Automatically Scanning Downloaded Files

I came across the following thread from '09 where members state that Avast will not automatically scan downloaded files:

http://forum.avast.com/index.php?topic=43361.0

If this is still the case, can someone please instruct how the Firefox add-on “Download Statusbar” can be used with ashQuick.exe to auto-scan downloads? (this is alluded to in the linked thread)

why not test it with Eicar test file http://eicar.org/85-0-Download.html

Using a 3 year old topic for reference is a poor choice as at least three things will have changed, avast version, firefox version and the “Download Statusbar” add-on.

I can find no information on the functioning of this add-on other than it shows the download progress in the status bar, nothing about its settings. Whilst it has a virus Scan tab in the settings, there is no image of its settings/parameters to have your AV scan the file on completion. But if you are able to input the full path to ashQuick.exe then avast should scan the finished download.

DavidR, I assume by your answer that Avast still doesn’t auto-scan downloaded files, correct?

@tyson2: Avast does scans downloaded files. in fact, it scans the traffic as the bits of file are been downloaded (web shield), and will block the completion of a download if it detects malicious code.

Thanks. Do you know approx. when this change was implemented?

nope, i do not know when the change (if any, was implemented). but i do my own tests very recently on a virtual machine which emulates a real system.

From there, i know that is what the web shield does.

No, that isn’t correct, but it can’t be stated for all files, it isn’t a black and white yes/no answer. Not to mention the web shield may well be monitoring these downloads if they are using the HTTP protocol to download them.

The file system shield scans newly created files (depending on file type) and guess what downloads would be ‘newly created files’ when they are saved to the hard drive.

What type of downloads wouldn’t make newly created files on the hard-drive?

All of them of course they haven’t been on your systems hard disk and now they are.

Forgive me if I’m missing something here. You stated that not all downloads are necessarily scanned automatically. However, you also stated that all downloads create new files on the hard-drive and all newly created files are scanned.

That is correct, but it has nothing to do with there having been downloaded. I didn’t state that all downloads ‘newly created’ are scanned I added a provision in brackets as it depends on the file type.

The file system shield scans newly created files [b](depending on file type)[/b] and guess what downloads would be 'newly created files' when they are saved to the hard drive.

The file system shield (FSS) will scan newly created file no matter where they come from, but only if they are of file types at risk of infection and present an immediate risk of infection if run, such as executable files.

Archive files (zip) aren’t scanned as they don’t present an immediate risk of infection (newly created or not), for them to pose a risk the user first has to open the zip file and extract the contents of the zip file and then run any executable. Before this happens the FSS will scan them as the act of extracting the files from the archive file will create new files on the hard disk.

So as I said earlier this isn’t a clear yes/no answer as there are issues effecting what is scanned and what isn’t. So it is user choice if they want to have ashQuick.exe in a download manager to have avast scan ‘all their downloads’ regardless of file type.

Hi tyson2,

No, you are not missing anything. All versions of avast 7.0.1426 have multiple scanners built-in, pertinent ones for here would be:

[ol]- Network Shield

  • Web Shield
  • File Shield
  • Script Shield[/ol]

This is a layered approach to proactive protection; each will kick in as the parameters and actions of the downloaded file are read and ascertained.

Additonal information:

What DavidR is trying to tell you, I think, is that new, in the wild, malware files have characteristics not in the virus database; some of these will be caught through heuristic analysis, but not all. Like DavidR says, it also depends on what type of file it is.

If a brand-new new malware comes in, it most likely will not be seen. No antivirus program can give 100% protection.

Just so you know, all members here (except Tech, and a few others) are just avast! users like you. Some, like DavidR, do know what they are talking about, so it is just like having an avast engineer on the forum.

Thank you for the explanation. I’d be interested to know which file types are or aren’t scanned upon creation. Also, I assume all file types could potentially be harmful but I don’t know that for sure.

It seems I’m typically downloading exe, mp3/4, pdf, zip, & jpg, and I’ve been in the habit of manually scanning every download. Aside from exe & zip, are these file-types auto-scanned?

I can’t give you a full list as an avast user I don’t have that information, but not all file types are at risk of infection. Some assume incorrectly that image files aren’t at risk, but there are jpg exploits and as such they are scanned, but .txt and archive files (of certain types) aren’t.

So this is more complex than at first you might think as there would also be many exceptions. Suffice to say that avast know a great deal more than I do and they are the ones that keep abreast of current threats and modify the scanning criterion accordingly. This is done through the engine and virus definitions update so they can respond quickly to any change in the perceived threat.

What does that mean for me, I allow avast to scan what it considers to be a potential risk be that in newly created files, downloads, etc. and I don’t have any other function (download manager, etc.) do a call to ashQuick.exe to scan the download.

Well, I directed Download Statusbar to use ashQuick.exe, but I’m not seeing any scanning activity on Avast’s monitor. Can anyone help me get this (or another) attachment to auto-scan all downloaded files?

In Download Statusbar’s virus-scan window there is a line:
“use %1 in the arguments for the file to scan”

Is this some type of instruction that I’ve overlooked?

I appreciate the help.

It doesn’t require parameters other than the full path to ashQuick.exe.

Hmm, well that’s how it’d set up but I don’t see any scanning activity when downloading (using avast’s live monitors).

Unfortunately I can’t test it, I don’t use the Download Statusbar, I use the Download Them All add-on and it doesn’t have a scan option.

As I have mentioned earlier, since the web shield and file system shield would be scanning files I don’t see the point in scanning all downloads.