Author Topic: Standard Shield (on-access module) question!  (Read 11881 times)

0 Members and 1 Guest are viewing this topic.

Offline faffy

  • Jr. Member
  • **
  • Posts: 26
Standard Shield (on-access module) question!
« on: March 06, 2004, 01:14:16 PM »
I tried to enable zip scanning in the  Tasks -> Resident Protection -> Standard Shield -> Packers. I ticked ZIP in and downloaded the EICAR.ZIP file. No response from avast. I opened the zip file -> nothing. I unzipped the eicar.com to my desktop -> nada.  avast only reacted to the test virus when I wanted to execute the com file.  Is it supposed to behave like this? Then what's the point of the on-access scanner options?

Faffy

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9336
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Standard Shield (on-access module) question!
« Reply #1 on: March 06, 2004, 01:18:40 PM »
You need to set Standard Shield to High Sensitivity.
Visit my webpage Angry Sheep Blog

Offline faffy

  • Jr. Member
  • **
  • Posts: 26
Re:Standard Shield (on-access module) question!
« Reply #2 on: March 06, 2004, 01:30:42 PM »
You are partially right,. If I set the Shield to High Sensitivity, avast did not let me download the com file. However, it allowed me to download the zip file even if I set the Standard Shield to High and added the zip extension to be scanned or changed the resident TASK to scan packers.

Faffy

Offline Lars-Erik

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 394
    • Lars-Erik Østerud
Re:Standard Shield (on-access module) question!
« Reply #3 on: March 06, 2004, 05:34:58 PM »
I think you need to add some lines about scanning archives as well (it's not active as default in Home edition). There was a thread on this here just a few days ago.
www.osterud.name - ICQ: 7297605 - AIM/Yahoo/Facebook/Skype/Astra: LarsErikOsterud

Offline Culpeper

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1187
Re:Standard Shield (on-access module) question!
« Reply #4 on: March 06, 2004, 05:57:50 PM »
I tried to enable zip scanning in the  Tasks -> Resident Protection -> Standard Shield -> Packers. I ticked ZIP in and downloaded the EICAR.ZIP file. No response from avast. I opened the zip file -> nothing. I unzipped the eicar.com to my desktop -> nada.  avast only reacted to the test virus when I wanted to execute the com file.  Is it supposed to behave like this? Then what's the point of the on-access scanner options?

Faffy

I think it should have thrown up an alert when you scanned the zip file.  Did you also try right clicking on the zip file name in windows explorer and select scan file  (just to scan that one file)?
« Last Edit: March 06, 2004, 05:59:10 PM by Culpeper »
The wind in the wires made a tattletale sound
And a wave broke over the railing
And every man knew, as the Captain did, too,
T'was the witch of November come stealing.

Offline faffy

  • Jr. Member
  • **
  • Posts: 26
Re:Standard Shield (on-access module) question!
« Reply #5 on: March 07, 2004, 02:58:09 PM »
I think you need to add some lines about scanning archives as well (it's not active as default in Home edition). There was a thread on this here just a few days ago.
I read the thread you mentioned, that's the reason I started experimenting with the Standard Shield.

Offline faffy

  • Jr. Member
  • **
  • Posts: 26
Re:Standard Shield (on-access module) question!
« Reply #6 on: March 07, 2004, 02:59:51 PM »
I tried to enable zip scanning in the  Tasks -> Resident Protection -> Standard Shield -> Packers. I ticked ZIP in and downloaded the EICAR.ZIP file. No response from avast. I opened the zip file -> nothing. I unzipped the eicar.com to my desktop -> nada.  avast only reacted to the test virus when I wanted to execute the com file.  Is it supposed to behave like this? Then what's the point of the on-access scanner options?

Faffy

I think it should have thrown up an alert when you scanned the zip file.  Did you also try right clicking on the zip file name in windows explorer and select scan file  (just to scan that one file)?

Well it did not warn me at all opening a virus containing zip file.

Obviously, if I scan the file with the scanner it says that I have a virus otherwise the software would not be worth much, would it?

