EICAR Test with Netscape Communicator

[Snagglegrain]

I use Netscape Communicator's email client, Messenger.

I am not having any luck with avast! v4.7 Home Edition flagging the eicar.com files as infected.

I have sent these ( http://www.aleph-tec.com/eicar/index.php ) half dozen or so files to myself several times, and avast! is not reacting to them, at least not reacting like it should.

Having read the other recent thread on this topic, I took special care to shut off MailWasherPro (which will blacklist suspected viruses) and I also turned off ZoneAlarm Pro's Mailsafe protection.

What happens is, I see that the incoming emails are being scanned by avast!, both from the brief blinking blue systray icon and the avast! scanning messages that stack up in the lower right of my desktop.

But the eicar emails do come through intact, complete with attachments, and there is no warning, no mention of infection.

Ironically, I have the Internet Mail resident provider set to insert a note into clean messages, and also to tag for infected messages. The eicar emails all have inserted notes saying they are clean.

Additionally, I then use explorer to navigate to the Netscape program folder and right click on the User folder (that contains all emails) and scan with avast!  No infections found. 

My program definitions are dated 5/13/2007.  I have had avast! installed for about a week.  It has flagged a couple of items (old SARC emails and a false positive decompression bomb), and I see that the Virus Chest has the requisite system files in it... but no eicar files.  The program appears to be working fine in all other aspects.

I would appreciate any suggestions.

Thank you.

[alanrf]

Here is the result of using that same site to send a message to myself.  Avast gave the warning about the message as it was being scanned by the Internet Mail provider. 

The avast Internet Mail provider does not know the difference between email clients - it just scans mail retrieval and sending activity.  As I posted in another thread, it is very difficult to get viruses delivered by most email services today because they scan the messages too.  Are you sure that your ISP has not already deleted the virus from the mail message before you attempt to receive it?

Hello Alan *******,
   this e-mail contains eicar.com test file.

   Your anti-virus software should detect it.

Regards,

EICAR e-mail anti-virus test tool
(c) 2002-2005 Oleg Titov
http://www.aleph-tec.com/eicar/





---
avast! Antivirus: Inbound message INFECTED:
\eicar.com#713577410 (EICAR Test-NOT virus!!) was (BEWARE!!!) left intact in the message.

Virus Database (VPS): 000740-0, 05/13/2007
Tested on: 5/14/2007 4:46:20 PM
avast! - copyright (c) 1988-2007 ALWIL Software.
http://www.avast.com

[DavidR]

Same here no problem, mailwasher did flag it but I unchecked it and avast's Internet Mail scanner detected it and alerted.

No anti-virus scanner on my email server.

[Snagglegrain]

Thanks to you both for your replies.

I learned just now that my ISP is in fact filtering my incoming email, contrary to what I thought.  It's a long story, but they previously were using Postini, then they went to a beta service which left a lot to be desired.  It was so weak that I disabled the whole product (or so I thought) and purchased MailwasherPro.

Because of your insistence that my ISP must be filtering the incoming, I just called tech support and they confirmed that they are indeed.

I should have realized that.

I logged into what I thought was their defunct service and there were the eicar emails, all being held in the junkmail folder.

All is well, and thanks again for the assistance.

[DavidR]

Your welcome.

[Snagglegrain]

The avast Internet Mail provider does not know the difference between email clients - it just scans mail retrieval and sending activity.

Are there any email clients that avast! does not work with?

[alanrf]

It works with every email client in existence that uses standard POP & SMTP.  One of the few universal standards (apart from http and port 80) in the Internet world is the even older POP & SMTP standards using port 110 and port 25 respectively.  The POP & SMTP standards were created when dirt was new and practically cast in the primeval ooze and they have hardly changed since. 

This is how the clever folks at avast (and their brothers & sisters in craft elsewhere) manage to scan our old-fashioned POP & SMTP email that most of the non-business world still clings to with such fervor.

However, the world is slowly changing.  Most business email users now use some more or less proprietary form of IMAP.  (In the business world this is largely carved up between Lotus Notes and the now more prevalent Microsoft Exchange/Outlook).  As free storage becomes more and more available then POP becomes more cumbersome and difficult.  People like GMail have bastardized the POP protocol to try to make it less burdensome for them but the writing is on the wall for POP - but it will take a very long time a-dying.

More and more domestic users will probably opt for solutions like the new Windows Live Mail Desktop and the free Hotmail IMAP accounts it offers.  AOL also offers free IMAP accounts too.  These are the accounts where  deletions and moves between folders are reflected between server and client and changes you make on the Web are automatically made on your desktop client the next time you connect.

How does this affect the antivirus efforts - hardly at all, IMAP is no more resistent to viruses than POP, so the work of the avast folks in protecting email will not go away soon.         

[Snagglegrain]

so the work of the avast folks in protecting email will not go away soon

A very informative and interesting post.