Author Topic: How to scan standard-extensions on open with RS ?  (Read 31353 times)

0 Members and 1 Guest are viewing this topic.

whocares

  • Guest
How to scan standard-extensions on open with RS ?
« on: July 21, 2003, 10:35:25 AM »
Hi,

as a new user of avast 4 home (on Win2k-SP4, 56k analog-modem :-)

1) is there an easy way to set the resident shield to scan all files of the default(write-scan) extension list on    OPEN/READING ?
as I see it now, it scans only boot, Exe and OLE ..
(P.S.: OLE meaning what apart from office-like documents??)
Or do I have to copy & enter each item from the read list to the scan-on-open-list ?

I searched the board/FAQ a bit but couldn't find much..
Please point me, if I missed it:-)
Thanks in advance..



 :)
« Last Edit: July 25, 2003, 02:22:32 PM by whocares »

Waldo

  • Guest
I can only answer question 1 :

You have to put a asterix "*" without the "" in the > Standard shield > scanner advanced > scan files with these extension > *

Now AVAST will scan really ALL files.

I have it setup like this, and it does improves security alot, but the drawback is that it will make your system a little slower offcourse. But for me this little slowdown is woth the gain  in safety.

If you have AVAST pro you can setup the resident scanner to scan and unpack ALL known archives also. Wich offers even more detection

Greets,

Waldo

« Last Edit: July 22, 2003, 01:30:56 PM by Waldo »

whocares

  • Guest
Hi Waldo,

thanks, that occurred to me, but I'd rather have avast RS only scan potentially dangerous files (like in the scan-on-write default list), and not slow down my system by scannning all files on open..
If nobody here can find an easier solution, I'll just copy all the relevant filetypes into the scan-on-open-list  :-)

btw what does {*} mean in the extension list ? is this to do something with CLS-IDs ?
 :)
« Last Edit: July 22, 2003, 01:36:39 PM by whocares »

Waldo

  • Guest

btw what does {*} mean in the extension list ? is this to do something with CLS-IDs ?
 :)

I have no idea at all ! :) lol

But i do know (i've read it in the forums) that by putting it in, Avast scans everything.

Maybe some Avast support member can try to anwer these questions. I'm also intrested...

Waldo
« Last Edit: July 22, 2003, 02:00:05 PM by Waldo »

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Quote
but I'd rather have avast RS only scan potentially dangerous files (like in the scan-on-write default list), and not slow down my system by scannning all files on open..

I absolutely agree. Scanning all files on open is an overkill. This is the current default extension set - just copy and paste it to the appropriate box:

COM,EXE,DLL,SYS,SCR,OV?,VXD,386,BIN,BAT,CMD,DO?,XL?, PP?,HT*,HLP,CH?,{*},ASP,CLA*,CPL,CSS,INF,JS*,LNK,MS?,OCX,PDF,PIF,PO?, PRC,RTF,SHS,VB?,VSD,WS?,SWF,AD?,ASX,BAS,CRT,INS,ISP, MDB,MDE,PCD,PRF,REG,SCF,SCT,SHB,URL,EML,NWS

Quote
btw what does {*} mean in the extension list ? is this to do something with CLS-IDs ?

Exactly, it handles the extensions in the form {CLSID} that can be as dangerous as any other.

Vlk
« Last Edit: July 22, 2003, 02:02:09 PM by Vlk »
If at first you don't succeed, then skydiving's not for you.

whocares

  • Guest
Thanks VLK !!
that's what I (being lazy & not a good typist) wanted

Keep up the good works..

 :)

btw: although I have set both prog and VDF-Updating to automatic AND was online for about 1 hour,
avast only downloaded a vps update just when I explicitly told it to check.. ???
in what intervals does avast check for an open inet-connections or , if PC is online, for updates ? ???

rlndsgrb

  • Guest
Code: [Select]
I absolutely agree. Scanning all files on open is an overkill. This is the current default extension set - just copy and paste it to the appropriate box:

COM,EXE,DLL,SYS,SCR,OV?,VXD,386,BIN,BAT,CMD,DO?,XL?, PP?,HT*,HLP,CH?,{*},ASP,CLA*,CPL,CSS,INF,JS*,LNK,MS?,OCX,PDF,PIF,PO?, PRC,RTF,SHS,VB?,VSD,WS?,SWF,AD?,ASX,BAS,CRT,INS,ISP, MDB,MDE,PCD,PRF,REG,SCF,SCT,SHB,URL,EML,NWS


  Default !? If one doesn't write in the box the open is scanned for all of these extensions ?
 Regards,rolando
« Last Edit: July 22, 2003, 11:36:09 PM by rlndsgrb »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
No, that's the default set of "executable" (dangerous) extensions used elsewhere. If you don't write anything in the "Scan files for open" box, no files will be scanned just on open (which is not as bad as it sounds - they will be scanned on execution, so it's OK in fact).

rlndsgrb

  • Guest

Last week I've got a virus opening an HTM file (It was a download of a web mail ) . Could I avoided it if I had "HTM" in the open box ?
Thanks,rolando

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
I think it would.
What virus did you get by opening an HTM file?

whocares

  • Guest
If you don't write anything in the "Scan files for open" box, no files will be scanned just on open (which is not as bad as it sounds - they will be scanned on execution, so it's OK in fact).

Hi Igor,

you've confused me there..
what's the difference between open and execute in case of files containing code and being able to "run" on doubleclick ?
and how do you "execute" e.g. a html or a vbs-file ? they are opened and processed by their respective applications, right ?  ??? ???

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
"Open" means "acquire read or write access".
I know I'm a little twisted here, but when I read "open" (e.g. an executable), I personally understand something like "view it in some kind of viewer" - hexeditor, or F3 in an Nortron Commander-style program, such as Far, Total Commander etc.
"Execute" means "start the program".

As for the others, you are right - when you execute a HTML and VBS file, the respective application is executed and the file is passed to it as an argument to be "opened" inside the program. Therefore, scanning files on execute doesn't help here, since it is the application that will be scanned, not the "data" file.

rlndsgrb

  • Guest
Quote
 I think it would.
What virus did you get by opening an HTM file?
 

It was VBS:REDLOF . My double click opened to me a blank page ! from then on the windows had only the colors white and red. You cannot see any written line in a window unless you didn't hit "Edit/select all "
when a red background allowed to see white characters !You could not write e-mails.But there is a post in this forum about this.
Regards,rolando

rlndsgrb

  • Guest
For sure the avast! ball turns in system tray.
Nice and not easy.
« Last Edit: July 23, 2003, 05:31:36 PM by rlndsgrb »

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Well, you are right I am afraid... in this case (thanks to Microsoft I guess) the virus is able to "get out" of the browser, activate and spread. In the Pro version, it would be cought by the Script Blocker, but it is not available in the Home version.
If you were starting it by clicking a file, then setting "Scan file on open" on  HTM* would really detect and deny it.

Hmm, maybe we should modify the default settings of the resident protection a little...  :-\