Author Topic: Eicar Test files and Avast  (Read 12076 times)

0 Members and 1 Guest are viewing this topic.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11822
    • AVAST Software
Re:Eicar Test files and Avast
« Reply #15 on: April 05, 2004, 09:37:55 AM »
I just checked and deleting to Trash bin works here... what exactly did you do?

The only fix done, considering the deleting of files, is the "delete after restart" option - now, it tries to delete the file in an "ordinary" way first, and only if it fails, it marks it to be deleted on restart (in build 357, the checkbox makes avast! mark the file to be deleted on restart in any case and not even try to delete it normally - which is not correct, of course).

LAB

  • Guest
Re:Eicar Test files and Avast
« Reply #16 on: April 06, 2004, 09:35:59 PM »
I clicked on the Eircar file link to start the download. As soon as I clicked on the link, Avast stated that the Eicar file was detected in C\windows\temp and gave me the option to delete to trash bin and I believe the second choice was delete permanently next restart. I chose the trash bin option, but noticed on the desktop that my trash bin was empty. I opened the trash bin and there were no files in it. My down load manager box was still open waiting for me to start the down load but I never did start it since Avast stated it was infected. I actually wanted to see when Avast would detect the test virus, before or after downloading. I did do a scan the windows temp file afterward and the file was deleted by Avast but just not to the trash bin.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re:Eicar Test files and Avast
« Reply #17 on: April 07, 2004, 05:57:42 AM »
I actually wanted to see when Avast would detect the test virus, before or after downloading.

It can only detects after the download, when saving the file to the HDD (if avast is configurated to do so: Standard Shield > created/modified files) or when you try to open the downloaded file (if avast is configurated to do so: Standard Shield > on open files).

I do not think it can detects 'before' downloading... Of course, Igor can correct me and said what happened to the 'deleted' file  ::)
The best things in life are free.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11822
    • AVAST Software
Re:Eicar Test files and Avast
« Reply #18 on: April 07, 2004, 09:32:57 AM »
Quote
Igor can correct me and said what happened to the 'deleted' file

Well, I am not aware of every deleted file in the world, so I can only guess  ;D

I don't know what was the "action" that the browser was supposed to do with the downloaded file, but I believe the scanerio was like that:
The Standard Shield level was set to High, i.e. it was scanning created/modified files (as Technical said). However, this scanning (virus warning) is not blocking - i.e. it doesn't stop access to the file. So, when you clicked the link, the file was downloaded to  the TEMP folder. avast! detected the infected file being written there and gave you the warning.
In between, the browser may have deleted the temporary file - so, when you told avast! to delete the file (to the trash bin), the file was already deleted by the browser. Therefore, avast! couldn't delete anything - so, the trash bin was empty.

I cannot guarantee that it really went like this... but in general, when we are talking about temporary files, we have to consider the possibility of the file being removed - that's what the temporary files/folders are for.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re:Eicar Test files and Avast
« Reply #19 on: April 07, 2004, 07:42:43 PM »
Quote
Igor can correct me and said what happened to the 'deleted' file

Well, I am not aware of every deleted file in the world, so I can only guess  ;D

I don't know what was the "action" that the browser was supposed to do with the downloaded file, but I believe the scanerio was like that:
The Standard Shield level was set to High, i.e. it was scanning created/modified files (as Technical said). However, this scanning (virus warning) is not blocking - i.e. it doesn't stop access to the file. So, when you clicked the link, the file was downloaded to  the TEMP folder. avast! detected the infected file being written there and gave you the warning.
In between, the browser may have deleted the temporary file - so, when you told avast! to delete the file (to the trash bin), the file was already deleted by the browser. Therefore, avast! couldn't delete anything - so, the trash bin was empty.

I cannot guarantee that it really went like this... but in general, when we are talking about temporary files, we have to consider the possibility of the file being removed - that's what the temporary files/folders are for.

Well explained Igor... makes sense. Thank you  ;)
The best things in life are free.