Comments, questions, suggestions

[wrathchild]

Quote:

Originally Posted by funkydude

It's not needed, because as soon as the downloaded file is completed it will be scanned in the background.

I'm not sure for that!
For example, when I download zipped sample of eicar test file , EAV didn't recognize enything (even when browsing that folder) until on demand scan of that file. Even with eicar.exe file.

[funkydude]

Quote:

Originally Posted by wrathchild

I'm not sure for that!
For example, when I download zipped sample of eicar test file , EAV didn't recognize enything (even when browsing that folder) until on demand scan of that file. Even with eicar.exe file.

It didn't even let me connect nevermind download it:

[wrathchild]

Quote:

Originally Posted by funkydude

It didn't even let me connect nevermind download it:

Try over SSL.

[funkydude]

I'm using v3 which doesn't have SSL support, if it's not working for you in v4 with SSL scanned, then it's a beta problem.

None-the-less I downloaded the file anyway, extracted it to be met with another zip, then extracted it again to have it quarantined.

[wrathchild]

Quote:

Originally Posted by funkydude

I'm using v3 which doesn't have SSL support, if it's not working for you in v4 with SSL scanned, then it's a beta problem.

None-the-less I downloaded the file anyway, extracted it to be met with another zip, then extracted it again to have it quarantined.

Attachment 205891

and without extracting?
btw...default settings for real-time protection and excluded browser in web protection?

[funkydude]

Quote:

Originally Posted by wrathchild

and without extracting?

It's not harmful without extracting.

[wrathchild]

Quote:

Originally Posted by funkydude

It's not harmful without extracting.

I know that...but the fact is that EAV don't scan in background as you told.

[funkydude]

Quote:

Originally Posted by wrathchild

and without extracting?
btw...default settings for real-time protection and excluded browser in web protection?

Conflicting questions, why should I exclude the browser in web protection, that's a feature enabled by default. No, I've turned advanced heuristics on, but that wouldn't change the outcome of this.

[funkydude]

Quote:

Originally Posted by wrathchild

I know that...but the fact is that EAV don't scan in background as you told.

It does, how have you proved it doesn't? The file is in archive form. There is NO way you can access it without nod32 scanning it first.

[wrathchild]

Quote:

Originally Posted by funkydude

It does, how have you proved it doesn't? The file is in archive form. There is NO way you can access it without nod32 scanning it first.

Yes...I'm tested and only when I try to extract archive EAV recognize it.
Fact is that I don't want garbage on my hard drive, because AV isn't capable to scan files in real-time!
With oher AV (see signature) file is deleted when browser try to save it on HD...even without browsing that folder and without web module active...and without extracting...real-time guard picked it up in the fly. I'm talking about that.

[funkydude]

Quote:

Originally Posted by wrathchild

Yes...I'm tested and only when I try to extract archive EAV recognize it.
Fact is that I don't want garbage on my hard drive, because AV isn't capable to scan files in real-time!
With oher AV (see signature) file is deleted when browser try to save it on HD...even without browsing that folder and without web module active...and without extracting...real-time guard picked it up in the fly. I'm talking about that.

If archives were scanned in real time, it would cause SERIOUS issues. If I browsed to a folder full of archives the thing would literally die.

Scanning archives in real-time is useless. Unless you're talking about runtime packers, which is a feature.

You wouldn't download an archive unless you were going to open it to use it, so your statement is flawed and totally incorrect.

[funkydude]

Quote:

Originally Posted by wrathchild

With oher AV (see signature) file is deleted when browser try to save it on HD...

Other AV's (such as your precious Avira here I assume you're talking about) love to compete in the "rush to bloat up their DB" and add the signature of the zip file itself, they do not scan inside the zip files in real time.

ESET keeps it's DB small and simple and relies more on heuristics since it is the future.

[wrathchild]

Quote:

Originally Posted by funkydude

If archives were scanned in real time, it would cause SERIOUS issues. If I browsed to a folder full of archives the thing would literally die.

Scanning archives in real-time is useless. Unless you're talking about runtime packers, which is a feature.

You wouldn't download an archive unless you were going to open it to use it, so your statement is flawed and totally incorrect.

I think you miss the point. I don't want to download virus EVEN IN ARCHIVE, ok? Btw how's performance with runtime packers checked in realtime?
Point is that with EAV "limited" real-time protection you should have integration in WLM.

