AVG Anti spyware question with Eicar test

Discussion in 'ewido anti-spyware forum' started by Dark Shadow, Jan 1, 2008.

Thread Status:
Not open for further replies.
  1. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Hello! I am currently testing AVG anti spyware Is it normal for no detection on the Eicar test file.
     
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I found my answer to my question this thread can be closed thanks
     
  3. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    What did you find out? I use AVG-AM which does detect Eicar. It also passed all but one Spycar test (the one that removes the General Tab in IE). I had a helluva time trying to run towtruck.exe (the program that tells you your score and undo what changes Spycar made) which AVG also declared spyware and Vista didn't want me to run it either.
     
  4. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Eicar which I already known, It is more for virus test and was told thats why It did not detect because its not spyware/malware. If I am not mistake you use avg antimalware thats has antivirus and spyware together that would detect Eicar.However I use AVG anti spyware it is different.
     
  5. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    I knew why AVG-AM detected it but the reason why I asked is that it used to say “virus testfile” and now it says “virus or malware” test file. I was just wondering if A/S writers have now included this into their signatures.
     
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    What are you trying to test - the shield or the demand scanner?

    What eicar test have you downloaded - is it in an archive or does it come with a .txt extension?

    Have you configured your scanner correctly (ie to scan within archives and to scan all files rather than scanning by extension - which won't look at a .txt file). The Guard won't look into archives in any case. Also the Guard doesn't scan a file until you attempt to execute it.

    I haven't tried but I feel sure AVG-AS does indeed find eicar.
     
    Last edited: Jan 2, 2008
  7. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Yes The Guard andYou are correct I Guess my approach was wrong was Trying to Test When My Av Detected It And Denied Access. I Disabled the Real Time of the AV and Then tested It the AVG Did Detect It.I Guess My AV Stopped Before AVG could Detect it.
     
  8. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Your AV Guard will scan files as soon as they are written to HD, if you download a file it will be scanned then. However the AVG-AS Guard only scans files that seek to run (eg if you double click a file), thus you are getting a second opinion scan. Indeed, so long as you have configured it to do so, the Guard will scan again as the file unpacks into memory (useful for files that are encrypted to hide themselves from the AV Guard).
     
  9. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Ok thanks I will double check my settings
     
  10. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Topper, what would be best for AVG, adding an extension like in this case TXT or just turn on all files scan? I did add 'TXT' to my list and and it passed the eicar.txt test.

    I did try to add ZIP to the list but that didn't work like you said. Still it gets caught at the end of the download so no worry there.
     
  11. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The demand scanner can be configured to look inside a .zip file, as it is an archive. However, the Guard cannot be made to look inside a .zip 'cos it only scans files you attempt to execute, or files that start to run in memory. These are files that are potentially dangerous, a dormant file inside an archive can do no harm at all. If the file is extracted from the archive and you attempt to open it, then it would get scanned.

    I prefer to configure the demand scanner to scan all files rather than scanning by extension. .txt files are non-executable files and therefore cannot run and will not be scanned by the Guard. The eicar tests are really executable .com files with a .txt extension added on - the double extension trick is sometimes used by malware to try and look inoccuous; but if the .com file inside ever tried to run it would be scanned.
     
  12. midway40

    midway40 Registered Member

    Joined:
    Jul 24, 2006
    Posts:
    1,257
    Location:
    SW MS, USA
    Thanks for the input, Topper :)

    Some people say either way depending on the brand of antivirus. Since I haven't used AVG in a long while I couldn't remember what setting is recommended by the AVG "vets".

    One thing for sure though is that the GUI has changed very little since I last used it. I guess it falls under the "why mess up a good thing?" catagory :)
     
  13. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Actually it's just an ASCII file, not an executable at all. It has no executable file header.
     
Thread Status:
Not open for further replies.