Author Topic: real-time file system shield is scanning on perl script reads  (Read 4315 times)

0 Members and 1 Guest are viewing this topic.

dave18

  • Guest
real-time file system shield is scanning on perl script reads
« on: December 02, 2010, 09:38:44 AM »
Hello all!

I'm new to avast. I installed the free antivirus program (version 5.0.677) with just the file system shield. In the real-time file system shield settings I have:

"Scan documents when opening" unchecked
"Scan files when writing" checked

Under "Expert Settings", I have none of the "Scan when opening" options checked.

I'm running a perl script from a command window which reads all the files in a directory and computes a checksum for each file. The problem is, avast is scanning every file for which a checksum is computed even though these files are just being read and not written. This slows things way down.

In more detail, the executable file "Perl.exe" is being executed from the command line. It, in turn, reads the script file "crc32.pl" which, in turn, reads files "1.jpg", "2.jpg", etc. Avast is scanning "1.jpg", "2.jpg", etc. even though these files are just being read and not written. Is there any way to get around this? Note that "1.jpg", "2.jpg", etc. could be any file type, not necessarily .jpg.

Thanks for any help. I'm hoping that there are some settings that will allow me to run this script without having to manually turn avast off. Under "Expert Settings" "Exclusions", I even tried adding "Perl.exe" (with the full path) to the "X" list to exclude it when executed, but that didn't work either.

The product seems pretty nice so far, so I'm really hoping to resolve this. Thanks again!

-Dave

swarnava

  • Guest
Re: real-time file system shield is scanning on perl script reads
« Reply #1 on: December 02, 2010, 09:48:02 AM »
make the entire folder into exclusion list..i think avast will not scan then

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88739
  • No support PMs thanks
Re: real-time file system shield is scanning on perl script reads
« Reply #2 on: December 02, 2010, 03:58:34 PM »
Personally that is a poor choice, as it drives a coach and horsed through your security. Not to mention if you read the OPs post again you will find that there is no specific folder mentioned and I suspect from the description of the perl script actions, these files could be in multiple areas.

@ dave18
Could it be that your perl script isn't just opening the file up with read permissions, if it opens with write permission that could be what is triggering the scan and .jpg files would be in the default list of files types to be scanned.

You can exclude a file from a scan, but you can exclude a files actions.

Have you made any changes in the Sensitivity section of the expert settings ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

dave18

  • Guest
Re: real-time file system shield is scanning on perl script reads
« Reply #3 on: December 02, 2010, 07:42:12 PM »
Thanks for the reply!

make the entire folder into exclusion list..i think avast will not scan then

I can't do that because I can potentially run this script on any folder on my system. Besides, if I was writing in these folders, I would want to do the scan. I just don't want to do the scan for reads.

Thanks again.

-Dave

dave18

  • Guest
Re: real-time file system shield is scanning on perl script reads
« Reply #4 on: December 02, 2010, 07:54:56 PM »
Thank you, too, for the reply!

Could it be that your perl script isn't just opening the file up with read permissions,

That is a great idea. I did, in fact, check into that last night before I posted here. The perl script actually just does the parsing and directory work. It ultimately calls "crc32.exe" to compute the checksum. I checked the source code for "crc32.exe" (it was written using the C programming language) and it definitely opens the files in "read only" mode. I can provide the exact call to fopen() if needed.

Quote
Have you made any changes in the Sensitivity section of the expert settings ?

I just tried all levels of sensitivity, but nothing helped.

So I was playing around and I can reproduce this problem without using scripts at all. So, since this problem is more general than I originally thought, I'm going to go ahead and start a new thread with all the details. I'm afraid this thread might scare away anyone not comfortable with scripting!

Thanks again for all your suggestions! I hope to see you over in my new thread.

-Dave


dave18

  • Guest
Re: real-time file system shield is scanning on perl script reads
« Reply #5 on: December 02, 2010, 08:27:12 PM »
OK, I just wanted to report back... I found a work around for the problem. It turns out, the extension ".jpg" is some kind of "magic" extension for avast. All I had to do was add entries in the "Exclusions" list for "*.jpg" and "*.jpeg" for "R" (reads) and that fixed the problem.

Here's the thread I posted on it if anyone's interested:

http://forum.avast.com/index.php?topic=66885.0

Thanks again for all the help! :)

-Dave

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88739
  • No support PMs thanks
Re: real-time file system shield is scanning on perl script reads
« Reply #6 on: December 02, 2010, 08:34:30 PM »
You're welcome, unfortunately I'm not familiar with perl or C languages.

Contrary to what it may appear in my profile info to the left of my posts, I'm only an avast user and not an avast employee.

Well .jpg files are not just magic to avast as they are targeted by malware and if you don't scan files that are malware targets, etc. then many of the various testing organisations will mark it against you in tests.

Though for a read only I guess that is a reasonable workaround as it is when they are opened that they can be exploited if the file has been modified.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

dave18

  • Guest
Re: real-time file system shield is scanning on perl script reads
« Reply #7 on: December 03, 2010, 12:07:28 AM »
You're welcome, unfortunately I'm not familiar with perl or C languages.

No problem. Luckily, this problem wasn't perl or C specific. Otherwise, there might be trouble. :)

Quote
Contrary to what it may appear in my profile info to the left of my posts, I'm only an avast user and not an avast employee.

Well, you've been extremely helpful, so I do appreciate that!

Quote
Well .jpg files are not just magic to avast as they are targeted by malware and if you don't scan files that are malware targets, etc. then many of the various testing organisations will mark it against you in tests.

That makes sense. I wonder if any of the test organizations mark down for scanning a file on read when you tell it not to scan files on read! :)

Quote
Though for a read only I guess that is a reasonable workaround as it is when they are opened that they can be exploited if the file has been modified.

That was my thinking. In order to exploit the file, it must be created or modified, i.e. written. So instead of scanning it the 100 times I read it, just scan it the one time I write it. I don't know, maybe that's flawed thinking, but it seems logical to me.

Thanks again for the help!

-Dave

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88739
  • No support PMs thanks
Re: real-time file system shield is scanning on perl script reads
« Reply #8 on: December 03, 2010, 12:23:46 AM »
Well test organisations can't really fault user choice overriding a default action ;D

Well in the case of a .jpg if it is infected before it gets to your system then the act of just opening it (if it weren't scanned could be enough), no need to modify, though the act of copying it into your system (it would be classed as a new file, creation) should see it scanned.

I don't know how the avast Transient cache would come into effect here if the file is opened multiple times it should be scanned once and if clean, not again. Unless a) the file changes or b) you have a virus definitions update, in which case the transient cache would be cleared.

avast 5 - Scan Transient and Persistent caching to speed scanning.
Quote
Use transient caching - if transient caching is used, a file that has been scanned, and in which no infection was detected, will not be scanned again the next time it is accessed. However, this is only valid until the next virus definitions update, as the file may contain an infection that was not previously detected but which may be detected based on the new virus definitions. Also, information that the file is clean will only be stored in the computer's operating (temporary) memory. This means that when the system is restarted the information will be lost, therefore the file will also be scanned again the next time it is accessed after a system restart. This box is checked by default; if you want files to be scanned every time they are accessed. this box should be unchecked.

Use persistent caching - if persistent caching is used, the information about the scanned file is stored in the permanent memory. This means it is not lost after a system restart and it is also not affected by virus definition updates. Consequently, persistent caching is suitable only for files which are guaranteed not to contain any virus infection e.g. operating system files, files signed by trusted publishers, or other files covered by the avast! whitelist. This box is checked by default; if you want all files to be scanned regardless of their trust status, this box should be unchecked.

Glad I could help.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security