???Download managers have an option to use the virus scanner after a download is complete. If resident protection is active,
1) is it necessary to check for viruses after download ?
[i]Yes , it's very important. Even scan CD rom's before installing from them.[/i]
2) does web shield check these downloads?
[i]I'm not sure ? I think not, but I'm sure if not, someone here will say[/i] ;)
3) what is the executable for avast to be activated?
[b]ashQuick[/b] C:\Program Files\Alwil Software\Avast4\ashQuick ; is the pathway .
If you set the protection to High level, not. If you set to Normal, it’s better add the ashQuick.exe to the scanner option of the download managers (without parameters).
If it is downloaded by HTTP it will be possible… Not for FTP or HTTPS protocols.
this is my first posting in this forum. I come from Germany and I use Avast i.e. after a download with the Firefox internal download manager. There is an extension for firefox “download scan” with an option to activate an antivirus scanner after download.
When I activate the scanner with ashQuick.exe as you have already mentionend, it doesn’t work. At the end of the process a statistic window pops up and the result is: nothing has been checked.
Whe I use gigaget i.e. it works. Do you know this problem?
Isn’t Firefox plugin requiring a parameter for ashquick.exe?
Generally, no parameter is needed but in some cases the only way to set ‘which’ file should be scanned. I’m not a Firefox-expert.
Someone correct me if I am wrong … I see nothing in the Web shield at present that will ensure that a file that is being downloaded will be scanned by avast as a complete file.
As, I understand it, when the complete file is written to disk it will not be scanned by the standard shield set at normal sensitivity.
Therefore, it would appear that scanning downloaded files, especially if they are archive type files, is not just a good idea but essential.
deri
I assume you are using a Firefox extension (like Download Statusbar or something similar). To ensure you see the results of the ashquick scan:
right click on the avast tray icon > Program Settings > Common > Check the “Show Results of Explorer Extension” box > OK
I’m not exactly sure what is scanned by the web shield relating to downloaded files either, but I have an example.
Recently we had an issue where the EvIDpatch was being detected as on clicking on the URL (to a zip file) firefox’s download function automatically started to download the zip file and the Web Shield alerted on it before it completed downloading. The only way to get it down was to pause web shield.
I have also had the same thing when downloading a .zip file file containing an .iso file xpboot.iso (ultimate boot disk) using firefox’s default download function. This got to 90+% and web shield alerted to a system tool included in the CD, KillCmos, not nice when it is a large file. I was also surprised as avast scanned the iso file, I didn’t think that was a supported file type.
So in certain examples web shield has scanned downloaded files (zip files in these examples), not just web pages and their content downloaded into the browser cache.
As far as I can tell I think avast scans each http block as a separate entity since avast does not know what any given sequence of http reads represents. So as long as a complete signature can be found in one of the http blocks then avast can interrupt with a warning. However I rather suspect that if the signature were to be split across http reads whether it would be detected is questionable. The eicar tests are very short files and they are certainly detected by avast when accessed via standard http reads.
It is not, I think, like the mail scanner where avast can know that an attachment is being downloaded, cache the whole attachment - reconstitute the complete file - and scan it.
One cannot rely on download managers working as they used to in the old days where the file was written to temporary space and then copied to the permanent location (giving the av program the chance to scan the read). Now (at least with Firefox) the writes are to the permanent location with just a rename to the file at the last minute to give it a permanent name.
For example - if one downloads the eicar test virus zip file with Web Shield inactive (or even via https with the Web Shield active) then the infected file is written to disk without a peep from avast. That file can then be copied from disk to disk without any complaint from the Standard Shield.
If one’s download manager calls ashquick.exe to scan every file downloaded - then even if it was downloaded via https - avast gets a chance to scan the file without even thinking about it and (unlike the Standard Shield) it will unpack and scan the content of archive files. One of those far better safe than sorry things.
whatever the response from the alwil folks may be … let’s not forget that an infected file can be downloaded during an https session and then avast can do nothing during the download.
So I repeat (even if boring) the most important point I wanted to get across is scan those files after you download them. What the heck does it cost you? It could save you a lot of trouble!
Alan, my doubts are technical, just want a confirmation of a behavior. You seem upset :
I’m not bored… just want to learn. You’re taking personally? : ???
By the way, I scan every download file just after the download using Free Download Manager & ashQuick.exe
I’m not so sure about it being as simple scanning of http blocks, if so how could it tell if it were a file within a zip (xpboot.zip 850KB in size) and even more so a file within a .iso (disk image xpboot.iso 2818KB extracted size) file within a .zip file.
We could definitely use some input from the Alwil team though.
my comments were not directed at you personally - I am sorry if they came across that way - and I was not upset.
I was suggesting that no av product can catch everything during transmission and that scanning downloaded files (which is not too hard to automate - as we have discussed) is not exactly a hardship.
By the way, while I have discussed my guesses at how the scanning works (just from monitoring the way the product works) if I knew in detail - which I do not - how avast detected viruses I would not be describing it here in the forum and I rather doubt that the avast team are likely to either.
As for detecting signatures in zip files - I suspect it is not too hard for the avast folks to determine how a zipped signature looks and so be able to detect the signature even if it being transmitted in zipped form.
How about signatures in .iso images inside zip files, even standard shield in Normal mode doesn’t scan the .iso file when I open the zip file with 7zip or extract it from the zip file. So the web shield also on Normal is doing something over and above standard shield.