Offline Iso-G

  • Avast translator
  • Full Member
  • ***
  • Posts: 141
  • I'm a llama!
    • Grandpa's Notebook
Re:Standard Shield (on-access module) question!
« Reply #7 on: March 07, 2004, 04:04:11 PM »
Hello,

The following is my old evaluation data of avast! 4.1 carried out last year.
The original is in Japanese and it was already put on my web page last year.
"Memo of a Little Experiment", Nov. 28, 2003 ~Dec. 05, 2003

I don't know the exactly behavior of the today's latest avast!, but this data may be consulted for you.

Thanks,

Iso-G
Windows XP Home SP3 / avast! 6.0 Free Antivirus (Japanese) / Microsoft Security  Essentials(v2,Japanese) / COMODO Firewall 5.3 (D+(full),English) / Secunia Personal Software Inspector (v2,English) / Opera / Thunderbird 3 / Open Office 3

Offline Iso-G

  • Avast translator
  • Full Member
  • ***
  • Posts: 141
  • I'm a llama!
    • Grandpa's Notebook
Re:Standard Shield (on-access module) question!
« Reply #8 on: March 07, 2004, 04:10:52 PM »
Windows XP Home SP3 / avast! 6.0 Free Antivirus (Japanese) / Microsoft Security  Essentials(v2,Japanese) / COMODO Firewall 5.3 (D+(full),English) / Secunia Personal Software Inspector (v2,English) / Opera / Thunderbird 3 / Open Office 3

Offline Culpeper

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1187
Re:Standard Shield (on-access module) question!
« Reply #9 on: March 07, 2004, 04:55:08 PM »
I'm confused. You want Avast to know there is an infected embedded file within a zip file while it unzipps the zip file and before Avast scans the zip file?  I think Avast has the ability to scan within a zip file but I'm not sure it will prevent you from unzipping a zip file with an infected file.  I could be wrong.  I have been before and probably will in the future.  I normally scan individual zip files before opening them.
« Last Edit: March 07, 2004, 05:01:09 PM by Culpeper »
The wind in the wires made a tattletale sound
And a wave broke over the railing
And every man knew, as the Captain did, too,
T'was the witch of November come stealing.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9336
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Standard Shield (on-access module) question!
« Reply #10 on: March 07, 2004, 05:26:27 PM »
avast! extracts files into TEMP folder (these files are in encrypted form as in chest (quarantine)) and than scannes them. Anyways any virus is harmless even if its on your desktop. You just need to avoid running it (executable).
Visit my webpage Angry Sheep Blog

Offline faffy

  • Jr. Member
  • **
  • Posts: 26
Re:Standard Shield (on-access module) question!
« Reply #11 on: March 07, 2004, 05:32:24 PM »
I am sorry I always find the argument that a virus is harmless until it is executed very weak and defensive. I have a virus protection on my machine not to have viruses on it, whether they are executed or not.  If I download a zip file from the net, I want my antivirus program to check it by default. I think it is not too much to ask, is it?

Faffy

Offline Culpeper

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1187
Re:Standard Shield (on-access module) question!
« Reply #12 on: March 07, 2004, 05:46:41 PM »
I'm not disagreeing with you just saying I don't believe Avast will scan the inside of a zip file unless you ask it to.  I could be wrong and it might be a bug you discovered.
The wind in the wires made a tattletale sound
And a wave broke over the railing
And every man knew, as the Captain did, too,
T'was the witch of November come stealing.

Offline faffy

  • Jr. Member
  • **
  • Posts: 26
Re:Standard Shield (on-access module) question!
« Reply #13 on: March 07, 2004, 09:30:05 PM »
I'm not disagreeing with you just saying I don't believe Avast will scan the inside of a zip file unless you ask it to.  I could be wrong and it might be a bug you discovered.
The problem is that I asked it to scan inside zip files and yet it did not do that.

(Just a note: Bitdefender blocked the saving of all 4 eicar files by default.)

Faffy

Here is the link to the eicar files:http://www.eicar.org/anti_virus_test_file.htm

Offline Culpeper

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1187
Re:Standard Shield (on-access module) question!
« Reply #14 on: March 07, 2004, 09:48:42 PM »
I downloaded both eicar zip files.  I was able to save them to a folder and unzip them without detection.  However, Avast detected the infected files when I scanned the "*.zip" files manually.  My Standard Shield is set to normal.
« Last Edit: March 07, 2004, 09:52:57 PM by Culpeper »
The wind in the wires made a tattletale sound
And a wave broke over the railing
And every man knew, as the Captain did, too,
T'was the witch of November come stealing.