But now, NONE of the 3 eicar files get scanned on downloading. NONE on unzipping using Ghost Commander. NONE detected during the on-demand scan of SDcard (internal). I suspect Avast scans applications only.
When I reinstalled DrWeb, it
(1) alerted during the upload. I told it to ignore since I wanted to see scan result
(2) alerted during scan of sdcard/Download and logged it (I keep wishing avast could scan selected directories and had a log of what’s scanned).
Let me check this out on my Nexus 7. I think you’re right and this is troubling. None of the files are detected during download but I don’t think they’re supposed to be. What’s really troubling is that I can open the text file in Kingsoft Office or the regular text viewer with no alert. However, a full scan did detect everything but the double zipped files. which when unzipped are not detected on execution. The Eicar.com file actually wants to open as a torrent file. It is the same when downloading with either the Dolphin or Chrome browsers.
Well I have AMS set to scan apps and the SD card since on the Nexus 7, the built in storage is recognized as an SD card. I don’t think the eicar files will be detected unless you check that option. Even if you don’t have an additional SD card installed.
On a full scan like that, as I said, the Eicar files are being detected except for the double zipped one. The regular zip file is detected and removed. None are detected on download or opening however. I think the real time scanner only really checks .apk files since from what I understand, that’s the only real vector of infection in Android. I also have set AMS to only scan the apps on installation or update and not on subsequent executions. I did that to improve performance but to be honest, there is no noticeable difference either way so I may turn the on execution option back on.
@Dch48,
I have both SDcards selected and Avast scans SDcard then SDcard2 (external).
Also I have checked both scan on installation and on execution.
Guys, I forgot initially, that the eicar app needs to be installed from play store. So when I started this thread it was based on the normal download from eicar.org. In a way I mixed apples and oranges when comparing to old results.
But, using the application is, in this instance, a totally unrealistic scenario.
Avast should have screamed, as did drWeb, at every step of the way.
I think it’s a design flaw. Sorry.
Those pictures are from beta testing of the play store application. It’s possible that at some point there I wasn’t scanning both SDcards since turning things on and off was part of testing and I had no applications on the external card anyway, just music and pictures.
Regardless, even if external card wasn’t scanned, eicar was detected then.
For the test I just reported, not using the application but direct download, both were checked and avast failed.
Okay but I think it really doesn’t matter whether the downloaded files are detected or not since they are not in a format that would pose a threat of infection on an Android machine. However, mine does detect them in a full manual scan and deletes them.
The app duplicates the actual vector of attack and it is quickly detected and removed.
Totally agree, those txt files aren’t a threat. They can’t execute. But they’re supposed to indicate whether your AV product is even able to react to them or not. And in this instance avast mobile didn’t. Am I going to lose sleep over this? NO, because I trust avast due to many years experience with it on windows, yet it shakes me up a bit this time. Going on faith isn’t always the most secure way to live.
if I download all the 4 eicar files from eicar.org directly to my tablets SD card (currently Nexus 7) and run a SD card scan, first 3 are found, while the 4th is not, which is correct since the 4th is double packed. Cooby, you have Motorola XOOM, right?
OK, tested the newest AMS version on Motorola XOOM now and got the same results I got using Nexus 7, 3 caught, 4th not (correct behavior at the moment).
Thanks for your download test. That’s where things got weird for me. See my first post here. None got detected during the scan. And yes, I didn’t expect double zip to be scanned. But at least one or two should have.
Filip, I think Jan Svehlak has or had a Thrive. Thrive isn’t yet burried, and many current users are on Avast. Also there are the three Excite versions that if not supported now, IMO should be. They’re good tablets.
Now, back to business:
With the current version 2.0.3380,
During downloads of the 4 files Avast was silent, that’s a feature, we know.
During reading .txt, reading unzipped file and reading double-unzipped in ghost commander, also quiet, also feature.
During the scan, 3 detected. So I guess all is ok here.
Just FYI, statistics: SDcard and SDcard2(external) scan time was just short of 10 minutes on 10021 files and the battery dipped by no more than 2% (I didn’t catch the end, the screen was timedout). CPU wakelock was ON. No different battery impact than all the previous versions’ zero% in use, 2% scanning. That’s for people who wonder/complain about battery use
)