The following text is more or less copied from a message of mine in a thread called ‘Downloading zip-file: “No virus” Scanning again: “Threat found” Why?’ on this URL: http://forum.avast.com/index.php?topic=107655.0 :
My experience is that Avast does NOT see the virus, neither when I download the zip file, nor when I unpack the zip-file. Only when I specifically ask Avast to scan the zip file. That doesn’t seem like a good protection strategy to me!
This particular file was never intended to be run on my Windows machine. It was supposed to be put on my website’s Linux web-server.
Even when I save a mail attachment with virus to my hard disk, Avast doesn’t see the virus. I DON’T think that is optimal! (I extracted it more than a month after receiving it.)
And 2 days ago when Avast gave me a strange warning and an error message, I did a 3-hours boot scan, and there I discovered a virus that I must have received in January via a USB-stick. Also, NOT very trust-inspiring! But theoretically that might have been before the virus was known by Avast.
So all in all I would very much like Avast to be more proactive!
With all due respect the web shield is ticked “all packers” by default. When I am finished downloading I always right click on the download file and scan depending on the source. avast has an on-demand removable media scan. Anytime I insert a USB stick into the USB port I run a scan by habit. As far as zipped files go they are by nature inert and pose no harm until unpacked. As I stated before right click on the download and scan before unpacking. The security of any computer rides on the user. There is no such thing as a “perfect” anti-virus. None of the a/v’s have a 100 per cent detection rate. As with anything the ultimate responsibility is with the user.
I have a habit of scanning all downloaded files with both avast and malwarebytes. The 30 seconds it takes is better than the 2 to 3 hours of reformatting,
Archive files are inert until opened. Nothing will ever start/run from them until you tell/cause it to.
As it is, there are some archive files Avast! will scan that are password protected. These files, when Avast! attempts to open them, will always result in a “corrupt file archive” error, as Avast does not know the password to open them. Nothing is wrong with these files, it is an unknown password error as far as Avast! is concerned.
Best security practices state that the user must manually scan such files before opening them; automatic scanning will lengthen scan times inordinately with little to no added result in detection because of the above password issue. Best practices also involve using a site such as virus total dot com to scan any unknown file in question.
If you’re paranoid, check to scan archives… Archives are inert by their nature (i.e., only when unpacked the virus can do harm if the antivirus is not present).
You’ll degrade your browser and mailing experience without adding real protection.
When the file get “used” (or at on demand scannings) they would be managed by the antivirus.
Well… I would like Avast to scan files when they are downloaded or unpacked from archives or extracted from mail attachments.
Can’t that be configured??
No extra scanning please…Avast is superior to all other AV’s exactly because it is not paranoid. Only executable files are scanned unless you ask for a scan. Further on, unnecessary scanning of files that just resides on a hard drive is not performed. They can be scanned with a complete scan when the computer is not in use.
If you want a paranoid AV that scans everything all the time and degrades you to an imbesile with no right to control your computer, I suggest you try Comodo.
When this is said, I don’t understand if your packed files are not scanned when unpacked. They will be if the content is executable.
The virus was not found when I unpacked the zip file. The zip file contains a ‘half baked’ WordPress blog website.
The infected file is called “thumbs.php” and is situated in a directory called wp-content/plugins - inside the zip file.
I have the Avast Free Antivirus, and I tried looking under ‘Real-time shields’ → Web Shield (and Mail Shield), but I couldn’t find any settings that sounds relevant. Could you please elaborate a bit?
Both the web and mail shields have the “all packers” ticked by default. I would advise you to right click on the download and scan before unpacking files.
This not a guarantee that the actual executable will be scanned. I does mean the download file will be scanned. When the file is unpacked then the file and behavior shields will kick in for protection. The file shield has the built-in autosandbox for that extra protection.
You are absolutely right!
I am surprised that a lot of AV’s will implement sofisticated metods to block a threat but will not do a simple thing: automatically scan a rar/zip download!!!
The reason vehiculated here by avast! suporters/evangelists that while is packed is not a threat is not a valid one; I can ask , why will we have a website shield , the same reson should apply , if is not executed do not scan/block.
The real reason is unpacking a rar file after download and scanning it is time consuming and will loock like Avast is slowing your internet. So, if you right click and scan, this is a different story.
You can download a virus in RAR format, send it by email,save it on a memory stick, give it to somebodyelse and will never be detected by Avast!
The free av which is automatically scanning a rar/zip dovnload is MSE4.
A web site is different than downloading an archive. An archive is inert, and requires action by the computer user to present a threat. The user must open and execute the contents of the archive, and by then if the AV is going to find a threat at all it should have. To be on the safe side, I always manually scan all downloaded archives and installers with an AV and MalwareBytes after making sure that they have the latest signatures available.
OTOH, web sites can and do contain active content which can be run on your machine simply by visiting the site, requiring no user action at all. These days, visiting one web site usually means you have connected to many sites via embedded links. Any of these could be malicious.
@ DavidR Thanks for restating what I pointed out in reply #1. All the user needs to do is after downloading “right” click on the file while
it’s in the download folder and run a scan. As I said the ultimate responsibility is on the user.
They don’t really have to do that if they haven’t changed the default settings, as it should have been scanned by the web shield during download. I’ve never been much on duplication of effort.
I agree. I just stated what I did to stress the right click option. I always leave the packers settings alone. avast knows what they are doing.
And you can’t protect someone from themselves.
