I got those 2 test files from the other board and neither bitdefender or F-prot could pick them up but GAV did.

I'm using bitdefender and I was wondering if I'm not configuring it right or does it not have the ability to unpack files.

When you say test files, what kind of test files exactly.
AVs use virus definitions for actual viruses and of course the eicar test virus.

I'm curious too, I have a paid up F-Prot here and there isnt much it doesn't detect. I'd be interested to run these test files.


:)
Kev

I think this is the thread referred to:

http://www.wilderssecurity.com/showthread.php?t=8425

It *is* an interesting test! ;)

Thanks Jim, indeed it is an interesting test ( I somehow missed the last few posts)

For what its worth I scanned with my backups (albeit trimmed down now)

Gav- Detected both
Nod32 - Missed both
Mcafee v7 pro - Missed both :o
Kavlite 4.071- Detected Both
F-Prot 3.13 - Missed both

This is by no means a scientific test, just a quick 'right click scan'

Suprising results, may I confirm the test file so I can test avast! ?

Thanks :)

Sure Matt, see Jims link above, reply no12 for the links :)

Its good to see that KAV lite stops it. Running Lite on normal settings it didnt . running Lite on Medium settings it did. And running Lite on High settings it would not allow me to down load the files at all.

I checked those two files with AVP 3.5 scanner and it did not catch anything. So, I checked my settings and scan in archives was not checked.
After I told AVP to scan inside of archives, it picked up both.
I do not remember is there is a setting for this in F-Secure, but I would check. Same for all other AV's and AT's.

Picked by AVK (KAV Engine). It’s a matter of unpacking engine that AV offers. Bitdefender has a pretty decent unpacking engine, but nothing beats Kaspersky.

I got a bit worried so I removed bitdefender and re-installed NAV2002 that I got with my computer, now I know why I don't like Norton....... my system is crawling right now.

I don't know, maybe I should give it another shot, I can't stand that Murphy shield, it always bothers me if I want to allow this and that, I have no time for that already since I got Outpost firewall.

-{ Quote: " quoting: Tinribs link=board=24;threadid=8543;start=0#55292 date=1050617881]
Thanks Jim, indeed it is an interesting test ( I somehow missed the last few posts)

For what its worth I scanned with my backups (albeit trimmed down now)

Gav- Detected both
Nod32 - Missed both
Mcafee v7 pro - Missed both :o
Kavlite 4.071- Detected Both
F-Prot 3.13 - Missed both

This is by no means a scientific test, just a quick 'right click scan'
" }-

Me too, I have F-prot as a backup and it missed both files, along with Bitdefender and I also did a quick right scan.

That got me thinking that if it can't pick them up off a quick right scan than maybe the resident shield can't pick it up either with the file is excuting and BAM!!!

Were toast!!

-{ Quote: " quoting: main link=board=24;threadid=8543;start=0#55343 date=1050639957]
I don't know, maybe I should give it another shot, I can't stand that Murphy shield, it always bothers me if I want to allow this and that, I have no time for that already since I got Outpost firewall.
" }-
BD v7 standard is out and does not include a firewall! Murphy is gone! 8)

During installation uncheck "act as firewall" option and it won’t bother you again! ;)



Technodrome

-{ Quote: " quoting: main link=board=24;threadid=8543;start=0#55344 date=1050640098]
Me too, I have F-prot as a backup and it missed both files,
" }-

F-Prot has a poor unpacking engine but its a very strong AV!



Technodrome

It sure has and has been steady for me for many years.

Incidentally Technodrome, how did you manage to get an English language version of AVK? I trialled it but my German is not good so iI couldn't use it properly. :)

Just for kicks, I'm going to DL the evaluation of Sophos, try it out for maybe a week and see how it does, I know it's pretty expensive.

These things scare me because I use alot of Kazaa.WinMX and I can't afford mistakes, not right now.

Keep me informed on how Avast does in detecting these viruses.

