Been noticing this more and more lately. I just received some spam with attachments that the Avast Internet Mail Access Scanner allowed through. I’ve seen this particular vector used before (same email subject with similar attachment) with the same results from Avast (that is, none).
The first time this happened I suspected the files were infected, so I left them alone to see if Avast would detect things after it finally received some updates (I manually checked Avast for updates, with no results). Avast discovered the infection a day later. I had Avast set to update every 240 minutes.
This time I again attempted to updated the Avast db manually but nothing new was available. Checked with VirusTotal.com and found that this file had already been reported. I wanted to check with another AV scanner, so I downloaded and installed ClamWin (ClamAV for Win32) to scan the file. I chose this one because it doesn’t have a system-level on-access scanner and wouldn’t conflict with Avast (ClamWin does, however, have an Outlook on-access scanner). ClamWin sucessfully detected the infected messages.
I understand there will naturally be a delay between new virii in the wild, reporting of such and inclusion in the definitions, but why so slow on updates for virii already known?
Sorry… what can we say? There is no excuse for lack of detection or slower updates… But, not a software is perfect. Thanks for reporting.
But look, are you sure it’s not a false positive? The “big guys” do not detect anything there…
The file I found is a new round of the UPS email trojans. ClamWin shows it as Trojan.Zbot-1937. It’s not like Avast never detected the last batch of UPS email trojans…just a day later. The last UPS trojans showed up as Win32:ZBot-AJN [trj].
If the “little guys” can keep up, shouldn’t I expect the “big[ger] guys” to do the same? Not trying to troll, just a little frustrated. I’m in the IT field and have recommended Avast to some of my clients in the past. I need to maintain confidence in the product to recommend it.
Sorry to disappoint you… but not a software is perfect.
avast is becoming better, the support is becoming fast.
But if you think you’ll find the panaceia…
Confidence is what we can have with a serious and competent company.
Thanks for those links. I’ll check those out. Cleaners are always useful tools, but the whole purpose of using active on-access anti-virus/malware scanners is prevention.
This morning, the file that Avast missed is now detected by Avast as being infected with Win32:Zbot-ALW [trj]. So Avast is a day behind the curve. Now I know what to expect.
IT’s like trying to catch a bus
if you’re late for one you’re early for the next
NO av is first for all of them especially the “First Day” ones, although some AV’s work harder on this than others (and charge appropriately)
If “first day” virus are a concern there are a couple of approaches
High Heuristics with High False Positives
System Safety Monitor types of programs HIPS
(However I’m not suggesting trying Zone Alarm’s latest and greatest)
other AV supplemental programs
Have a resident Anti Spyware in addition to your AV
SPysweeper, Counterspy, Spyware Doctor, etc (do you have a quad core?)
or Spybot T-timer
have a resident anti trojan- trojan hunter, A Squared paid in addition to the above
at the minimum have Scotty on patrol
no free lunch that I know of
free with little performance impact
outbound firewall???
hosts file
spyware blaster- javacool
spybot immunize