AVAST Fails Fortinet Metal Test

system · 2017-01-08T22:18:51.000Z

It appears that Avast passes all of the tests save one, the zipped password file with the eicar file.
I tried this from various browsers with the same result.
Is there a setting I am missing on the Avast application?
Is this a known or an unknown deficiency?

Offending test is #18
http://metal.fortiguard.com/

Please advise.

RejZoR · 2017-01-08T22:26:16.000Z

It’s a pointless test. It basically just tests what archives antivirus can unpack and to what subdirectory. Unless it’s a mail server, totally pointless and irrelevant test. If you want to get to the files, you need to unpack the archive anyway and that’s when avast! will probably catch the malware. Mail servers operate differently and even there, avast! probably behaves differently already.

DavidR · 2017-01-08T22:31:50.000Z

Archives are by their nature inert, until something unpacks them they present no risk. When the files are unpacked they should be scanned by the on-access scanner and even further, if the unpacked file is executed.

system · 2017-01-08T22:39:28.000Z

Quick question, I don’t mean to be rude and this is my first port, but are you saying this as a Forum expert, or Avast Rep, or run of the mill Joe Blow user opinion?
Ive got tons of those already LOL

Such as…
The Sarcastic
“Ouch…
That is file specifically for testing anti-virus programs… Have to ask… Does it detect anything?”

Or from a respected observer…
“Now THAT is a major red flag. EICAR ANY AV should be able to pick up, that’s the computer equivalent of the
“skill testing question” for a contest.”

One other asked a decent question IMHO…
“I’m not sure how much of a threat a virus buried inside a password protected zip file is, in the real world?”

The response being…
“Stuff buried in a ZIP file may be old, but still relevant, way to send malicious stuff to people. Insert comment
here about the (l)user type that clicks everything they get, irregardless of all the warnings you give about safe
hex.”

Which in a way supports your response which states, the file has to be triggered in some fashion and then AVAST will respond.
However, I still think its a legitimate question on why it cannot detect this file… Perhaps no AVs can and the test is indeed moot.

Personally, the most intelligent comment I read…
"According to the test resuts from that site, I failed all 18 of the tests. The reason being that NoScript simply did not allow the tests to run. Sounds to me like many other “security” vendors I have run into that try to sell their own products to visitors who are already protected. A “security” test that requires a site visitor to give that site unlimited access to their computer/network is not a valid security test (except of course, for the social engineering aspect).

Rule number one of the 10 immutable laws of security: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore."

bob3160 · 2017-01-08T23:42:03.000Z

Both replies are right on the money both are from Avast users.
So is this reply.

RejZoR · 2017-01-09T00:05:12.000Z

Bottom line is, for as long as so called “malware” is inside archive, it cannot do any harm. When you execute it inside archive, it has to first get extracted to disk. At which point, ANY antivirus will detect it. This isn’t an excuse of any kind, it’s just how things work. And scanning archives on-access/real-time on desktop systems is a total waste of time, it’s why no one is doing it.

Like I’ve said, only time direct archive scanning matters at all are mail server scanning, because you want to catch as much as possible during transmission through the server without the need to actually unpack and run archive contents.

system · 2017-01-09T00:37:54.000Z

Much Thanks all to the excellent and prompt replies. I can safely disregard a pointless test item.

Eddy · 2017-01-09T06:45:00.000Z

Completely BS tests.

Run all tests > it only runs the first one and then stops.

First one fails > This is EICAR test file as well as a screenshot from fortinet.com, taken in the last few minutes to show sample freshness.
I monitored traffic before my (hardware) firewall as well as after.
Guess what… The EICAR test file as well as the screenshot where not even send !

And another BS is that putting the EICAR tests file in a password protected zip.
How do they expect a av to test it if the password is not known ?
Oh wait, ofcourse…
The av should brute force the password (which can take many years) and then test it.
It is like saying “I have a present for you, you only have to get unpack it” while the present is laying in the safe at Fort Knox.
Good luck trying to get in.

RejZoR · 2017-01-09T18:29:57.000Z

Better functionality test is this from AMTSO:
http://www.amtso.org/feature-settings-check-for-desktop-solutions/

It doesn’t check the efficiency of antivirus, you’ll have to look at AV-Comparatives and AV-Test reviews for that. But it does check various antivirus subsystems to see if they are working as intended or if antivirus even covers that infection vector.

Announcements