Avast not reading all file names ??

SECURITEAM.COM claims today that several (most) AV-progs are not checking on filenames that contain not printable characters, that they are just ignored. This is claimed to be true for AVAST too
Read: http://www.securiteam.com/windowsntfocus/5TP0M2KGUQ.html

Should be easy for Alwil to correct!
Hanspeter

Only partially true for avast!.

  • The file will be detected by the resident protection and will be blocked from being started.
  • The file will be detected by on-demand scanners provided you don’t scan this particular file alone (i.e. you scan e.g. the parent folder, the whole disk it is stored on, etc.).

What probably won’t work are actions on the file (i.e. avast! will not be able to delete it, move it to Chest, etc.). The potential malware, however, will not be allowed to activate.

We are working on improving the actions on the infected files to handle even such situations. It’s not that easy as it may seem, however, so it may take some time to finish.

I confirm this. So the file won’t run and the infection won’t occur after all.

I confirm this. Scanning the file alone, you got the error.

Yeah… this happens.

Good work Igor 8)

Related thread: http://forum.avast.com/index.php?topic=16687.msg141637#msg141637

Igor, perhaps a word to the authors of this warning that they have got it wrong when they say avast! is vulnerable.

Instead of the categorising avast as one of the Vulnerable Systems because it doesn’t comply with its summary statement.

Several AntiVirus programs do not scan filesnames that contain non-printable ASCII characters,[i] in addition instead of blocking them they are simply ignored.[/i]
Clearly as you have mentioned it does block it, e.g. stops it executing and not simply ignoring it.

Btw, the boot-time scanner shouldn’t have any problems detecting and removing the file.
I.e. the problem, in my opinion, is not exactly about “non-printable ASCII characters”, but rather about UNICODE readiness of the applications (even though I may be wrong for some AVs).