Posted by: Tinribs Posted on: Today at 01:15:32am
It sure has and has been steady for me for many years.

Incidentally Technodrome, how did you manage to get an English language version of AVK? I trialled it but my German is not good so iI couldn't use it properly.

Good question Kev Id like to know too :)

-{ Quote: " quoting: Main88a link=board=24;threadid=8543;start=15#55364 date=1050647536]
Just for kicks, I'm going to DL the evaluation of Sophos, try it out for maybe a week and see how it does, I know it's pretty expensive.

These things scare me because I use alot of Kazaa.WinMX and I can't afford mistakes, not right now.
" }-

Sophos won't help here - pick a AV with good trojan/backdoor/worm detection and a unpacking engine.
Sophos is expensive and good in classical virus detection but dont think about it if you use kazaa. Sophos is mainly for companys.

Guys, don't panic if one AV doesn't detect this "firewar" exploit - it is only a 'proof of concept' (from the author of the firewall leaktest "backstealth"), and not a real virus/trojan.
That's why only a few AV companies have added signatures of this tool. 8)

From the AVs mentioned above, Bitdefender, McAfee, KAV(lite), AVK and GAV can unpack UPX. :)

-{ Quote: " quoting: Tinribs link=board=24;threadid=8543;start=0#55292 date=1050617881]
Thanks Jim, indeed it is an interesting test ( I somehow missed the last few posts)

For what its worth I scanned with my backups (albeit trimmed down now)

Gav- Detected both
Nod32 - Missed both
Mcafee v7 pro - Missed both :o
Kavlite 4.071- Detected Both
F-Prot 3.13 - Missed both

This is by no means a scientific test, just a quick 'right click scan'
" }-

No prob Kev... :)

My weigh-in:

PC-cillin 2002--missed both. Allowed the .exe to run! :o (Odd, since Trend has the trojan in their def files)

NAV 2001--Caught zipped. Did not allow execution.

GAV--Caught both. Prevented execution.

BOClean--hammered 'em on execution.

-{ Quote: " quoting: solarpowered candle link=board=24;threadid=8543;start=15#55366 date=1050648510]
Incidentally Technodrome, how did you manage to get an English language version of AVK? I trialled it but my German is not good so iI couldn't use it properly.
" }-

Go to http://www.extendiaavk.com/ !

CompUSA sells AVK Pro (eXtendia) for $19.99! I used this AV since version 9! Just purchased new version (in English). ;)

No need to mention how strong it is! ;)

http://www.compusa.com/products/product_info.asp?product_code=301775&pfp=BROWSE



Technodrome

I agree with Gladiator! If you use Kazaa , then SOPHOS is not your best bet ($ 299 per license)!

Your best bets are:
KAV, AVK, F-Secure( any product that uses Kaspersky engine), Mcafee, DrWeb, RAV!


Technodrome

Technodrome- Thanks letting us know about the bargain price for AVK! I just bought it for $19.99 for pick-up at a CompUSA store just a few miles away from where I live.

Such a deal! ;D

-{ Quote: " quoting: bellgamin link=board=24;threadid=8543;start=15#55557 date=1050745703]
Such a deal! ;D
" }-

I couldn't resist it either! ;D

Its up and running here.... ;)


The only thing I need to do is a full system check. But I am sure 100% that there are no virii on my machine...

Ok maybe 81%.... ;D



Technodorme (edit typo) ;D

Technodrome

Technodrome,

In your screenshot of AVK, was wondering what "Protocol" referred to. Thanks

-{ Quote: " quoting: I_lack_commonsense link=board=24;threadid=8543;start=15#55661 date=1050773894]
Technodrome,

In your screenshot of AVK, was wondering what "Protocol" referred to. Thanks
" }-

This is the place where your logs are stored.


Technodrome

Thanks!

The name is rather misleading haha, was the first time I saw protocols on an antivirus, thought it might be some new feature ;)

Yup, I know! ;)


Technodrome