Author Topic: W32.Beagle not recognised  (Read 13899 times)

0 Members and 1 Guest are viewing this topic.

force_redo

  • Guest
W32.Beagle not recognised
« on: November 20, 2004, 01:34:56 AM »
Hi,

first of all: Thanks for your product, it seems really cool!

But: I've been testing the Email Scanner with various viruses that I get in my web account (which has a virus scanner on it's own) and aparently Avast doesn't recognise the W32.Beagle Virus.

Strangely enough, the Pop-Up comes up, saying "scanning mail:" but instead of the mail subject behind this it is just empty. After the popup goes away, there is no warning, no window asking me for action, nothing.

I'm happy to forward you this virus, if you should need it for further investigation.

Thanks and keep up the good work!

Chris


Edit:

Sorry, forgot to mention, I'm using Avast 4.5.523 And the DB 0447-1 on a XP SP2.
« Last Edit: November 20, 2004, 02:06:17 AM by force_redo »

gerrynz

  • Guest
Re:W32.Beagle not recognised
« Reply #1 on: November 20, 2004, 05:52:05 AM »
I just loaded W32.Beagle onto my laptop and avast jumped on it straight away.    :)

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:W32.Beagle not recognised
« Reply #2 on: November 20, 2004, 08:15:32 AM »
If you have a (suspected) malware from which you think Avast should detect it but doesn't. Follow this procedure:

1] Submit the file to JOTTI
2] If it is detected by multiple other av's there but not by Avast, submit the file in a password protected zip to virus@avast.com
3] Mention in the body of the mail that you (suspect) it is malware and that Avast should recognize it and don't forget to metnion the password ofcourse.

force_redo

  • Guest
Re:W32.Beagle not recognised
« Reply #3 on: November 20, 2004, 03:55:31 PM »
When I tried saving the attachement to disk, avast did recognise it. Luckyly. Gee, I don't like doing these things! ;)

It's just the email scanner that doesn't. Isent the email again to myself and made a screenshot (german). This is how it looks:

(Edit: I'd like to attach my screenshot here, but it doesn't work, what am I doing wrong?)

So, to narrow it down, avast does recognise it, but not the email scanner...
According to Avast, it's the Win32:Beagle-AQ. Shall I still submitt it? Or do you have one "on ice" to test it yourself?

Thanks again,
Chris
« Last Edit: November 20, 2004, 04:05:34 PM by force_redo »

force_redo

  • Guest
Re:W32.Beagle not recognised
« Reply #4 on: November 20, 2004, 04:27:35 PM »
Another try for the screenshot:

force_redo

  • Guest
Re:W32.Beagle not recognised
« Reply #5 on: November 21, 2004, 02:32:20 PM »
... and this is how it normally looks on anuninfected email:
(I blanked the adresses)

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:W32.Beagle not recognised
« Reply #6 on: November 21, 2004, 02:39:34 PM »
It seems that the e-mail is not parsed correctly.  :-\

I don't know what e-mail client do you use - but would it be possible to save the whole message (not just the attachment) - e.g. in .EML format and send it to us with a short description of the problem? (it would be best to password-protect the .eml file with ZIP or RAR)
Thanks!

force_redo

  • Guest
Re:W32.Beagle not recognised
« Reply #7 on: November 21, 2004, 03:04:28 PM »
I just sent it to support@asw.cz. I hope this is ok!?

I use Thunderbird and connect via IMAP.
Funny enough, when I saved the message in .eml, it warned me that there was a "suspicious extension in the Attachement". But it still didn't recognise the virus.

Another Screenshot (again german, alas)

Anyways, this seems to be rather a little bug, than a serious problem, I hope?  ;)

Thanks for your time,
Chis

force_redo

  • Guest
The story continues...
« Reply #8 on: November 21, 2004, 08:37:20 PM »
It's me again...  ;D

It seems as if this little bug is not limited to the Beagle Virus. I got two Mails with the Sober.H (Or Sober.I) attached, today. One had it in a file called "daten.com" and one in a file called "daten.zip"
The message body was identical.

The funny thing was: When I download the one with the .zip, avast recognises it and offers to delete/move it. When I download the one with the .com, the empty scanning message comes again and it downloads it without any objections.

Again, when I copy it to disk, avast recognises it again and offers to deal with it.

I'm slightly puzzled/scared...

 ???

Chris

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:W32.Beagle not recognised
« Reply #9 on: November 22, 2004, 11:47:19 AM »
I'm puzzled even more...
Do you have avast! Home or Pro? If it's Pro - did you change anything about the Packers in the Resident protection?

force_redo

  • Guest
Re:W32.Beagle not recognised
« Reply #10 on: November 22, 2004, 12:53:19 PM »
I'm using the Home Version. I'm thinking of buying the pro...  ;D

(Don't get me wrong, I really like this product and I don't think I'm in a big danger here, since I suppose avast would recognise these Worms/Viruses as soon as I would try to execute the attachements. And other than that all my emails get pre-scanned online, so no worm made it through yet. I downloaded these guys just to test avast.)

Did you get the email I sent you yesterday? Were you able to reproduce my problem? Am I the only one with this problem? Or does nobody else download viruses on purpose? X-)

Thanks,
Chris

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:W32.Beagle not recognised
« Reply #11 on: November 22, 2004, 02:03:46 PM »
I suppose avast would recognise these Worms/Viruses as soon as I would try to execute the attachements.

Chris, it would depend on the level of sensitivity you set.
High will detect them on-access and Normal only on-demand or when you unpack the attached file. What do you mean with execute?
The best things in life are free.

force_redo

  • Guest
Re:W32.Beagle not recognised
« Reply #12 on: November 22, 2004, 02:19:41 PM »
I got all settings to "high". This doesn't do the trick.  :'(
I mean, it works in general (pls. read this thread from the beginning), but occasionally it doesn't.

By "execute" I mean execute ;-) As in "start (an application)" or "run". Well, things you do with an executable file, really... ;-)

To get it all short and clear again in a nutshell, for the people that just zapped in:
1.) Avast works for me in general. Nicely, as it says on the tin.
2.) BUT: Aparently (maybe only happening to me, I don't know) the email scanner doesn't work. Instead of warning me of a virus in the attachement, it comes up with an empty scanning message (see screenshot above) and lets the email pass into my account without further actions.
3.)Now, if I save this attachement to disk, it rightfully detects the virus in it and offers to delete it.
(I just didn't try to execute these files yet, since I'm not sure whether it would detect it and prevent it from doing its evil virus work)
4.) If I export one of these mails that seak though the email scanner to an .eml file, avast appears and says that this email is suspicious, other than saying that there's a virus in it and which one. See screenshot above. (I assume it's the heuristics scanner!? Or maybe just the recognnition that it's an executable file.)

Maybe it's just a little bug, an overflow or something or why would the scanning pop up just be empty?

C

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:W32.Beagle not recognised
« Reply #13 on: November 22, 2004, 09:10:04 PM »
Hi f_r,

could you please send me the entire eml file? Ideally zip'ed up garbled with a password so that no AV disinfects it en route... :)


Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re:W32.Beagle not recognised
« Reply #14 on: November 22, 2004, 09:18:36 PM »
I've got the file already... but didn't found anything suspicious about it  :-\