Avast misses detection of virus being copied?

I have a copy of the harmless eicar test virus (downloadable from http://www.eicar.org). I have the Avast standard shield set on ‘high’.

Now, I right-mouse-click on ‘eicar.com’ and select ‘copy’. On an empty space in the folder I right-mouse-click again, and select ‘paste’.

Avast only detects the file being pasted as a virus, not the one I’m copying from. I would expect the original to also be detected, since Explorer is opening and reading the file in order to make a copy.

Hmmm… what’s going on here, does anybody know?

is avast resident set to high?
did avast detect it as you downloaded it?
I tried the same test now and I could not even download it with out a warning

As I wrote in my original posting, the shield was set to ‘high’.

(Of course Avast detects it when you download it, which is why I select the option of allowing it when Avast asks. I download the file a few days ago, because I need to run various tests on Avast and my mailserver setup.)

oops I overlooked that. Lets see what The ALWIL team has to say.

That’s because it’s a COM file (not recognizable by a header). To make avast scan these files on open, just add COM to the list of extensions to be scanned on open in Standard Shield (2nd page).

Vlk

Yup, that did it! :slight_smile:

Odd though, since I thought ‘.com’ files would fall under the category of ‘MS-DOS based programs’.

Are there any other typical executable-type files like that (i.e. which aren’t detected by header, and I might want to add to the list of extensions)?

The “MS-DOS based programs” configuration concerns execution, not simple reading - that’s what the second page is for (scanning on open).

Sowen, if it helps, I suggest you add:

ACE,ARC,ARJ,BZIP2,CAB,COM,GZIP,PST,RAR,TAR,ZIP,ZOO,ECE
to the aditional extensions list and

WS?,VBS,VBE,JS,JSE,HTA,WSF,WSH,SHS,SHB,HTM*
to be scanned on open (besides the WSH script).