file is virus.

Which eicar version? I mean, eicar.txt or eicar.com or eicar.zip...
You cannot execute (run) the virus and get infected if the Standard Shield is on.
You can, IF your sensitivity level allows to save files to disk without scanning, download it, but not execute it.
WebShield does exactly this: scans the http traffic before it is saved to disk.

igor · « **Reply #6 on:** December 08, 2006, 06:23:26 PM »

Quote from: pangeran on December 08, 2006, 05:05:19 PM

so you mean avast cannot detect that file with Standard Shield ? Because after i download it, i can execute that file and i still didn't received any virus notify from avast that this file is virus.

Sure, Standard Shield should detect it, but you didn't supply much info about the Standard Shield settings in the original post, it was mostly related to the browser part.
So, how exactly are you starting the file? What sensitivity have you set for Standard Shield?

pangeran · « **Reply #7 on:** December 14, 2006, 10:49:06 AM »

Quote from: igor on December 08, 2006, 06:23:26 PM

Quote from: pangeran on December 08, 2006, 05:05:19 PM
so you mean avast cannot detect that file with Standard Shield ? Because after i download it, i can execute that file and i still didn't received any virus notify from avast that this file is virus.

Sure, Standard Shield should detect it, but you didn't supply much info about the Standard Shield settings in the original post, it was mostly related to the browser part.
So, how exactly are you starting the file? What sensitivity have you set for Standard Shield?

sorry long time to reply...
i looked it again and the setting sensitivity for standard shield is normal (default from avast installer) sir...

Author Topic: avast!4.x bug ? still can download eicar.com with the browser refresh (Read 4371 times)

pangeran

avast!4.x bug ? still can download eicar.com with the browser refresh

igor

Re: avast!4.x bug ? still can download eicar.com with the browser refresh

Lisandro

Re: avast!4.x bug ? still can download eicar.com with the browser refresh

pangeran

Re: avast!4.x bug ? still can download eicar.com with the browser refresh

pangeran

Re: avast!4.x bug ? still can download eicar.com with the browser refresh

Lisandro

Re: avast!4.x bug ? still can download eicar.com with the browser refresh

igor

Re: avast!4.x bug ? still can download eicar.com with the browser refresh

pangeran

Re: avast!4.x bug ? still can download eicar.com with the browser refresh