I immediately updated my avast! free after reading the post of Mr.Vlk regarding the new update for 4.8.1356.
After updating, I immediately tested it against eicar.
But to my surprise, the text file of eicar using ssl connection was displayed on opera 10. ???
avast! is set to high level protection-all modules.
How was this possible? ???
Please see attached file.
thanks for the very fast response.
how about the other modules?
the standard shield?
will it not scan it?
I am just new to avast!-not more than 6months so I am not yet very familiar with it.
all I tweaked with the settings is make the settings to high.
I was really surprised to see this eicar text to be displayed in opera.
Because before when I was using a previous free av such eicar texts was never displayed even in ssl.
Standard Shield would scan it if the file was saved to disk (cache). If Opera only displays the file, however, without storing it anywhere - there’s no way to get to that data.
(Well, there’s probably a default exclusion for *.txt files in the Standard Shield, so it wouldn’t scan it anyway - but let’s say you used eicar.com).
Short answer No, but, a) I’m not Igor, b) nor do I work for Alwil.
The whole point of encryption it to keep prying eyes out and that includes AVs. Yes it would be possible to decrypt if you had, a) a powerful computer, b) lots of time to do brute force decryption. When data is encrypted using powerful encryption methods, to all practical intents and purposes it is secure.
No, it wouldn’t really be possible to decrypt, unless the “lots of time to do bruteforce” means something like “till the end of the universe”
It is possible (but I don’t know that much about it) that similar (though not the same) functionality could be implemented using special browser plugins - in which case even data on secure connections could be scanned; but - it would work only for some browsers (those that have some kind of API to get to the data) - and I doubt Opera would be one of them.
Also, I’m not aware of any such plans at the moment.
In my system the standard shield detects it a few seconds after the text page loads. But that text page isn’t saved to hdd as a .txt file, it’s saved without extension jıst like all the other temporary internet files of Opera. So avast! standard shield should detect it unless the default extension set is selected in standard shield settings (other extensions can be added in addition to the default extension set but i don’t know hot to add “extensionless” to be scanned lol) (if “all files” option is selected, then there’s no problem).
Note: I’m using Opera 9.63 but the version numbers won’t affect the result, the web site is the same web site and the temporary file is same again. I also tried Opera 10 out and there wasn’t such a problem in detection. But when you try this with IE, avast! won’t detect it because in temporary file folder of IE it is saved as .txt file. And there’s no way to un-exclude .txt file extension in standard shield settings, weird. However, on-demand scans are of course capable of detecting threats in all extensions.
I don’t use FF but according to your post it is saved as .txt file in FF temporary folder as well, i think.
You can remove the .TXT exclusion, in the standard shield settings - Advanced tab
When i remove all exclusions in advanced tab, save and then reopen the advanced tab again, pagefile.sys, .log, .ini and .txt appears again in exclusion list (don't ask me why i try to unexclude pagefile.sys, that's just for trying). But if i only leave pagefile.sys and remove the rest, then nothing reappears again in exclusion list. I've realised this now. Thanks. But but but, now avast! still doesn't detect in IE although it detects eicar.txt by right-click scan of IE temporary file folder. This sounds weirder. :P Whatever, I mostly use Opera and there's no problem. lol
The firefox browser cache doesn’t use the same file name and doesn’t use an extension, it uses a randomly generated file name and no extension, see image.
So these extensionless file names may not get scanned depending on your avast settings.
When i remove all exclusions in advanced tab, save and then reopen the advanced tab again, pagefile.sys, .log, .ini and .txt appears again in exclusion list (don't ask me why i try to unexclude pagefile.sys, that's just for trying). But if i only leave pagefile.sys and remove the rest, then nothing reappears again in exclusion list. I've realised this now. Thanks. But but but, now avast! still doesn't detect in IE although it detects eicar.txt by right-click scan of IE temporary file folder. This sounds weirder.
Actually it doesn't matter what i leave in exclusion list. There should be at least one exclusion, otherwise if we remove all of them, the 4 extensions which mentioned above reappears in the list. In this case (imo) pagefile.sys should be there as its content isn't accessible.
And avast! standard shield now detects eicar.txt in IE. After unexcluding .txt in advanced tab, when i opened the eicar text page, nothing happened because the eicar file was already in temporary folder and wasn’t downloaded again. When i cleaned the file and open the eicar text page again, avast! succesfully detected.
David, thanks for the info about FF. Also in Opera the name of the temporary file is always changed randomly on each page refreshing unlike in IE (in IE it is either eicar.com[1].txt or eicar.com[2].txt).