Discussion in 'ewido anti-spyware forum' started by Dark Shadow, Jan 1, 2008.
Hello! I am currently testing AVG anti spyware Is it normal for no detection on the Eicar test file.
I found my answer to my question this thread can be closed thanks
What did you find out? I use AVG-AM which does detect Eicar. It also passed all but one Spycar test (the one that removes the General Tab in IE). I had a helluva time trying to run towtruck.exe (the program that tells you your score and undo what changes Spycar made) which AVG also declared spyware and Vista didn't want me to run it either.
Eicar which I already known, It is more for virus test and was told thats why It did not detect because its not spyware/malware. If I am not mistake you use avg antimalware thats has antivirus and spyware together that would detect Eicar.However I use AVG anti spyware it is different.
I knew why AVG-AM detected it but the reason why I asked is that it used to say “virus testfile” and now it says “virus or malware” test file. I was just wondering if A/S writers have now included this into their signatures.
What are you trying to test - the shield or the demand scanner?
What eicar test have you downloaded - is it in an archive or does it come with a .txt extension?
Have you configured your scanner correctly (ie to scan within archives and to scan all files rather than scanning by extension - which won't look at a .txt file). The Guard won't look into archives in any case. Also the Guard doesn't scan a file until you attempt to execute it.
I haven't tried but I feel sure AVG-AS does indeed find eicar.
Yes The Guard andYou are correct I Guess my approach was wrong was Trying to Test When My Av Detected It And Denied Access. I Disabled the Real Time of the AV and Then tested It the AVG Did Detect It.I Guess My AV Stopped Before AVG could Detect it.
Your AV Guard will scan files as soon as they are written to HD, if you download a file it will be scanned then. However the AVG-AS Guard only scans files that seek to run (eg if you double click a file), thus you are getting a second opinion scan. Indeed, so long as you have configured it to do so, the Guard will scan again as the file unpacks into memory (useful for files that are encrypted to hide themselves from the AV Guard).
Ok thanks I will double check my settings
Topper, what would be best for AVG, adding an extension like in this case TXT or just turn on all files scan? I did add 'TXT' to my list and and it passed the eicar.txt test.
I did try to add ZIP to the list but that didn't work like you said. Still it gets caught at the end of the download so no worry there.
The demand scanner can be configured to look inside a .zip file, as it is an archive. However, the Guard cannot be made to look inside a .zip 'cos it only scans files you attempt to execute, or files that start to run in memory. These are files that are potentially dangerous, a dormant file inside an archive can do no harm at all. If the file is extracted from the archive and you attempt to open it, then it would get scanned.
I prefer to configure the demand scanner to scan all files rather than scanning by extension. .txt files are non-executable files and therefore cannot run and will not be scanned by the Guard. The eicar tests are really executable .com files with a .txt extension added on - the double extension trick is sometimes used by malware to try and look inoccuous; but if the .com file inside ever tried to run it would be scanned.
Thanks for the input, Topper
Some people say either way depending on the brand of antivirus. Since I haven't used AVG in a long while I couldn't remember what setting is recommended by the AVG "vets".
One thing for sure though is that the GUI has changed very little since I last used it. I guess it falls under the "why mess up a good thing?" catagory
Actually it's just an ASCII file, not an executable at all. It has no executable file header.
Separate names with a comma.