AOL AVS - no detection on EICAR tests?

Discussion in 'other anti-virus software' started by deadmanschest, Apr 9, 2007.

Thread Status:
Not open for further replies.
  1. deadmanschest

    deadmanschest Registered Member

    Joined:
    May 6, 2002
    Posts:
    105
    Hi all-

    A quick question - and a note that I did not bother to ask this in the Kaspersky forum as I didn't want to register for one question...

    I tried out AOL AVS on the weekend with the idea of just running the real time protection resident shield, no email scanning etc.

    It installed and scanned fine, updated fine, fast and light.

    I ran a quick full scan, and while very quick, it did not find the EICAR files in an email message I keep around to check on AV performance. (Only F-Prot for DOS always keys on the email archive.)

    So, I set it up to scan downloads automatically in Firefox, (Download StatusBar extension) tested with download of the EICAR no. 1, and it scanned (console window) and came up 100% clean....?

    So I manually scanned the EICAR file using the Explorer integrated on demand scan and again 100% clean, 0 detection.....?

    So I tried two or three more of the EICAR files and no joy at all.

    Soooo. AOL AVS is either really really smart and doesn't fall for the EICAR tricks, or something is amiss..I ran with the standard default install.

    I disinstalled and went back to AVG while I ponder this.

    Any ideas from anyone? I have no idea how to otherwise test the installation and figure out if it is actually working or not....If it fails on scanning, downloading and Explorer integration.....hard to be confident...

    Thanks

    dmc
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    hello,
    the attach screenshots show what happern when i go to the eicar site and try to download eicar.
    i showed the fileav as well as webav since active virus shield doesnt have webav.
    did you go to the website shown on my web av screenshot?
    if not go there and download the text one first.
    lodore
     

    Attached Files:

    Last edited: Apr 9, 2007
  3. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    Eicar is not a virus, spyware, or riskware. Why would I care if AVS detected it or not?
     
  4. Delgado

    Delgado Registered Member

    Joined:
    Apr 28, 2004
    Posts:
    131

    I really cant see much point to your remarks Benny.

    The Eicar Test Virus is a recognised way of testing whether an Anti Virus is working or not. Whether it is a proper Virus is of no consequence.
     
  5. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    Hi Delgado:

    Yes, the eicar test is recognized, but it is still not malware. Is it important that your AV dectects this? It is possible that some av or as companies focus too much attention in detecting these test viruses instead of focusing on the ones that will cause damage to your OS.
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    the eicar test virus was created to test to make sure your realtime protection is active and working. its a basic test.
    so eiether the eicar test virus wasnt made propersly if the text code wasnt put in properly or file av isnt working.
    the OP should try this link
    http://www.eicar.org/download/eicar.com
    file av should kick in and show a popup asking on a action

    lodore
     
  7. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    Hi Iodore:

    Yes eicar is a basic test that will shed some light on your AV protection. My point, however, is that it may not be an accurate barometer of your AV's protection. I would rather have my AV flag a real virus than a test virus. Just so I come out a winner here, I'm going to eat dinner and forget I posted in this thread. It's just a test, that's all
     
  8. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    no your right it doesnt show any light on how well your av protects you against real viruses.
    but i doubt someone is willing to test there av against a real virus just to see if the real time protection works.
    lodore
     
  9. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    My dinner is not ready yet, but i agree with you Iodore. At least I am not ready to test against real viruses.
     
  10. deadmanschest

    deadmanschest Registered Member

    Joined:
    May 6, 2002
    Posts:
    105
    Hi lodore et al;

    Lodore, many thanks for the screenshots - I did dl the files from the european EICAR site, and you are correct, AOL AVS does not have a web shield component.

    I certainly did not get the File AV Alert at all, either thru the FFox extension scan, nor thru the Explorer on-demand scan.

    Since it is clear that AOL AVS should have alerted on the EICAR #1 at least, I will have to think some. The only possible idea I have is that not 'enabling' the email scan component might have some effect, but that would be too stupid to be plausible...It should not effect the regular real-time shield, or certainly any on-demand scan....

    So I'm stumped. Thanks for the help

    Cheers

    dmc
     
  11. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
  12. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    this is my example screenshots
    lodore
     

    Attached Files:

  13. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    I have AVS and just executed the eicar test. The file antivirus responded with a warning. Is there a difference with the basic eicar download and the zip files?
     
  14. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    the zip files just have eicar.txt file in a .zip file
    once exetraced fileav will detect it.
    or if scan archives is ticked in file av settings the .zip file will be scanned on access and the txt file taken out
    lodore
     
  15. steve161

    steve161 Registered Member

    Joined:
    Nov 22, 2006
    Posts:
    681
    Location:
    New York
    Understood. Thank you Iodore.
     
  16. deadmanschest

    deadmanschest Registered Member

    Joined:
    May 6, 2002
    Posts:
    105
    Hi lodore - strangest thing, I have re-installed AOL AVS. I did an on-demand scan of EICAR.com and again, no threat detected. When I went into the log window it said that the file had been 'skipped' by 'reason of scan time'. Hehe - this is for a 68 kb text file....?

    There is also a tab button for Settings in the on-demand scan window, but it says that there is no skip set for time or size, but clearly there is...

    I will try set up a screen shot and get back to you.

    Maybe that is why my full system scan was so fast and light, it was skipping every file that should have been scanned....hehe...

    Thanks for the images

    dmc
     
  17. deadmanschest

    deadmanschest Registered Member

    Joined:
    May 6, 2002
    Posts:
    105
    Whoa - this is really stupid - It is skipping every file that it is supposed to be scanning. It just did a reboot startup scan, and as I was happily watching my RAM and resources not taking any hit at all, I checked the Events tab in the Scan window, and it was skipping every file that it was scrolling thru on the first page....

    I'll see if I can post screenshots, but I think I will just disinstall and be done with it - This is with the full default settings as installed courtesy of AOL...duh.. If my image appears, then it will show the Events as Skipped for the EICAR.com test.

    Edit - sorry problem with the screenshots - have to figure out tommorow - Sorry

    If I can get more images to post, I will show the settings window, but I am out of time until tomorrow - Thanks lodore!

    Cheers

    dmc
     
    Last edited: Apr 9, 2007
  18. Bluenile

    Bluenile Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    122
    Location:
    UK
    AVS detected that straightaway for me as soon as I clicked 'save'
     
  19. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    It detected it for me also.
     
  20. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    It is not a very good idea to tell someone to use the eicar txt file as that will not be detected if you use the Proxomitron as it will just render it harmless text. You should tell people to download one of the zip files and then do a command line (right click) scan. AVS will, of course, detect it.
     
  21. python134r

    python134r Registered Member

    Joined:
    Nov 11, 2004
    Posts:
    9
    Location:
    Sunny South Florida
    My 2 cents.....oh trojan detection not bad either
     

    Attached Files:

Loading...
Thread Status:
Not open for further replies.