Comments, questions, suggestions

I'm not sure for that!
For example, when I download zipped sample of eicar test file , EAV didn't recognize enything (even when browsing that folder) until on demand scan of that file. Even with eicar.exe file.

 

It didn't even let me connect nevermind download it:

 

Try over SSL.

 

I'm using v3 which doesn't have SSL support, if it's not working for you in v4 with SSL scanned, then it's a beta problem.

None-the-less I downloaded the file anyway, extracted it to be met with another zip, then extracted it again to have it quarantined.

 

and without extracting?
btw...default settings for real-time protection and excluded browser in web protection?

 

It's not harmful without extracting.

 

I know that...but the fact is that EAV don't scan in background as you told.

 

Conflicting questions, why should I exclude the browser in web protection, that's a feature enabled by default. No, I've turned advanced heuristics on, but that wouldn't change the outcome of this.

 

It does, how have you proved it doesn't? The file is in archive form. There is NO way you can access it without nod32 scanning it first.

 

Yes...I'm tested and only when I try to extract archive EAV recognize it.
Fact is that I don't want garbage on my hard drive, because AV isn't capable to scan files in real-time!
With oher AV (see signature) file is deleted when browser try to save it on HD...even without browsing that folder and without web module active...and without extracting...real-time guard picked it up in the fly. I'm talking about that.

 

If archives were scanned in real time, it would cause SERIOUS issues. If I browsed to a folder full of archives the thing would literally die.

Scanning archives in real-time is useless. Unless you're talking about runtime packers, which is a feature.

You wouldn't download an archive unless you were going to open it to use it, so your statement is flawed and totally incorrect.

 

Other AV's (such as your precious Avira here I assume you're talking about) love to compete in the "rush to bloat up their DB" and add the signature of the zip file itself, they do not scan inside the zip files in real time.

ESET keeps it's DB small and simple and relies more on heuristics since it is the future.

 

I think you miss the point. I don't want to download virus EVEN IN ARCHIVE, ok? Btw how's performance with runtime packers checked in realtime?
Point is that with EAV "limited" real-time protection you should have integration in WLM.

 

blah...heuristic for which they recommend to bi disabled
I dont have any precious AV's...i just point some things which is bad in EAV.

 

Read my previous post, it shows the connection of the archive download being terminated, archives are scanned in real time for the HTTP module.

Bad, that's why it's off by default and why I don't use it, but you're proving my point here why archives shouldn't be scanned in real time

I think I've said more than enough to prove that this isn't needed.

Last I checked, you can't send exe files over msn. If you received a zip file, it would be to open it, and which point, bang = virus detected and blocked.



As far as I see, am I right in saying: You want a feature to automatically perform an On-Demand scan on archives because they are not scanned in real time out of the HTTP module(on the system)? Or you think msn should be in the HTTP module? BTW I think you can tick it in web browsers to achieve this effect, not sure..

 

I'll try later to disable AV, rename files and repack archive (and rename it) and then see if your talking have any sense.

 

I want better optimized real-time scanner which is capable to scan files in background even with AH enabled...with my quad core machine, without performance decrease. I simply want EAV to be better.

 

Maybe I just want to download it and send it to someone who don't have AV and relly on my AV?...or have free AV which isn't good as EAV? Think about it...scenarios can be various. EAV don't even scan outgoing emails...so sending downloaded archive with virus isn't problem (maybe AV from ISP will recognize it ).

 

Uh... if you wanted to do that you would just disable your AV. If you didn't, this would happen:

Am I typing this wrong or what because it's the third time I'm trying to prove to you it wouldn't get downloaded in the first place.

 

again...over SSL?...or with browser excluded because of proxy stuff with XP?

 

...again...v4?

 

You're basically complaining because you've disabled a feature that would scan inside zip files and now want a feature that scans inside zip files. Here is an idea, don't disable it? If it doesn't work for you, that's a BETA problem you should make a NEW thread about.

I've presented the evidence, tried to prove my case the best I can, it's up to you what you want to make of it. I've had enough.

 

As I suspected, your predication is absurd. I've repacked (and renamed both file and archive) and uploaded to my site. Then I've tried to download and archive was deleted.
And to be clear enough...I'm talking now about real-time module...not about web module for which mods suggest to be disabled for some applications (...put the cross in the box...etc) as a workaround in some cases.

 

I am of the same your solution .

Best regards​

 

For me, web module should be implemented in a modular way. So users who wants proxy (or have better feeling of security with it) can install it and users who wants granularity in their firewall rules (on Win XP) can install EAV without it.
But real-time module must be capable to catch viruses prior to downloading on hard disk, in both cases (even in archives).