Hi all-

A quick question - and a note that I did not bother to ask this in the Kaspersky forum as I didn't want to register for one question...

I tried out AOL AVS on the weekend with the idea of just running the real time protection resident shield, no email scanning etc.

It installed and scanned fine, updated fine, fast and light.

I ran a quick full scan, and while very quick, it did not find the EICAR files in an email message I keep around to check on AV performance. (Only F-Prot for DOS always keys on the email archive.)

So, I set it up to scan downloads automatically in Firefox, (Download StatusBar extension) tested with download of the EICAR no. 1, and it scanned (console window) and came up 100% clean....?

So I manually scanned the EICAR file using the Explorer integrated on demand scan and again 100% clean, 0 detection.....?

So I tried two or three more of the EICAR files and no joy at all.

Soooo. AOL AVS is either really really smart and doesn't fall for the EICAR tricks, or something is amiss..I ran with the standard default install.

I disinstalled and went back to AVG while I ponder this.

Any ideas from anyone? I have no idea how to otherwise test the installation and figure out if it is actually working or not....If it fails on scanning, downloading and Explorer integration.....hard to be confident...

Thanks

dmc

hello,
the attach screenshots show what happern when i go to the eicar site and try to download eicar.
i showed the fileav as well as webav since active virus shield doesnt have webav.
did you go to the website shown on my web av screenshot?
if not go there and download the text one first.
lodore

Eicar is not a virus, spyware, or riskware. Why would I care if AVS detected it or not?

{QUOTE-> Eicar is not a virus, spyware, or riskware. Why would I care if AVS detected it or not? <-QUOTE}


I really cant see much point to your remarks Benny.

The Eicar Test Virus is a recognised way of testing whether an Anti Virus is working or not. Whether it is a proper Virus is of no consequence.

Hi Delgado:

Yes, the eicar test is recognized, but it is still not malware. Is it important that your AV dectects this? It is possible that some av or as companies focus too much attention in detecting these test viruses instead of focusing on the ones that will cause damage to your OS.

{QUOTE-> Hi Delgado:

Yes, the eicar test is recognized, but it is still not malware. Is it important that your AV dectects this? It is possible that some av or as companies focus too much attention in detecting these test viruses instead of focusing on the ones that will cause damage to your OS. <-QUOTE}

the eicar test virus was created to test to make sure your realtime protection is active and working. its a basic test.
so eiether the eicar test virus wasnt made propersly if the text code wasnt put in properly or file av isnt working.
the OP should try this link
http://www.eicar.org/download/eicar.com
file av should kick in and show a popup asking on a action

lodore

Hi Iodore:

Yes eicar is a basic test that will shed some light on your AV protection. My point, however, is that it may not be an accurate barometer of your AV's protection. I would rather have my AV flag a real virus than a test virus. Just so I come out a winner here, I'm going to eat dinner and forget I posted in this thread. It's just a test, that's all

{QUOTE-> Hi Iodore:

Yes eicar is a basic test that will shed some light on your AV protection. My point, however, is that it may not be an accurate barometer of your AV's protection. I would rather have my AV flag a real virus than a test virus. Just so I come out a winner here, I'm going to eat dinner and forget I posted in this thread. It's just a test, that's all <-QUOTE}

no your right it doesnt show any light on how well your av protects you against real viruses.
but i doubt someone is willing to test there av against a real virus just to see if the real time protection works.
lodore

My dinner is not ready yet, but i agree with you Iodore. At least I am not ready to test against real viruses.

Hi lodore et al;

Lodore, many thanks for the screenshots - I did dl the files from the european EICAR site, and you are correct, AOL AVS does not have a web shield component.

I certainly did not get the File AV Alert at all, either thru the FFox extension scan, nor thru the Explorer on-demand scan.

Since it is clear that AOL AVS should have alerted on the EICAR #1 at least, I will have to think some. The only possible idea I have is that not 'enabling' the email scan component might have some effect, but that would be too stupid to be plausible...It should not effect the regular real-time shield, or certainly any on-demand scan....

So I'm stumped. Thanks for the help

Cheers

dmc

so this link doesnt popup any alert?
http://www.eicar.org/download/eicar.com
can you post some screenshots of the avs main interface?
and the settings for file av?
lodore

this is my example screenshots
lodore

I have AVS and just executed the eicar test. The file antivirus responded with a warning. Is there a difference with the basic eicar download and the zip files?

the zip files just have eicar.txt file in a .zip file
once exetraced fileav will detect it.
or if scan archives is ticked in file av settings the .zip file will be scanned on access and the txt file taken out
lodore

Understood. Thank you Iodore.

{QUOTE-> so this link doesnt popup any alert?
http://www.eicar.org/download/eicar.com
can you post some screenshots of the avs main interface?
and the settings for file av?
lodore <-QUOTE}

Hi lodore - strangest thing, I have re-installed AOL AVS. I did an on-demand scan of EICAR.com and again, no threat detected. When I went into the log window it said that the file had been 'skipped' by 'reason of scan time'. Hehe - this is for a 68 kb text file....?

There is also a tab button for Settings in the on-demand scan window, but it says that there is no skip set for time or size, but clearly there is...

I will try set up a screen shot and get back to you.

Maybe that is why my full system scan was so fast and light, it was skipping every file that should have been scanned....hehe...

Thanks for the images

dmc

Whoa - this is really stupid - It is skipping every file that it is supposed to be scanning. It just did a reboot startup scan, and as I was happily watching my RAM and resources not taking any hit at all, I checked the Events tab in the Scan window, and it was skipping every file that it was scrolling thru on the first page....

I'll see if I can post screenshots, but I think I will just disinstall and be done with it - This is with the full default settings as installed courtesy of AOL...duh.. If my image appears, then it will show the Events as Skipped for the EICAR.com test.

Edit - sorry problem with the screenshots - have to figure out tommorow - Sorry

If I can get more images to post, I will show the settings window, but I am out of time until tomorrow - Thanks lodore!

Cheers

dmc

{QUOTE-> the eicar test virus was created to test to make sure your realtime protection is active and working. its a basic test.
so eiether the eicar test virus wasnt made propersly if the text code wasnt put in properly or file av isnt working.
the OP should try this link
http://www.eicar.org/download/eicar.com
file av should kick in and show a popup asking on a action

lodore <-QUOTE}

AVS detected that straightaway for me as soon as I clicked 'save'

It detected it for me also.

It is not a very good idea to tell someone to use the eicar txt file as that will not be detected if you use the Proxomitron as it will just render it harmless text. You should tell people to download one of the zip files and then do a command line (right click) scan. AVS will, of course, detect it.

My 2 cents.....oh trojan detection not bad either