[wrathchild]

Quote:

Originally Posted by funkydude

ESET keeps it's DB small and simple and relies more on heuristics since it is the future.

blah...heuristic for which they recommend to bi disabled
I dont have any precious AV's...i just point some things which is bad in EAV.

[funkydude]

Quote:

Originally Posted by wrathchild

I think you miss the point. I don't want to download virus EVEN IN ARCHIVE, ok?

Read my previous post, it shows the connection of the archive download being terminated, archives are scanned in real time for the HTTP module.

Quote:

Originally Posted by wrathchild

Btw how's performance with runtime packers checked in realtime?

Bad, that's why it's off by default and why I don't use it, but you're proving my point here why archives shouldn't be scanned in real time

Quote:

Originally Posted by wrathchild

Point is that with EAV "limited" real-time protection you should have integration in WLM.

I think I've said more than enough to prove that this isn't needed.

Last I checked, you can't send exe files over msn. If you received a zip file, it would be to open it, and which point, bang = virus detected and blocked.



As far as I see, am I right in saying: You want a feature to automatically perform an On-Demand scan on archives because they are not scanned in real time out of the HTTP module(on the system)? Or you think msn should be in the HTTP module? BTW I think you can tick it in web browsers to achieve this effect, not sure..

[wrathchild]

Quote:

Originally Posted by funkydude

Other AV's (such as your precious Avira here I assume you're talking about) love to compete in the "rush to bloat up their DB" and add the signature of the zip file itself, they do not scan inside the zip files in real time.

I'll try later to disable AV, rename files and repack archive (and rename it) and then see if your talking have any sense.

[wrathchild]

Quote:

Originally Posted by funkydude

As far as I see, am I right in saying: You want a feature to automatically perform an On-Demand scan on archives because they are not scanned in real time out of the HTTP module(on the system)? Or you think msn should be in the HTTP module? BTW I think you can tick it in web browsers to achieve this effect, not sure..

I want better optimized real-time scanner which is capable to scan files in background even with AH enabled...with my quad core machine, without performance decrease. I simply want EAV to be better.

[wrathchild]

Quote:

Originally Posted by funkydude

You wouldn't download an archive unless you were going to open it to use it, so your statement is flawed and totally incorrect.

Maybe I just want to download it and send it to someone who don't have AV and relly on my AV?...or have free AV which isn't good as EAV? Think about it...scenarios can be various. EAV don't even scan outgoing emails...so sending downloaded archive with virus isn't problem (maybe AV from ISP will recognize it ).

[funkydude]

Quote:

Originally Posted by wrathchild

Maybe I just want to download and send it to someone who don't have AV and relly on my AV? Think about it...scenarios can be various.

Uh... if you wanted to do that you would just disable your AV. If you didn't, this would happen:

Quote:

Originally Posted by funkydude

It didn't even let me connect nevermind download it:

Attachment 205890

Am I typing this wrong or what because it's the third time I'm trying to prove to you it wouldn't get downloaded in the first place.

[wrathchild]

Quote:

Originally Posted by funkydude

Am I typing this wrong or what because it's the third time I'm trying to prove to you it wouldn't get downloaded in the first place.

again...over SSL?...or with browser excluded because of proxy stuff with XP?

[funkydude]

Quote:

Originally Posted by wrathchild

again...over SSL?

...again...v4?

[funkydude]

Quote:

Originally Posted by wrathchild

or with browser excluded because of proxy stuff with XP?

You're basically complaining because you've disabled a feature that would scan inside zip files and now want a feature that scans inside zip files. Here is an idea, don't disable it? If it doesn't work for you, that's a BETA problem you should make a NEW thread about.

I've presented the evidence, tried to prove my case the best I can, it's up to you what you want to make of it. I've had enough.

[wrathchild]

Quote:

Quote:

I'll try later to disable AV, rename files and repack archive (and rename it) and then see if your talking have any sense.

As I suspected, your predication is absurd. I've repacked (and renamed both file and archive) and uploaded to my site. Then I've tried to download and archive was deleted.
And to be clear enough...I'm talking now about real-time module...not about web module for which mods suggest to be disabled for some applications (...put the cross in the box...etc) as a workaround in some cases.

[CARON67]

Quote:

module for which mods suggest to be disabled for some applications

I am of the same your solution .

Best regards

[wrathchild]

For me, web module should be implemented in a modular way. So users who wants proxy (or have better feeling of security with it) can install it and users who wants granularity in their firewall rules (on Win XP) can install EAV without it.
But real-time module must be capable to catch viruses prior to downloading on hard disk, in both cases (even in archives).