no, u didn't understand me at all.
Fileshield didn't blocked EICAR, he didn't remove it, he only poped up a message once and once when i opened the .com file.
As already said, the fileshield informs about the infection and prevents the execution of the malicious code
YES! THE FILE WASN'T TXT IT WAS EICAR.COM
Just a note on EICAR. Apart from the fact, that the EICAR file is a DOS executable, it is also a simple text file - it uses only printable ASCII characters, this was the goal when the EICAR file was designed. So you can also consider it a text file.
avast! failed with eicar1.com eicar2.com eicar3.com even when eicar executed a bash/bin command in terminal which made avast alert once again for "bin/bash" but, didnt do a thing (why.. why?!?!)
...
oh and the avast installed in my macbook pro isn't corrupted, i tried it again on a clean mac (mac os journaled) with eicar, and i was able to run the eicar.com file which successfully opened the terminal and wrote "EICAR TEST FILE..."
This is completely weird. You can really not execute the EICAR code on a Mac OS X as it uses the INT21h DOS routine to print the string to the terminal unless You use DOSbox or some other virtualization/emulation tool. And bash is really not such a tool... So what most probably happened was that bash was trying to interpret the file and printed some syntax error message containing the EICAR-STANDARD-ANTIVIRUS-TEST-FILE string.
igor, someone? i need to know what's up with avast for mac, this is avast fault and it has nothing to do with the way i installed the program.
This is not a avast! failure. The eicar code was not executed as it is not an Mac OS X executable. Would it be a Mac OS X executable (or a script executable on Mac OS X), its execution would be blocked by the avast! fileshield.
ok, first of all, i want to thank you for all the help (you're the only one who cared enough to assist me, and i admire you for that).secondly, back to avast! when i opened the eicar.com, it opened the terminal and i saw something like:
----------------------------------------------------------------------------------------------------
command (i dont remember what..) c:\users\documents\something..
EICAR-FILE TEST something something (yes it was a text string in this line)
commands completed.
----------------------------------------------------------------------------------------------------
while the terminal opened with these wierd unknown command, avast! popped up and said "bash/bin command something blocked" and i saw in the header of the terminal "Terminal - Locked".
avast! didn't remove the file and it didn't even block it from execution, but i think avast! actually did something behind the scenes, but itsn't enough for me.
i know that other antivirus softwares for mac do remove eicar when it has .com extension (i know that txt isn't an executable file so it won't be detected automatically) but .com is a file which run in terminal too and
that's why i don't see why avast let it even run, it should have been deleted instead of letting it run commands.
and it was downloaded from the main site of eicar (eicar.com).
so yes, i do believe that avast! tried to block eicar because it said that on the popup and the terminal changed to terminal-locked but it actually seems like avast! failed.
so you telling me that if this result isn't enough for me, i should abandon avast! for mac? because now im not quiet with avast! mac, because im afraid that when it will be a real virus it will happen the same.
is there a test i can make that will prove to me that it only ignores eicar and not other files?
one more important question: is it ok if i only use fileshield and mail shield without web shield because i must use little snitch 2, and as you know LS2 won't work with web shield because all localhost (127.0.0.1)
requests are automatically allowed.
i know that mac cant really be exploited by viruses without downloading and installing the infected malware with the approval of the administrator (opposite from win32), so is it a red alert if i close web shield
and i use only fileshield and mailshield?
note that little snitch 2 is something that i cant uninstall because im really afraid of keyloggers etc and i can't really believe that web shield can tribute to my mac defense more than LS2.
and if the only difference between web shield on and off is that it will block the file before it was downloaded to the harddisk, then its fine with me as long as i have a good fileshield, because the infected file can't
make any harm because the web shield and fileshield works on the same database, if it passed the fileshield it will pass the web shield as well. oh and i don't like TCPBlock (altrenative outgoing firewall for mac)- LS2 is amazing!!
+ is it ok if i use avast! with CalmXav (its a scan-on-demand antivirus only).
just tell me if im right and im good to go..