avast webshield abort connection but still file virus downloaded

[hsobrevilla02]

good day!
after reading some news ( hXXp://securitylabs.websense.com/content/Blogs/2826.aspx ) I started to search google, and had found this AV-KILLER( hXXp://www.governmentsecurity.org/forum/index.php?app=core&module=attach&section=attach&attach_id=488 ). After clicking the attachment link, avast webshield immediately pop up and I clicked "abort connection". But after clicking abort connection, I was still able to download the file-AV KILLER FILE. It was a rar file (not password protected).After right clicking the file and selecting scan, avast! immediately detected 2 virus.
My question is this - why does after clicking abort connection in avast! webshield I was still able to download a virus file?
I thought that if you click abort, the connection will immediately be disconnected? (please correct me if I am wrong) and hence, no download is possible? (again, correct me if I am wrong).

thank you.

harold

[Lisandro]

Which is your browser?
Do you use a download manager?

[hsobrevilla02]

sorry for not mentioning..
yes, I am using IDM(internet download manager) trial version only.
I am using opera 10
My OS-Windows XP SP3
I hope I will not use any command-line scanner command for the download manager, as I believe that avast! webshield will filter my download connection(correct me if I am wrong)
thanks for the response.

harold

NOTE:
by the way, I tested this same file with another machine with another free av(advance heuristics set to high) and it immediately pop up right before IDM took over the download. After selecting delete, IDM failed to download the file.I didnot use any command-line scanner command for IDM.

[igor]

Was the file downloaded completely? Maybe only a partial file was downloaded (before the connection was interrupted) - but avast! is still able to process this damanged file, if you scan it manually.

[hsobrevilla02]

Was the file downloaded completely? Maybe only a partial file was downloaded (before the connection was interrupted) - but avast! is still able to process this damanged file, if you scan it manually.

sorry but the rar file was completely downloaded eventhough I click abort connection.
after downloading, I checked the rar file,and the files were still complete as per discussion in that AV KILLER forum ( hXXp://www.governmentsecurity.org/forum/index.php?showtopic=3483 )..but right clicking the file and selecting scan triggers avast! to detect 2 viruses

[Lisandro]

Download managers divide file into pieces and the "cut" can't be detected by WebShield.
So a part of it could be detected by WebShield and even stopping the connection, the way download managers manage the HTTP traffic could fail. The only way, when using download managers, is use a post-download scanner (like ashQuick.exe from avast).

[hsobrevilla02]

Download managers divide file into pieces and the "cut" can't be detected by WebShield.
So a part of it could be detected by WebShield and even stopping the connection, the way download managers manage the HTTP traffic could fail. The only way, when using download managers, is use a post-download scanner (like ashQuick.exe from avast).

is there any chance that avast! webshield would detect that virus BEFORE the IDM divide the file to pieces or better can avast! webshield detect the virus BEFORE IDM takes over the download?
how about the avast! standard shield?any chance of detecting first the virus before the file can be saved to local hard disk?

thanks.

harold

[Lisandro]

is there any chance that avast! webshield would detect that virus BEFORE the IDM divide the file to pieces or better can avast! webshield detect the virus BEFORE IDM takes over the download?

How? It's impossible. The file does not exist... it is on the web at that time.
You could use url checking of Dr. Web to check the file (it does not always work).

how about the avast! standard shield?any chance of detecting first the virus before the file can be saved to local hard disk?

Again, impossible. File must exist before it is scanned by Standard Shield.


But in both cases, avast will detect the infection before it could harm the computer.

[hsobrevilla02]

is there any chance that avast! webshield would detect that virus BEFORE the IDM divide the file to pieces or better can avast! webshield detect the virus BEFORE IDM takes over the download?

How? It's impossible. The file does not exist... it is on the web at that time.
You could use url checking of Dr. Web to check the file (it does not always work).

how about the avast! standard shield?any chance of detecting first the virus before the file can be saved to local hard disk?

Again, impossible. File must exist before it is scanned by Standard Shield.


But in both cases, avast will detect the infection before it could harm the computer.

sorry if you misunderstood my post.
what I mean is the clickable link..after I click it, can avast!webshield block it FIRST before IDM takes over the download?
or the only solution is to first download a file to your local harddisk and then scan it using right click menu?If this is the case, what is avast! webshield guarding or checking?only hacked websites?(please correct me if i am mistaken).
sorry for asking so many questions.
but thanks for helping me out.

harold

[Lisandro]

after I click it, can avast!webshield block it FIRST before IDM takes over the download?

No, it's not done by this way. The download manager take care of the request of the download. WebShield scans all traffic (http), independent of its origin/request.
The download manager should take care of the link.
WebShield can't be able to scan all links in a webpage... makes no sense as browsing will have a huge impact and you do not click in all links in a page.

or the only solution is to first download a file to your local harddisk and then scan it using right click menu?If this is the case, what is avast! webshield guarding or checking?only hacked websites?(please correct me if i am mistaken).

Harold, WebShield scans the contents of a page and will scan the download. IF you use a download manager, traffic is "cut" and WebShield can't manage as it is a single traffic. Each traffic continues to be scanned but the results aren't foreseen as the download manager is what takes care of the cut traffic. The scanning looks for strings of codes, and an infected string could be divided into two different parts. The only way to detect it will be when they're joined in your computer.

[hsobrevilla02]

okay tech.
thanks for the clarification.
 

harold

[Lisandro]

You're welcome. Feel free to come back any time you need help or just to change experiences