*ANI exploit question

[hlecter]

AFAIK, Avast already protects against (some) of these malicious ani-files, which is good.

Just a question: If blocking *.ani in webshield, will Avast just look at the file extension or will it perform an actual file-inspection?

Thanks

[rayi7332]

hlecter,
The web shield will inspect the file contents as long as they are not in "excludes". Make sure you have "all files" selected in web shield custom setting. In exclusions make sure there aren't any graphics files, if so remove them. Also be sure in your resident shield custom settings to add graphics file extensions such as *.ico,*.ani,*.cur,*.jpg,*.gif, etc to be certain they are scanned. You may have noted avast! still doesn't detect many of these malicious files as of yet. I have submitted a handful of samples to ALWIL and am waiting for a virus base update. I'm sure it will be soon. Since Microshaft hasn't released a patch yet (shock) I recommend Googling "third party zero day patches". eEye Digital Research has one available, I'd get it. ZERT is currently testing theirs. I hope this helped.

[igor]

Blocking by WebShield only matches the [filename] mask - i.e. it doesn't inspect the real content anyhow.

[hlecter]

Blocking by WebShield only matches the [filename] mask - i.e. it doesn't inspect the real content anyhow.

Thanks Igor

[rayi7332]

Oh blocking, sorry I thought hlecter was talking about the web shield scanning. Blocking or filtering content is better performed by a firewall or IDS using signatures, and filter rules anyway. Also if *any* virus scanner goes by file mask/extension and not by inspection of at least part of the code, this would be a very weak implementation. Get patched immediately, keep your virus base updated, use a layered approach to security, and keep flossing.

[Lisandro]

Blocking by WebShield only matches the [filename] mask - i.e. it doesn't inspect the real content anyhow.

Igor, does it speed up the Internet browsing, I mean, if you exclude a file from scanning, will it load faster?