No automatic scan of downloads

system · 2014-01-08T00:31:38.000Z

I updated to Fire Fox 26. Then I updated to Avast 9.0.2011. When I used older versions of both programs… Avast would always do a ‘automatic’ scan of any download (after it was done downloading). It doesn’t do this anymore and I would like this feature back!!! Problem is… I can’t figure out if it’s a setting I need to enable in in Firefox or Avast. I do have Avast set up as a plugin in Firefox. Any help ???

DavidR · 2014-01-08T00:37:46.000Z

Well avast’s web shield should be scanning the download and then possibly the file system shield.

I don’t know where you get that avast has ‘automatically’ scanned a download (other than what I mentioned) in firefox ?
I have has avast for almost ten years and firefox for some considerable time and this isn’t a firefox/avast feature that I recognise.

Are you talking about using a download manager (other than the firefox download function) ?

system · 2014-01-08T01:17:02.000Z

I’m using the download manager built in to FF. When I used to click on the green download arrow in FF (just to see how fast it was downloading)… AFTER it was done downloading it would say something like “scanning for viruses” while showing a progress bar doing it. It doesn’t do this anymore and I have to manually scan each file after a download. IE does show a virus scan (progress bar) after a download but I don’t know if it’s being scanned by Avast or Windows protection program.

XCDR

DavidR · 2014-01-08T01:45:50.000Z

Since firefox introduced that automatic scanning by antivirus function it was stated that it wouldn’t work with all AVs and it has failed to do so with avast right from the start.

If it doesn’t know what file is used for the scan (ashQuick.exe), there is nowhere to input what file to use. Whilst it might have reported it was scanning, I honestly don’t believe it was as there was no record of ashQuick.exe having done a scan.

Considering that the web shield scans the download as it is being downloaded and the file system shield should scan it before the downloaded file is executed, this so called firefox download scan (even if it worked) is somewhat redundant.

system · 2014-01-08T02:05:55.000Z

you say…“Well avast’s web shield should be scanning the download…” any way to check and be sure? When I run the eicar test (Download area using the standard protocol http) …I just get “the connection was reset” not the pop up notice that says “malware blocked” from Avast. So any other good way to test???

system · 2014-01-08T02:16:40.000Z

okay now i got the avast popup. Concerning the “secure, SSL enabled protocol https”… Do I download it then try to open it, to test my file protection feature?
BTW…thanks for the help

DavidR · 2014-01-08T13:27:31.000Z

mugwampbro post:5:

you say…“Well avast’s web shield should be scanning the download…” any way to check and be sure? When I run the eicar test (Download area using the standard protocol http) …I just get “the connection was reset” not the pop up notice that says “malware blocked” from Avast. So any other good way to test???

mugwampbro post:6:

okay now i got the avast popup. Concerning the “secure, SSL enabled protocol https”… Do I download it then try to open it, to test my file protection feature?
BTW…thanks for the help

Some of the Eicar test samples aren’t great for this type of testing, as using the https connections would mean that the web shield wouldn’t be monitoring that traffic. Some are also inert (zip files) and may not be scanned by the file shield at the time of download/creation (when the download it saved to the hard drive).

When archive/zip files are unpacked then depending on the file type (executables, etc.) would be scanned by the file system shield.

system · 2014-01-09T17:21:35.000Z

Can you recommend a good test file? Thanks again for the help.

DavidR · 2014-01-09T18:03:25.000Z

There honestly aren’t many test files out there, eicar is after all just there to check that your anti-virus is alerting as it should, as all AVs will have the Eicar test file signature. It isn’t any sort of indication that it will detect anything else.

Eicar has .com files, which should cause an instant alert (not on https connection, but when it is saved) as .com files are executable, so present an immediate risk, so must be scanned.

You can use some of the eicar zipped files (single or double zipped) with eicar.com inside the zip file and when saved to your hard disk, extract the contents of the zip file/s; when the eicar.com file is being saved to the hard disk (from being extracted) then it is a newly created file so should be scanned and avast alert.

system · 2014-01-09T23:41:13.000Z

DavidR post:7:

Some of the Eicar test samples aren’t great for this type of testing, as using the https connections would mean that the web shield wouldn’t be monitoring that traffic.

While that’s certainly true when using an AV which doesn’t scan SSL connections to web sites, those eicar SSL links are useful to verify the functioning of AVs which do scan secure web connections.

DavidR · 2014-01-10T00:07:37.000Z

I honestly don’t know what method of any AV scanning https connection employs, as simply scanning the raw encrypted data is pretty much useless.

Encrypt a malware file that could be detected before encryption and scan it after encryption and it won’t be detected as the signature would be completely different.

system · 2014-01-10T00:48:31.000Z

DavidR post:11:

I honestly don’t know what method of any AV scanning https connection employs, as simply scanning the raw encrypted data is pretty much useless.

It appears that the same method is used by some AVs to scan SSL web connections as is used to scan SSL email - a certificate is needed to establish a secure connection between the AV and the site. In Kaspersky for example enabling scanning of secure connections enables both SSL email scanning and https web scanning. (As confirmed via eicar tests of the mail and web scanners.) In KAV it appears you get both or neither - they can’t be configured separately. avast! can scan SSL email via a certificate, so it should be feasible for avast! to do the same with https connections in the web shield if they felt it were worth the effort.

DavidR · 2014-01-10T01:38:07.000Z

This probably means similar to 3rd party handling of the SSL connection with an AV acting as man in the middle as such, may have a bit of an overhead, not sure if that would be similar to the old avast 8 mail shield handling of SSL mail or the web shield proxy.

As far as I’m aware avast have mentioned they are planning to be able to do this in a future version of avast, but nothing as far as time frame or version.

system · 2014-01-10T08:50:51.000Z

Why is there no pop up from avast for me if I download eicar?
It only detects it after it is downloaded and opened.

RejZoR · 2014-01-10T09:13:51.000Z

If you’re using HTTPS conenction with EICAR, that’s why.

system · 2014-01-10T09:31:59.000Z

no… even the regular http download… no pop up from avast…

DavidR · 2014-01-10T12:27:16.000Z

XhenEd post:16:

no… even the regular http download… no pop up from avast…

You haven’t said which one of the eicar test files you downloaded ?
Some won’t necessarily be scanned immediately (depending on file type) as they don’t present an immediate risk, e.g. zip/archive files and non-executable files (.txt files).

system · 2014-01-11T15:36:58.000Z

DavidR post:17:

XhenEd post:16:

no… even the regular http download… no pop up from avast…

You haven’t said which one of the eicar test files you downloaded ?
Some won’t necessarily be scanned immediately (depending on file type) as they don’t present an immediate risk, e.g. zip/archive files and non-executable files (.txt files).

all of eicar’s… .com, .txt, .zip… I think .com should trigger avast’s webshield…
Does avast really gives a popup and block at least one eicar file? Clearly there’s something wrong with my avast if what it should do is detect and block.
I think I need a help on this. I’ll try to clean install avast tomorrow.

system · 2014-01-11T21:58:43.000Z

XhenEd post:18:

Does avast really gives a popup and block at least one eicar file? Clearly there’s something wrong with my avast if what it should do is detect and block.

Avast 2014.9.0.2011 gives a pop up (and blocks) all 4 of the eicar variants (.com/.com.txt/_com.zip/com2.zip) as shown in the attached screen shots, when an attempt to download them is made using standard protocol http.

As expected it does not block the download of any of the variants when the download is made using SSL enabled https, however it does subsequently detect them on a scan or if an attempt is made to extract from zip.

Announcements