I recently installed the free antivirus program (version 5.0.677) with just the file system shield. In the real-time file system shield settings I have:
“Scan documents when opening” unchecked
“Scan files when writing” checked
Under “Expert Settings”, I have none of the “Scan when opening” options checked.
So with these settings, I am trying to keep avast from scanning any files I just open for reading. The problem is, any file with a “.jpg” extension gets scanned when I read it. As far as I can tell, I have not specified “.jpg” as a magic extension anywhere. I do want “.jpg” files scanned when written, but not when read.
Here’s what I did to test this. I pulled up the “File System Shield” tab under “Real Time Shields” and noted the “Last file scanned” at the bottom of the screen. I then brought up an Explore window (right click the windows Start button) and find a “.jpg” file. I select the “.jpg” file by single clicking on it. That “.jpg” file now appears as the “Last file scanned”.
There’s something magic about the extension “.jpg” as this does not happen for other extensions. If I change the “.jpg” extension to something else it does not happen. I can take a “.txt” file and give it a “.jpg” extension and it will be scanned on read.
OK, I just now thought of a work around… I went to “Expert Settings” “Exclusions” and added “.jpg" to the “R” list and that fixed it. It’s not apparent that I should have needed to do this, but there you have it. I also had to add ".jpeg” as an exclusion.
So that leaves me to ask… are there any other magic extensions that I have to override in the “Exclusions” area? Are these magic extensions published anywhere?
I think he knows that somehow, what he is saying is why avast considers them magic extensions.
As I explained in his other topic, avast and other AVs would scan files that are at risk of infection (e.g. targeted) and present an immediate risk if run/opened and that is where the jpg exploit comes in.
I haven’t got the list of the files in the default set, but my post outlines what they might be, files that are at risk of infection (e.g. targeted) and present an immediate risk if executed/run/opened, executables most commonly, .exe, .com, .dll, etc. etc.
But that same .jpg exploit can be used as a .wmv exploit or a .txt exploit, right? Or even a .whatever exploit. It seems to me that if you want to protect against virus on reads, you should be looking at all reads. But if you only want to protect against virus on writes, then you shouldn’t be looking at reads for anything, much less .jpg.
This “special status” of .jpg and .jpeg files seems a little strange and not what I’ve experienced in other virus programs I’ve used, that’s all.
files that are at risk of infection (e.g. targeted) and present an immediate risk if executed/run/opened, executables most commonly, .exe, .com, .dll, etc. etc.
But for .exe, .com, and .dll, aren’t those handled by the execute options? I like that avast appears to have segregated things by read, write, and execute, but then behind the scenes they appear to be breaking the rules for certain file types.
Oh well, I’ve got a work around for it. I’ll continue to evaluate the program. It looks like avast does some other things based solely on file extension. I’m not sure if I like that, but I’ll tweak with it and see how it goes.
