Author Topic: Eicar test fails on Avast Free  (Read 11255 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86822
  • No support PMs thanks
Re: Eicar test fails on Avast Free
« Reply #15 on: September 21, 2010, 07:22:51 PM »
.com files because of their nature (basically exe files) should be scanned as part of the avast default file set.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.5.6015 (build 22.5.7263.730) UI 1.0.711/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: Eicar test fails on Avast Free
« Reply #16 on: September 21, 2010, 08:56:37 PM »
If it were a normal (Windows) executable it would get scanned on-exec not matter what the filename extension is.
The problem is caused by the fact that Eicar is not a Windows executable file.
If at first you don't succeed, then skydiving's not for you.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67236
Re: Eicar test fails on Avast Free
« Reply #17 on: September 22, 2010, 03:12:08 AM »
The problem is caused by the fact that Eicar is not a Windows executable file.
Why don't you develop a always-block-eicar-test system to let the users calm down and trust avast: ;D
I mean, a placebo-proof antivirus :)
The best things in life are free.

Guilap

  • Guest
Re: Eicar test fails on Avast Free
« Reply #18 on: September 22, 2010, 04:18:22 AM »
Unfortunately, the eicar test is the only one I know it's safe to try :-\ If I were to test with real infected files, I should do it in a controlled environment.

Besides that, Avira free passed this exact same test.

Quote from: http://www.eicar.org/anti_virus_test_file.htm
A third set of requests [for viruses] come from exactly the people you might think would be least likely to want viruses: "users of anti-virus software".

They want some way of checking that they have deployed their software correctly, or of deliberately generating a "virus incident in order to test their corporate procedures, or of showing others in the organisation what they would see if they were hit by a virus".

(...)

Using real viruses for testing in the real world is rather like setting fire to the dustbin in your office to see whether the smoke detector is working. Such a test will give meaningful results, but with unappealing, unacceptable risks.

Offline Vladimyr

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1639
  • Super(massive black hole) Poster
Re: Eicar test fails on Avast Free
« Reply #19 on: September 22, 2010, 06:31:11 AM »
Unfortunately, the eicar test is the only one I know it's safe to try :-\ If I were to test with real infected files, I should do it in a controlled environment.
Spycar will try to do real "damage' (and repair it with 'Tow Truck' if necesary).

Out of interest, I also have XP SP3 on 7 PCs and AIS/APro stops 'eicar.com' on each as indicated.
« Last Edit: September 22, 2010, 06:37:40 AM by Vladimyr »
There is a way that seems right to a man,
       but in the end it leads to death
.” - Proverbs 16:25

Offline NON

  • Japanese User
  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5137
  • Whatever will be, will be.
Re: Eicar test fails on Avast Free
« Reply #20 on: September 22, 2010, 07:35:44 AM »
Unfortunately, the eicar test is the only one I know it's safe to try :-\ If I were to test with real infected files, I should do it in a controlled environment.

How about "Hikaru" (a Joke software) ;D
http://www.virustotal.com/file-scan/report.html?id=3c13e6169994f9e5eab10642200b5e91457b93676c73e1695caee530623d4f0b-1277110749

Download:
http://www.vector.co.jp/download/file/win95/amuse/fh217070.html

A few minutes after executing, screaming women's voice / women's face appears. Reboot or kill the process via TaskManager fixes this.
Win32:Hikaru is a PUP detection, so you have to enable PUP option.
Main: Win10 Pro 21H2 64bit / Core i5-7400 3.0GHz / 16GB RAM / Avast 22 Premium Beta(Icarus) / Comodo Firewall (testing again)
Mobile: Win10 Pro 21H1 64bit / Core i5-3340M 2.7GHz / 8GB RAM / Avast 21 Free / Windows Firewall Control

