Hallo, I tested this few minutes ago, with different engines - and it works. Please note that not all macro-infections could be flawlessly repaired, but many of them can. I can't spread malware samples, but maybe this is your case. Could you zip the particular file (use password: virus), and send it to me? (cimbal :at: avast.com)?
thanks,
pc
Hallo,
i send you an sample via mail. It's an 7 year old Word macro virus (Shankar).
MacAvast was able to clean this macro virus in the past. This was the reason for us, to buy a license.
The Avast windows version can clean this file. If i guess, MacAvast should also can do.
I also tried a new installation. First i deleted all MacAvast related files from harddrive:
~/Library/Application Support/com.avast.MacAvast/
~/Library/Preferences/com.avast.MacAvast.plist
/Applications/avast!.app/
Reboot and reinstall. It's weird, always the same error/behavior.
Is there some verbose log output possible? Maybe this helps.
regards,
Juergen
Hallo,
what was the subject/sender of the mail? Can't locate it in my mail Inbox. Maybe try to send it pass-protected, to be able to pass through various mail filters along the path.
regards,
pc
Hallo,
I resend the virus sample. It's an zip file with password on (password=virus)
First mail was send on:
Message-ID: <49A56FAD.5030704@jvm.de>
Date: Wed, 25 Feb 2009 17:19:57 +0100
Subject: Virus Sample
second on:
Message-ID: <49AD1B4F.1020107@jvm.de>
Date: Tue, 03 Mar 2009 12:58:07 +0100
Subject: Virus Sample /2
Second mail was also send to my privat mail account and it came through. Hope this time you will receive the sample.
Regards
Juergen
Hallo Juergen,
thanks for details, your samples were burried in junk-folder. Yes, the "bug" is reproducible, MW97:Marker family is detected, but trying to clean the file returns "Not succesfully processed". Why?
Internally, there are two distinct repair levels - weak-failsafe (tries to remove the infection), and stronger-cruel (would remove all macros). By default, gui applies the first level, but here the 451/42060 is returned ("file was not repaired"), and the higher level isn't used in turn. Thanks for report, we'll add this "stronger repair" fix to the present alpha.
regards,
pc
PS: if you still wanna repair your particular file, you can do it manually:
- open terminal, and type: telnet -u `pwd`/Library/Application\ Support/com.avast.MacAvast/socket
- then, type: license path path_to_your_license_file
- then, type: repair 1 0 path_to_the_infected_doc