What about updates?

First of all, I wish to congratulate Avast! team because they have developed one of the best antivirus systems I have used (previously I have been using Panda, McAffee, Norton, Trendmicro, Kaspersky and some other I cannot remember).

But, IMHO updates of the virus databases are really bad. This is not the first time I have experienced this same problem and, therefore, I have decided to share it with all of you.

In my case, in several ocassions I have received an email message with a virus inside (fortunately, I have been able to correctly identify it). This virus is not a recent one and, as such, is correctly identified by some other services (or most of them, as in the last case).

I have sent the virus received to Avast! and, after more than one week (and several DB updates), Avast! Home remains the only of the important AV systems being unable to identify this as such.

To be more explicit, the viruses I have received (and sent to Avast!) are the ones tagged by Clam as Trojan.Downloader.Small-2238 (received and sent on August 28) and Trojan.Downloader.Small-2293 (received and sent to Avast! on September 4th).

I am really very satisfied with AV software but I am afraid that this same problem (not detected viruses spreading several months) will be affecting not only viruses using email but, also, viruses using some other propagation ways.

Does anyone of you have experienced this same (or similar) problem? Does anybody at Avast! may offer an explanation about this really very big concern?

Thanks in advance.

:slight_smile: Hi :

 Trojan-Downloaders are best handled by a program
 that "specializes" in trojan detection and removal, such
 as Ewido from www.ewido.net/en ( reverts to "Free"
 ver when the trial runs out ) and the "Free" ver of
 "SUPERantispyware" from www.superantispyware.com .
 Even if Avast "detects" them, it seems unlikely it will
 be able to put them in the "chest" !?
 Some "trojan-downloader"s require the use of special
"tools" used by Experts on antiSPYWARE forums.

Hi Spiritsongs. Thanks for your reply.

I agree you, most spyware malware are best managed using a specialized product. Unfortunately, this is, IMHO, just an additional level of protection and any good AV system should be able to detect some (maybe the most important) of these threats by itself.

This is most important if we take into account that one weakness of these specialized solutions is not being able to analyze incoming/outgoing email messages and only detecting these threats once they have been saved to the disk (unattached).

As you can see using a system like VirusTotal (http://www.virustotal.com), that analyses any file you send using more than 20 different AV systems, only Avast! (and the relatively unknown “The Hacker”) is unable to detect this threat. Are all the other developers wrong? Are Clam, Kaspersky, Norton, McAffee, AVG, Panda, … using an incorrect orientation in their solutions?

Yes, I agree again. Some of the solutions mentioned are fully integrated protection systems, but Clam and AVG are just an AV solution and it seems that they have been able to protect the system.

But a curious situation remains. The first time I sent one of the files mentioned in my previous post to Avast!, I received a message from Avast! because the email did not have any attachment. The reason? Avast! internal system correctly detected the infected file and deleted it.

This is the text that was added to the message received by Avast! support:

*********************** A virus (TROJ_SMALL.CPM) was detected in the file (paycheck_322082.exe). Action taken = remove ***********************

Is Avast! using a non-Avast! antivirus solution? (the virus name reported is the one used by Trendmicro)

This is the text that was added to the message received by Avast! support:

Quote


A virus (TROJ_SMALL.CPM) was detected in the file (paycheck_322082.exe). Action taken = remove


Is Avast! using a non-Avast! antivirus solution? (the virus name reported is the one used by Trendmicro)

Well, did you really receive such a message from ALWIL support?
This actually probably means it never MADE IT to the support inbox.

That is, some AV product en route (on a mail server in between, with another AV product installed) detected it and deleted it.

That’s why we always recommend to send viruses in password-protected archives (together with the password in the message body).

I think it would be definitely worth resending the samples, maybe we just really haven’t received them.

Thanks
Vlk

Thans, VLK.

In fact, this was what I did once received the message from Avast! (an @avast.com email address). The original message was sent to virus AT avast DOT com and I guessed that this email account will not be AV protected (as some other developers do).

After receiving the message, I zipped the files and password protected the ZIP archive using, as suggested by Avast!, the password “virus”.

Another week, and Avast! stays unable to detect the previously mentioned infected files and no communication has been received from Avast! team about that. Is this what usually does Avast! when users send a newly detected virus?

In a previos post, SpiritSongs suggested to use a more specialized solution because these infected files were Trojans. But Avast! Home has previously correctly detected some other trojan infected filed and, in my opinion, not detecting them once sent to their laboratory is an error.

My main question about that is: if I have detected 2 new viruses and Avast! does not detect them after more than 2 weeks, how many other viruses are out there that Avast! is not detecting and how good is really the protection that it is offering to my computer? (take into account that they are not viruses unknown to Avast! but viruses known --I sent them-- and not added to the viruses database or not analised by Avast! development or support people).

Generally, there are not automatic answers… The ‘answer’ should be, generally again, a VPS update.

Thanks for complaining… Maybe Alwil team take a look closer to this problem…

I can’t make any assumption here… Detection goes better than, some time after, it is worse :stuck_out_tongue: :-[
They’re working hard but seems that’s not enough to us (or anybody that has his computer infected…). I understand and share your opinion :cry:

I feel your pain javiervb.

I used to submit new virus/spyware to avast, but I’ve stopped, because it’s a waste of time.

The last three i have sent, has not been added to the VPS and the attached virus was packed in a zip with virus as a password.

Avast is a great antivirus, but they need to pick up the pace on detection of new viruses and they need a better system for the samples sent to virus@avast.com.

Over 4000 emails a day are received on the virus @ avast.com address every day so things have to be prioritised on severity, virus/worm, trojan, anti-spyware and adware, etc. so a lot would depend on how your sample is categorised as to how quickly it is likely to be added to the VPS.

One thing is for certain, if you don’t bother to send it in there is no way it will be added and that doesn’t benefit anyone. The pace on detection is picking up as you will see from the latest http://www.av-comparatives.org/ results for ‘On-demand comparative - August 2006’ you can compare it with the previous On-demand tests and see for yourself.

If your samples are really infected ones… Its a shame to avast :P When well be proud about avast detection, virus analysis, sample submitions…
I hope I can live to see this day ::slight_smile:

Here there is more about detection: http://forum.avast.com/index.php?topic=23600.msg194444#msg194444 ::slight_smile:

Well my problem is that a recommend avast to friends and coworkers, and maybe i have just been unlucky, but the amount virus/adware i have stumbled upon the last months that Avast doesn’t detect, has been alarming high.

And on top of that, when you see your submitted files with spyware/virus/false positives, doesn’t get fixed, you loose that will to help out, because you don’t see any results from your “work”.

I really hope Avast is going to improve this, because it might be the biggest problem atm.

No doubt… See again http://forum.avast.com/index.php?topic=23350.msg194533#msg194533

Nice link, it was actually a zlob variant, one of the samples I send in.