Eicar.com opens anyway???

On the eicar web site, I clicked on eicarcom2.zip. That opened and inside was another .zip file. I clicked on that and that opened and inside was eicar.com. So far, so good as I know avast does not scan inside zips.

When I clicked on eicar.com, I got the virus alert and the message box. The message box states that if you click on the OK button, the virus will not run. When I clicked on the OK button, the .com file opened anyway. The I got another virus warning but the .com file did open. Is this a bug??? Thanks.

Rich

The Web Shield should have picked up and if not Standard Shield should have.

We need to know is the Web Shield enabled? What your settings are for Standard Shield are you using High and scan all created/modified files?

I tried it and Web Shield stopped it dead in its tracks.

Why do you think Eicar actually executed?

Ok. WebShield is enabled as is Standard Shield. They are both set to normal. It is scanning files from the default extension list under All Created/Modifed files. When I open eicar.com, my dialog box looks different. I get an OK button with text that tells me clicking okay will not run the virus. I click OK and it runs. I know it runs because I a command window launches and then I get the dialog box again.

Your web Shield is not working, sorry to say.
If I click that link on
http://www.eicar.org/anti_virus_test_file.htm

I do get an immediate warning.

What exactly is the “OK” button supposed to do? I could be mistaken, as I’ve never run across a virus while websurfing (just in email); but the program interface I’ve seen didn’t look quite like either of those posted.

I’d like to know, too! What exactly is that OK button there for? ??? ??? ??? ???

Normally, the black command window DOES open, and simply writes “Access Denied” and then closes. The virus is NOT run though.

Can you confirm that?

BTW what operating system are you using? As JarmoP said, WebShield doesn’t seem to be working on your system. Otherwise, the files would have been caught immediately when clicking the link in your browser.

Thanks
Vlk

The OK button is there to give you a way to dismiss the window :wink:

I think that in this case, there is confusion over what the OK is doing and MrRAlan may have thought that by clicking OK he was accepting the Recommended Action of Move To Chest?

Perhaps the ‘Processing Actions’ area Title/Heading needs re-wording, as it is not Processing any action, just closing a window and the Note also needs re-wording. This, allied with the Recommended Action in the Available Actions area, since they all talk of Action this could easily be confused for ‘OK take the Recommended Action’ rather than ‘OK close the window.’

It works today! When I turned my PC on today, I got the message that the virus database was updated. When I clciked on the eicar link that was giving me problems yesteday, the message box is totally different and only gives me the abort button. Also, it doesn’t open the zip files first and wait till it gets to the eicar.com file. Yesterday, I was also able to open the 2nd link…eicar.com.txt I believe. It would show the text of eicar in the browser. Today, I get the warning. Was there a change in the update I received today which fixed it?

Vlk, yesterday the command window was opening but it wasn’t closing. It just opened and then another avast warning box came up. The same one that came up before the command window opened. I don’t recall seeing “Access Denied” anywhere and I had to close out the command window with the close button. I am running XP Home SP2. Thanks.

No, no change in the update.

Web Shield caught it as I would have expected and the only action required is Abort the Connection, this just stops that page/item being downloaded and doesn’t drop your internet connection.

This means the file doesn’t get onto your HDD so Standard Shield shouldn’t react. In your case, if you changed the scan settings from all created/modified files in the default list to all files without limiting it to the default list (as this list doesn’t include Zip files). Then if something gets past Web Shield, Standard Shield should pick it up, this gives you better protection in depth.