Author Topic: scanning of attachments  (Read 7565 times)

0 Members and 1 Guest are viewing this topic.

bill

  • Guest
scanning of attachments
« on: February 20, 2004, 04:50:10 PM »
I received an email infected with Netsky and home edition failed to detect it when downloading the message.  I didn't open the infected attachment but am I correct that Avast would catch it upon opening the attachment?  The one I received was a .zip file.

Offline vojtech

  • Avast team
  • Advanced Poster
  • *
  • Posts: 939
    • ALWIL Software
Re:scanning of attachments
« Reply #1 on: February 20, 2004, 06:27:50 PM »
Which mail program do you use ? Is it configured for avast mail scanner ? You can use the Mail Protection Wizard for configuring some (not all) mail programs or configure manually according to the help.

Mail scanner should catch a virus when downloading a mail before the mail program receives it.
Standard shield should catch it when starting the file, if you use 'Normal' setting. If you use 'High' or 'Custom', it can be caught also when opening the zip or unpacking the zip, according to exact setting.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re:scanning of attachments
« Reply #2 on: February 20, 2004, 06:45:30 PM »
Bill, we need to know a little bit more to help you...
Well-configurated, avast! does the job!  ;D
The best things in life are free.

bill

  • Guest
Re:scanning of attachments
« Reply #3 on: February 20, 2004, 07:06:34 PM »
My primary concern is that Avast will detect at some point before infection, such as upon opening the attachment.  I was afraid to go that far to test it.

I use Outlook Express.  Avast is scanning my email and is set to high.  It even put the "message is clean" at the bottom.  I saved the attachment and scanned by right-clicking on it and selecting scan.  It showed that it scanned 3 files in the zip file and still did not detect anything.  I then scanned the zip with Mcafee FreeScan and the infection was detected.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9401
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:scanning of attachments
« Reply #4 on: February 20, 2004, 07:08:29 PM »
Easiest way is to self-mail an EICAR test file within ZIP archive or to use clean/infected tags.
Visit my webpage Angry Sheep Blog

snevouk

  • Guest
Re:scanning of attachments
« Reply #5 on: February 20, 2004, 07:16:27 PM »
I also received a virus attachment in a .zip file yesterday which Avast mail scanner did not pick up during the download.

Being suspicious of it I did a manual scan of the attachment and it then detected the virus.  I too would have expected it to be automatically detected during the download process.

Running Avast4 Home
All providers running and set at "HIGH"
All mail accounts being routed to Avast scanner (checked that server set to 127.0.0.1)
Using Win98 with OE6

Also have Kerio firewall running if that is a factor.

Cannot remember the name of the virus, because I deleted it.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9401
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:scanning of attachments
« Reply #6 on: February 20, 2004, 08:16:00 PM »
Try to re-install it. My email scanner detected EICAR test file (inside ZIP archive) when i tried to submit it to Avast! tech support. I think its something wrong with your config of Avast!,because it should be detected.
« Last Edit: February 20, 2004, 08:16:35 PM by RejZoR »
Visit my webpage Angry Sheep Blog

bill

  • Guest
Re:scanning of attachments
« Reply #7 on: February 20, 2004, 08:22:03 PM »
I tried sending myself a zipped EICAR test file and Avast detected at all levels....when I created the file, when I zipped the file, when I sent the file, when I downloaded the file, and when I saved the zip file and scanned it.

I've checked to be sure I have the latest vps and program files.

My thought is that Avast would detect if I attempted to run the file contained in the zip file but don't want to test that theory for fear of infection.

All scan levels are set at high.
« Last Edit: February 20, 2004, 08:23:08 PM by bill »

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9401
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:scanning of attachments
« Reply #8 on: February 20, 2004, 08:29:35 PM »
Well it would probably detect it when you extract that file from archive. Whenever you extract using integrated WinXP support,WinZIP,WinRAR or any other compression utility,those extracted files have to go on the disk outside archive and than they are cought by Standard Shield. If you execute it directly from archive,it has to extract it first (usualy in %TEMP%) in order to run,and again they're cought by Standard Shield which stops the virus activity and gives you more choices on what to do with the virus.
Visit my webpage Angry Sheep Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re:scanning of attachments
« Reply #9 on: February 20, 2004, 09:19:33 PM »
I use Outlook Express.  Avast is scanning my email and is set to high.  It even put the "message is clean" at the bottom.  I saved the attachment and scanned by right-clicking on it and selecting scan.  It showed that it scanned 3 files in the zip file and still did not detect anything.  I then scanned the zip with Mcafee FreeScan and the infection was detected.

Bill, please, could you sent the .zip file to Alwil Software for tests? (support@asw.cz) or (support@avast.com).
If you are not sure and the avast! could be not able to 'scan' the file, it'll be safer to send the file for further analysis, I suppose  ;)
The best things in life are free.

bill

  • Guest
Re:scanning of attachments
« Reply #10 on: February 20, 2004, 09:45:42 PM »
I've already deleted the file...pretty stupid, huh?  If I get another one, I'll send it.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9401
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:scanning of attachments
« Reply #11 on: February 20, 2004, 09:53:11 PM »
I have Netsky-B worm quarantined in Chest. I can send it if you need one ;) (in encrypted archive ofcourse ;) )
Visit my webpage Angry Sheep Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re:scanning of attachments
« Reply #12 on: February 21, 2004, 03:13:05 AM »
I've already deleted the file...pretty stupid, huh?  If I get another one, I'll send it.

Not all the times 'deleting' an infected file is a stupid thing...
Never mind Bill, the file could be could for testing...
Anyway, wellcome to forums  ;)
The best things in life are free.