Virus detected by Windows but not by linux version.

Hi,
we are using libavastengine-4.7.6-1.i586 with avastlite v3.2.1 and we update the definitions every 3 hours.

Definition number 130723-0 :
ERROR-0: New VPS: 130723-0 (date: 23.07.2013) succesfully installed

Same definitions but the Windows client founded the virus Win32:Dropper-gen [Drp] but linux client not . :frowning:

Why this with the same virus definitions ?
Is this linux client not supported anymore or it will go in a limbo state ?

this is the link on Virustotal

https://www.virustotal.com/it/file/e7873eb0a3dcaa28082cbf4642344a8b982f40c41fc1fadb92a09095c517647f/analysis/1374586355/

Thanks for the support

Hi overblood, and welcome to avast!WEBforums. :slight_smile:

Confused as to your problem actually, could you be more specific as to what you are scanning with, and what you are scanning, i.e., A Linux Partition, AND/OR, a Windows Partition, with “Avast xxx”.
Thankyou. :wink:

I can give you an installation link to the Avast! - avast4’Linux’workstation scanne herer:
wget -c http://files.avast.com/files/linux/avast4workstation-1.3.0-1.i586.rpm
This is the scanner for installation in your Linux Distro.
Also it’s .vbs http://files.avast.com/files/latest/400.vps

If you’re looking for avast! 4 Linux Server (uses license.dat for activation from B2B) go here:
http://forum.avast.com/index.php?topic=115968.msg934007#msg934007

As far as Virus Total, please read there own comments on what it is all about :
http://www.f-secure.com/weblog/archives/00002482.html
https://www.virustotal.com/about/

Regards,

Abraxas.

Hi , i am scanning a single file submitted my-email.

avast4server-3.2.1-1.i586.rpm
libavastengine-4.7.6-1.i586.rpm

What i find strange is that with this definitions VPS: 130723-0 the linux client doesn’t find the virus while the windows client with the same VPS finds it.

Today with VPS 130723-1 also the avast4server finds the virus but what is strange is the dicrepancy between the 2 versions.

Strange as you say.
I guess it’s possible that avast for widows made the detection originally using a non-signature-based technique.
That detection was confirmed, and so the signature has now been added?

overblood, as mag suggests, the Windows Virus may now be in the Linux ‘.vbs’ (although they both should be same - Linux and Windows) ::slight_smile: We have seen in the past slow downs in the Avast4Linux server, updating the .vbs, which may also be a factor.
mag:

"...I guess it's possible that avast for widows made the detection originally using a non-signature-based technique."
I suspect the Windows scanner uses heuristic techniques, etc., whereas i'm not sure as to the methods of detection of the avast4server scanner, simply the .vbs I believe.

Also, a Linux scanner won’t scan protected (root) files, as is the nature of Linux permissions.
Is the Email owned by a ‘user’, or ‘/’ may be something worth checking ?

If you are having further problems, I suggest contacting Avast.co, as Avast4Server is a paid for and licensed product.

Good luck,

Abraxas