Avast Free + EICAR testfile

I installed Avast Free , and i wanted to check if everything was working correctly.

I clicked all the tests , Avast blocked all of the tests , good result , only 1 test it did not block ( eicar.com.txt )(SSL enabled protocol https )

The eicar.com.txt file WITHOUT the SSL enabled protocol https did get blocked , only WITH SSL enabled protocol https file did not get blocked.

My question is , why not ?

Screenshot below ,

http://i42.tinypic.com/aa9hcg.jpg

And this popped up , after not blocking it , ( green border is because my browser was in limited rights ( run safer ) ( feature of Online Armor )

http://i41.tinypic.com/68wl12.jpg

https is encrypted ? if it could be scanned it would not be secure

… expecting the web shield to scan encrypted connections ??? ;D … the web shield scans mainly in memory, not at disk level, allowing it to abort connections before anything reaches the file system … so yeah, may be read the forums, search the threads etc… this has been asked a million times already.

All the more amusing is that of all people, this guy wants his SSL scanned? :o

All the funny responses , so far the maturity.

If the txt file is not scanned , then why the other encrypted things did ?

That’s a good question… but it didn’t.
If the other files got detected, then it wasn’t by the WebShield; in case of the .com file, it could have been FileSystem Shield detecting the file being written to disk, as for the ZIP files… hard to say, they shouldn’t have been detected unless you had changed some FileSystem Shield settings to unpack archives.

I did not change anything , i only turned on PUP on every shield and disabled voice over sounds.

So what does the detection popup say when you download those https files? Does it really say “avast! Web Shield has blocked…”?

No , if i download the eicar.com file ( the SSL 1 ) it gives this popup ,

http://i41.tinypic.com/f4fhn8.jpg

It says Malware Blocked , with the File System Shield

that’s a file system shield alert ;D (not the webshield) … and that’s a normal behavior with ssl downloads, so what’s the problem ???

“Bestandssysteem Schild”

What the problem is ?

Why so burned ?

I only ask some things whats on my mind , grow up

And with the zip files , it says the same thing , malware blocked with the file system shield

not offensive at all, just asking :slight_smile:

Can I see the popup screenshot for the ZIP files?

sure ( this is the SSL enabled zip file )

http://i40.tinypic.com/5buyc2.jpg

OK. It’s the Explorer extracting the ZIP content into a temporary folder (most likely at the moment when the download is finished and you “open” the archive) - and that extraction is being scanned by the FileSystem Shield.

Anyway, WebShield doesn’t scan HTTPS connections, so these detections are kind of side-effects of something else (such as someone actually extracting the archive).

Oh , when i open the zip folder , there is a MS-DOS application in it , called eicar , if i right click the eicar application , i only see , open , copy , cut , remove , and properties , i click open then the popup comes.

That’s all good ?

Yes, that’s as expected - “open” means “execute” - so it’s the basic scan performed when a program is starting.

ok i guess all is good then , that a ssl zip file with a ms dos application in it is detected.

ok thanks !