I tried to enable zip scanning in the Tasks → Resident Protection → Standard Shield → Packers. I ticked ZIP in and downloaded the EICAR.ZIP file. No response from avast. I opened the zip file → nothing. I unzipped the eicar.com to my desktop → nada. avast only reacted to the test virus when I wanted to execute the com file. Is it supposed to behave like this? Then what’s the point of the on-access scanner options?
You are partially right,. If I set the Shield to High Sensitivity, avast did not let me download the com file. However, it allowed me to download the zip file even if I set the Standard Shield to High and added the zip extension to be scanned or changed the resident TASK to scan packers.
I think you need to add some lines about scanning archives as well (it’s not active as default in Home edition). There was a thread on this here just a few days ago.
I think it should have thrown up an alert when you scanned the zip file. Did you also try right clicking on the zip file name in windows explorer and select scan file (just to scan that one file)?
I’m confused. You want Avast to know there is an infected embedded file within a zip file while it unzipps the zip file and before Avast scans the zip file? I think Avast has the ability to scan within a zip file but I’m not sure it will prevent you from unzipping a zip file with an infected file. I could be wrong. I have been before and probably will in the future. I normally scan individual zip files before opening them.
avast! extracts files into TEMP folder (these files are in encrypted form as in chest (quarantine)) and than scannes them. Anyways any virus is harmless even if its on your desktop. You just need to avoid running it (executable).
I am sorry I always find the argument that a virus is harmless until it is executed very weak and defensive. I have a virus protection on my machine not to have viruses on it, whether they are executed or not. If I download a zip file from the net, I want my antivirus program to check it by default. I think it is not too much to ask, is it?
I’m not disagreeing with you just saying I don’t believe Avast will scan the inside of a zip file unless you ask it to. I could be wrong and it might be a bug you discovered.
I downloaded both eicar zip files. I was able to save them to a folder and unzip them without detection. However, Avast detected the infected files when I scanned the “*.zip” files manually. My Standard Shield is set to normal.
I suppose the behavior is like this: you cannot prevent avast! from downloading an infected zip file because it cannot know if it is infected or not before you ‘have’ the file.
After that, if you are using a download manager you can set: c:\ path \ashquick.exe (without parameters) to scan the file. If you are not using it, avast! will only detect the infection when you extract the files from it.
You can set the Standard Shild to Custom and choose the option to scan every open file in your system. You can add especial extensions to the standard list.
Believe us, you will be safe if the resident protection is turned on.
You can run the on-demand scanner frequently too.
Hope this help.
The normal sensitivity could react like you are seeing.
Please, use the HIGH. Alwil team will change the normal to high and the high to ‘higher’ in the new versions by default.
You can add to your Standard Shield settings:
On open: WS?,VBS,VBE,JS,JSE,HTA,WSF,WSH,SHS,SHB,HTM*
Created and modified files: ACE,ARC,ARJ,BZIP2,CAB,COM,GZIP,PST,RAR,TAR,ZIP,ZOO,ECE