I am in the process of converting machines to Avast from Sophos.
A pc with Sophos antivirus found the Sobig virus after they opened an email - it caught the file while being stored in an Explorer temporary directory (didn’t execute).
As a test I copied the file (wicked…scr) to the desktop on my machine (with Avast 4 installed and running) - nothing noticed. I even opened the file in notepad - nothing detected. Avast on demand scanning of c:\windows\desktop did find it.
I am concerned that the file could have been executed on my machine? Why was it not detected by the resident protector during the copy process or opening it in notepad?
Yes, you are right - in default settings, only the executed files are scanned (which should be enough - if the virus isn’t allow to execute, it cannot spread).
If you select “scan files on open”, the files will be scanned whenever you access them, e.g. when you open them in Notepad, copy, etc.
You can specify the extensions of the files to be scanned; and yes, if you put * in the edit box, all files will be scanned. Of course, it will slow down your computer to some extent.
Additionally, you can even scan created/modified files.
Excellent responses - thank you! Only scanning executables makes sense - that should catch the ‘execute on preview email’ type viruses, too…?
Question on updates - I was surprised to see that the software’s last update was August 22. I manually updated and it came up with something from today… makes me worry that it wasn’t updating properly? Or was it just a coincidence that my pc hadn’t phoned home yet today even now I leave it on all the time, always connected to the 'net.
E-mail viruses are detected & stopped by the corresponding resident providers: Outlook plugin for full Outlook and Exchange, and Internet Mail for any other POP/IMAP/SMTP e-mail clients. So, they are detected before they arrive to your mailbox. In case of full Outlook, I think the scanning can be performed even on viewing.
But I guess that’s not what you were asking about. Well, I think that if you use an unpatched (buggy) Outlook and preview the infected message, it will be catched by the “executable” scanner as well - since the virus will be executed, and that’s what the Standard Shield is looking for.
As for the updates (I guess you mean the virus database, not the software itself) - if no dangerous virus appears, the database is updated twice a week (but if a dangerous virus starts spreading, such as Sobig recently, the update is released immediatelly, even multiple updates during one day). So, it’s easily possible that there was no update since August 22, and when you performed the manual update, you got the one just released. You can check your configuration of the updates in the program Settings.
As for the updates (I guess you mean the virus database, not the software itself) - if no dangerous virus appears, the database is updated twice a week (but if a dangerous virus starts spreading, such as Sobig recently, the update is released immediatelly, even multiple updates during one day).
This is right - there was an update Friday 22nd and then today ie. 26th... If nothing happens during several next days, the next update will be released on Friday again...
Hey avast team…
Lots of users are relating that “even a day or so after the email-notification that a new update was available, the autoupdate didn’t get the update…”
What´s going on? :
IGOR
" Yes, you are right - in default settings, only the executed files are scanned (which should be enough - if the virus isn’t allow to execute, it cannot spread). "
and if u run a DOC(macro) virus only with the setting check the executed files…
Well, when I was talking about the default settings, I meant that the options on the first page of the Stardard Shield configuration (Scanner - Basic) are turned on. Besides the scanning of the “executed” files, there’s a special checkbox to scan OLE documents there; you are right, technically they are scanned on “open”, not “execute” - but I sort of put it together. It’s on by default, and it should be, of course.
Just a reminder – 4.0.235 contains a bug (as already discussed earlier on this forum) that prevents the ‘scan created/modified files’ feature from workin (Windows NT/2K/XP/2K3 only).
This will, of course, be fixed in the upcoming update.
Yes, useras=1 seems to be the problem. I tried adding it to “optimize” my dial up settings. I ended up deleting it because it seemed to stop automatically updating when I went on the net. Guess I should remember “if it ain’t broke don’t fix it” since everything seems to be working perfectly without adding useas=1.
Would you mind if I sent you a small utility that would let me do a small experiment on your machine? It would just report the status of your modem, and you’d confirm whether the status it reports is correct or not. It would use the same algorithm as the one used in the avast updater.
If you agree please send me an IM or email with the address to which I can send it.