Avast の設定について解説しています。よろしければご覧ください。

yongsua

  • Guest
Re: Eicar test fails on Avast Free
« Reply #21 on: September 22, 2010, 08:39:12 AM »
Same as me.But you should try another method to test Avast! detect this virus(Refer to 13thSlayer's post.http://forum.avast.com/index.php?topic=63733.msg538709#msg538709
« Last Edit: September 22, 2010, 08:44:41 AM by yongsua »

yongsua

  • Guest
Re: Eicar test fails on Avast Free
« Reply #22 on: September 22, 2010, 08:40:36 AM »
Same as me.But you should try another method to test Avast! to detect this.(Refer to 13thslayer's post.)http://forum.avast.com/index.php?topic=63733.msg538709#msg538709

Guilap

  • Guest
Re: Eicar test fails on Avast Free
« Reply #23 on: September 22, 2010, 11:32:39 AM »
Out of interest, I also have XP SP3 on 7 PCs and AIS/APro stops 'eicar.com' on each as indicated.

Yes, yours are the exact screens I get, but only if I add com files as custom extensions on "Scan when opening". Maybe this is a bug present only on Avast Free. Anyway, even when Avast blocks it, I miss the warning screen.

Thank you all for the suggestions of Spycar and Hikaru, they where the missing win32 eicar  ;D All of them got blocked and removed when they were already in the filesystem (but, again, no warning screen).

Same as me.But you should try another method to test Avast! to detect this.(Refer to 13thslayer's post.)http://forum.avast.com/index.php?topic=63733.msg538709#msg538709

I believe every method should by valid. What if the infected file was on a USB stick that was already inserted when I booted?

SafeSurf

  • Guest
Re: Eicar test fails on Avast Free
« Reply #24 on: September 22, 2010, 11:50:17 AM »
What if the infected file was on a USB stick that was already inserted when I booted?
Then you need something to disable autorun.inf in your machine and USB/flash drives like Panda USB Vaccine: 
http://www.pandasecurity.com/homeusers/downloads/usbvaccine/.  It gives you the option to "vaccine" your machine, which means it disables autoruns.inf, but with a simple click, you can enable it again.  And you can vaccinate any removable drive including USB sticks.  It does not conflict with Avast as I've been using it with no problems. 

There are other companies as well: Flash_Disinfector.exe by sUBs: http://experi3nc3.wordpress.com/2007/05/10/flash-disinfector-by-subs/, AutoRun Eater http://www.softpedia.com/get/Security/Secure-cleaning/Autorun-Eater.shtml.

Offline NON

  • Japanese User
  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5137
  • Whatever will be, will be.
Re: Eicar test fails on Avast Free
« Reply #25 on: September 22, 2010, 12:34:03 PM »
All of them got blocked and removed when they were already in the filesystem (but, again, no warning screen).

Is "SILENT/GAMING MODE" disabled?

Try to uncheck Settings -> Silent/Gaming mode -> Silent if a full-screen application is running.
(Just in case, avoid mis-recognized as full-screen)
« Last Edit: September 22, 2010, 12:39:29 PM by NON »
Main: Win10 Pro 21H2 64bit / Core i5-7400 3.0GHz / 16GB RAM / Avast 22 Premium Beta(Icarus) / Comodo Firewall (testing again)
Mobile: Win10 Pro 21H1 64bit / Core i5-3340M 2.7GHz / 8GB RAM / Avast 21 Free / Windows Firewall Control

Avast の設定について解説しています。よろしければご覧ください。

Guilap

  • Guest
Re: Eicar test fails on Avast Free
« Reply #26 on: September 22, 2010, 02:04:12 PM »
Thank you for the tips, SafeSurf!

Try to uncheck Settings -> Silent/Gaming mode -> Silent if a full-screen application is running.
You're right, I forgot that. Running a file from desktop counts as full-screen. Worked as expected for spycar and hikaru files.

But no matter if this setting is unchecked or not or if I try to run from desktop or cmd window, trying to run eicar.com never triggers a warning (even when Avast blocks and deletes it).