I am new to Avast. Have been running AVG Free and i have switched to Avast4. I am running Thunderbird 2.0.0.19. I tested using EICAR.com as an attachment and Avast detected it as a virus outgoing and incoming.
My question is:
Does Avast4 scan the email content as I believe AVG does? and if so, how can I test it? It does not recognize EICAR when embedded in the email.
Thanx,
MichaelY
Can you explain what you mean by “embedded in the email” a bit more?
Also what was the the port/security setting for the receipt or sending of the this embedded email?
I am not using any security.
By embedded in the email I mean the EICAR string is the only line of text in the email.
I am using port 25 for POP and port 110 for smtp.
In order to test email scanning I would like to be able put something in the body of the email that would be detected as a virus. Is there any way to do that?
Thanx,
MichaelY
Sorry to persist but it is very hard these days to get even the EICAR virus past any mail service.
I would like to try to replicate the case you are reporting.
Are you creating an email, embedding the string and then sending it or is this a message where you have found a way to get the string through your email provider as an inbound message?
I just ran the same test with the eicar string as text in the email and sent it from Thunderbird and received it using outlook 2003 and it was detected as a virus by Outlook.
That means that the email is not scanned in Thunderbird but is scanned in Outlook. What do I have to do to get Thunderbird emails scanned when received and sent?
Thanx,
MichaelY
Hmm … you are missing a couple of points here.
Outlook 2003 is not an antivirus and Outlook 2003 does no scanning itself. If anything it is your email service (or perhaps avast) that is detecting it … I suspect that it is your email service. Are you using the same email service to send and receive the email?
Let me be up front too. I have just sent the EICAR string as text to a service I know I can get viruses through using Thunderbird. It was sent without an error report from avast and received as text without an error report.
To be honest this is not very surprising. When you go to the EICAR test sites they are not pushing the option of sending the EICAR virus as a text string. The reality of email is that in all email text only messages you could send the most evil virus ever created and … as an email text message … it would be just that … an email text message … that could do no harm to anyone unless it was big enough to print it off and hit the recipient over the head with the resulting heap of paper.
I regret that I am not inclined to install AVG 8 to see if it really does detect EICAR as a text string (even though -as I said - email text strings cannot do you any harm in any way whatsoever).
The only difference between the email scanning in AVG and avast (apart from some of AVG’s stuff being a horrible way for users to scan certain email types that is done much more easily in avast) is that they have a way (again horribly executed) to allow users to manage secure email connections and allow the emails sent/received on those connections to be scanned. The avast team have reported that the same functionality will be provided in avast 5 (expected in the first half of 2009). I hope that the avast implementation will be much more user friendly that that in AVG - but that remains to be seen. In the meantime there is a (not very user friendly also) way to perform such scans with avast as it stands.
To sum up … text strings cannot hurt anyone and are totally safe.
Please look at the EICAR test sites and try all the email tests offered. As I say I doubt they will get past your email provider. Please let us know if any of them fail.
Dear AlanRF,
Please be patient. While I am new to Avast, I am not new to data processing nor PC’s. In fact, I have almost 50 years experience in IT. The first program I wrote was written in 1s and 0s and was programed by wiring a Diamond Core tray.
What I said I meant. I sent the message out through Thunderbird without any problem. I then signed on using Outlook 2003 on the same computer and clicked send/receive. The message was received and Avast gave me the following:
avast! Antivirus: Inbound message INFECTED:
Virus Database (VPS): 090114-0, 01/14/2009
Tested on: 1/15/2009 12:03:35 AM
avast! - copyright (c) 1988-2009 ALWIL Software.
Now Outlook didn’t generate that message. Avast did. That means that at least upon receiving the message, Avast scanned it and found the EICAR virus in it.
It may not be normal but it is not impossible to embed a script in an email that can infect a computer. Obviously, Q.E.D., from the result I got Avast provides the capability to detect a virus in the body of the email when Outlook is the mail client but at least on my machine and from what you have reported, probably on your machine, Avast does not detect the virus in the email when Thunderbird is the client.
By the way, I also received the message on my other computer which runs AVG and it didn’t find the Virus either in Thunderbird.
There may be no answer for this or there may be a way of setting up Thunderbird to enable Avast to detect the virus.
Sincerely,
MichaelY
Michael,
while my IT experience does not stretch quite yet to 50 years it is past 40 years. We can all trade war stories of the old days … I remember patching, by hand, a full program into memory on a major British airline’s reservations system with it up and running (during something of an emergency) almost all those years ago.
I agree that Outlook did not detect the EICAR string (sorry to be picky … but that was not what you reported earlier) avast did. There are two different beasts at work with Thunderbird and Outlook 2003. For Outlook 2003 there is the avast Outlook/Exchange provider which is rather superior to the avast Internet Mail provider that works with Thunderbird and other lesser “run of the mill” POP/SMTP clients. This is because Microsoft has designed a standard interface that the antivirus providers can write to for Outlook.
I must leave it to the avast team to speak to the apparent inconsistency between the Internet Mail provider and the Outlook/Exchange provider.
It may not be normal but it is not impossible to embed a script in an email that can infect a computer.
Forgive me pointing out that you cannot have it both ways. You have not complained about the failure of a script. You have complained about the failure of detection in a text message. A text message cannot be a script … it is totally inert … it can do no harm to anyone in anyway whatsoever.
Avast does not detect the virus in the email when Thunderbird is the client.By the way, I also received the message on my other computer which runs AVG and it didn’t find the Virus either in Thunderbird.
Quite simply and sorry to restate the point … both avast and AVG agree that a simple text message containing the worst virus ever known cannot, in any way, hurt anyone … any system … whether it be delivered via Thunderbird or Outlook.
Why should they (AVG and avast) bend to the request of detecting a problem where no harm can be done?
It may be unfair to modify my last post with another thought so late after posting.
However, all antivirus products are always looking to cut every corner in reducing overhead so they are no seen as being less efficient than the competition. In email scanning the very simplest expedient is to not scan any simple text emails since - as mentioned before - simple text emails are totally inert and just not worth the waste of scanning time.
Well, I looked up my previous post and mea culpa! I misspoke (or maybe miswrote). I didn’t mean to say that Outlook found the virus. I meant to say that Avast found the virus when Outlook was the email client.
In any event, Avast does check the email and finds the EICAR virus when Outlook is the client and does not find the virus when the email client is Thunderbird. And I agree that if the email is a text email then it doesn’t matter. But what happens if the email is an html email that contains a script? Is that possible?
I checked further by viewing the source of the received test email in Thunderbird and there is a notation in the header that the email was scanned by Avast outgoing and incoming:
X-Antivirus: avast! (VPS 090114-0, 01/14/2009), Outbound message X-Antivirus-Status: Clean X-Antivirus: avast! (VPS 090114-0, 01/14/2009), Inbound message X-Antivirus-Status: Clean
And that answers the question that I started with. That is, is Avast checking my email in and out when using Thunderbird.
I don’t know what time zone you are in but here on the East Coast of the US it is now past 3:00AM. It reminds me of the old days when the only computer time we could get for development was the graveyard shift.
Thanks for hanging in there with me and I hope you have a happy new year.
Sincerely,
MichaelY
Michael,
I live on the left coast. I wish you a very good night’s sleep and I will be happy to continue this conversation.