Pro effectiveness?

Hello
I’ve been testing Avast Pro version tonight debating getting rid of NAV. I’ve been using the email tests from www.gfi.com/emailsecuritytest/ The test sends a series of emails with different packages to test the AV system. Avast picked them up as they were incoming as “potential infection detected” , with choices of Delete or Continue, I opted to continue as I wanted to further test. Upon opening each email, several of the attachments were allowed to run. E.G. a VBS attachment when double-clicked was not intercepted and wrote a text file with details from my registry. I assumed that possibly my selecting “continue” defeated any subsequent Avast intervention, except when I tried to launch the Eicar attachment (one of the other sent tests), Avast caught it. I tried the same test with Nortons AV 2003 with incoming email scanning turned OFF, and NAV picked up on everything. Not a great first impression…
Thanks

Selecting continue only allowed the email to come through in it’s original state. You gave Avast permission to butt out. The fact that NAV caught them when opened by you probably means NAV has put these files in their definition files despite the fact that they are harmless? I’m not quite clear on the details of the files in question. I am curious of why the pro script blocker didn’t work on the vbs file. Was the script blocker active?

Also, you have NAV and Avast installed on the same machine?

How can I tell if the script blocker is active?

No , I uninstalled NAV prior to installing avast!

Sorry, I don’t have the Pro version. I use the Home version with Script Sentry added. I suppose opening up the avast scanner and once the avast scanner window appears you can right click and open up the menu to check the settings. Or try right clicking on the Avast ball in the system tray.

It appears script blocking is on …

It should have given you a warning about opening the vbs file at least unless it only works in the browser. I don’t know why it didn’t warn from the email itself when you opened it.

I’m sure the Alwil staff will respond to this thread. They are pretty good about responding to threads like this.

Oh, be sure to subscribe to this thread so you know when someone responds tomorrow.

Thanks for the tip, I’ll do that. :slight_smile:

Well, personally, I don’t see anything wrong about the behavior. The e-mails sent are not real viruses/worms, are they? (I didn’t check, but I certainly hope so!)
Therefore, avast! didn’t pick them up as viruses. The avast! e-mail heuristics only warned you about suspicious (i.e. possibly dangerous) message. You choosed to continue, the messages were delivered.

Then, if you tried to run them, they were executed - since they were not subject to the e-mail scanner heuristic test anymore. Remember - they are not viruses; so, the Standard Shield didn’t block their execution.

I’m not the guru of this site but, for sure, doing this will corrupt your Registry. It’s impossible to get rid from NAV without special removing issues.

There are a lot of threads discussing this. NAV messes your registry (http://www.avast.com/forum/index.php?board=1;action=display;threadid=259;start=0). The main reason installation fails or systems freeze when using new AV programs is the inablility of the old ones to uninstall properly. I have had to dig up removal tools for Norton before anything would operate properly. This is not an avast issue, Kaspersky, McAfee and even Grisoft (e-mail plugin) have their own unique uninstall issues as well.

Read more here. :wink:

Besides what igor said, you must check your avast! settings for the highest protection. I suggest you choose ‘Custom’ level of Standard Shield and see what configuration will be good for you.

You can add *.VBS files into the extentions settings.

Why didn’t the script blocker block the vbs file? Or does the script blocker not work with email attachments?

I guess maybe thats it. I reran the test with the VBS file, same results So I copied it to a folder on hard drive, scanned that folder for viruses and nothing came up. Went to explorer , double-clicked to launch and the file executed. Performed the same on a different computer running NAV and it was identified as virus.
So how does one run meaningful tests for comparison?
Thanks

I don’t understand why the script blocker didn’t block the vbs file when he tried to open it as an email attachment. Afterall, the vbs file was designed to write to the registry and create a file. That should have at least threw up a warning from the script blocker if it is programmed to work with email attachments.

I can send you a few live virusses or trojans if you want ? even some rootkits…? :wink:

Just pm your email-adres.

No, just kidding (although i can do it, if you persist) but can’t you just use a different email adress (from yourself or friend) with EICAR attached in different ways and mail it to yourself ? Just to see AVAST mail provider do his work.

Send EICAR packed, unpacked, plain etc…This is the safest way, really. :slight_smile:

Btw: Get rid of Norton > I consider it to be malware itself.

Waldo

All emails were correctly handled by avast!

The emails contents were:
Note to the email/network administrator: This email
security test was requested by Technical and sent to . It does not contain any harmful code, even though your anti-virus software may have trapped it. For more info about this test, please
visit www.gfi.com/emailsecuritytest

Some of them did not have the attach deleted but I cannot ‘run’ the attachments anyway… Did I do something wrong? or avast! did its job? :-*

The Script Blocker doesn’t have anything to do with e-mail attachments. It’s the protection for web browsers (and detects viruses only).

Igor, I know this… I just want to know if I did something wrong or if avast! did its job…
Can I send you that emails for you in order to see what are the attachments and if they are ‘safe’ ones? :wink: