CA eTrust EZ Antivirus r7 BETA

Discussion in 'other anti-virus software' started by hbkh, Oct 7, 2004.

Thread Status:
Not open for further replies.
  1. hbkh

    hbkh Registered Member

    Joined:
    Jan 15, 2004
    Posts:
    128
    Location:
    Ohio, USA
    http://www.my-etrust.com/news/pressreleasedetails.cfm?pressReleaseID=26

    Sounds interesting!
     
  2. hbkh

    hbkh Registered Member

    Joined:
    Jan 15, 2004
    Posts:
    128
    Location:
    Ohio, USA
  3. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    hbkh,
    Hey that does look nice. I currently use on one of my machines EZAV 6 I think it is. I like it and I like what I see here even better. I'll keep a sharp eye on this. Thanks for the information.
     
  4. Madsen DK

    Madsen DK Registered Member

    Joined:
    Nov 23, 2002
    Posts:
    324
    Location:
    Denmark
    Not that its the most important, but it was about time they improved the GUI.
    I always had a soft spot for EzAv. :) but the GUI is hmmmm. not the best in the world, if i may say so.
     
  5. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
  6. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    To everyone from Firefighter!

    eTrust EZ 7.0.0.26 (beta) is quite good av -- to test how your Anti-Trojan works, if you have any (according to eTrust EZ's trojan detecting).

    PS. These NOD and Avast scanning results were about a week older than the other's, that means in my test that they are able to detect some 10 - 20 total findings more than there are now, based on DrWeb's, Command AV's and ClamWin's newer detectings compared those a week old ones.

    Best regards,
    Firefighter!
     

    Attached Files:

    Last edited: Oct 16, 2004
  7. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Have been trying this and looks like a great program, but when I receive mail with the Eicarcom2.zip file attached, it will just report the infection, but does not cure or delete it!!!!!! I'm not to happy with that.

    putin
     
  8. kloshar

    kloshar Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    279
    Location:
    Europe, Slovenia, Bre?ice
    I think it is nice that etrust offers new EZ Armor 2005 version in Microsoft 1 year free offer. It is nice when you just download new, fresh version of some program and enter serial from old one and then use new one for time left from old one.
     
  9. shemmazur

    shemmazur Guest

    Archives are scanned by default. If you don't want to scan them, use the Exclusion list for either on-demand or real-time scanners. Infected stuff is treated depending on what you set in the Scan Settings (notice the Clean or Quarantine options).
     
  10. shemmazur

    shemmazur Guest

  11. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Like I said before, when receiving an e-mail with the Eicarcom2.zip file as an attachment, Etrust just reports this as an infected mail, but does not do anything with it, while it should be moved to Quarantine.......anyone else experience with this?

    Please let me know.

    ;) Putin
     
  12. shemmazur

    shemmazur Guest

    This is by design. If you have a 20 meg zip file which contains 100 files, and only one is infected, you don't want to quarantine the other 99 clean files, which you may still need to access. While inside the .zip, the infected file is not a threat. The real-time protection will pick up the one infected file inside the .zip when/if you access it. Those are the reasons behind this design. The alternative would be to unzip the file on the fly and move only the infected file to qurantine, and then recreate the archive without the infected file. With the bezillion archive formats our there... hmmm.
     
  13. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Thanks for your respons, but I think they should build in an option how to treat this infection. Make a menu for deleting, renaming or moving to quarantine.
    I find this a bit tricky, as I can imagine, that some users just leave it as it is reported and don't know what to do with it and that means, that there is still an infection crawling around.

    ;) Putin
     
  14. shemmazur

    shemmazur Guest

    "Thanks for your respons, "

    You're most welcome.

    "but I think they should build in an option how to treat this infection. Make a menu for deleting, renaming or moving to quarantine."

    But why? For the sake of more options? Allow me to go into some detail...

    Renaming is the same as quarantine, really. The end result is exactly the same - you want to prevent the file from being executed or opened accidentally. Quarantine does this far better than a rename (more secure, all the nasty stuff in one place instead of all over the drive). So why have a rename option? Who needs it?

    Deleting? What if it's a false alarm? When it's in quarantine, users can restore it. Better still, if cleaning does not work or is not available, a file in quarantine can be cleaned and restored to the original location later, at a time when a new signature is made available. If you delete the file, it's gone for good. You may regret it. And while it's in quarantine, you can decide to empty the quarantine at any time. Guess what? That's just like deleting :)

    The options you ask for just add complexity and confusion. A properly designed quarantine takes care of all these issues, still allows you to do what you want in all the cases you mention above, and reduces the number of options a user can *set incorrectly*.

    "I find this a bit tricky, as I can imagine, that some users just leave it as it is reported and don't know what to do with it and that means, that there is still an infection crawling around"

    EZ AV has never, ever cleaned infections inside archives. Many AV products don't. The infections are not "crawling around". They are harmless while inside an archive. They are contained - can NOT replicate. And if you do try to unzip and execute them, you don't have to do a thing, because the EZ AV real-time drivers will pick up the infection during a file open, execute or close operation.

    If you are uneasy about having an infection in an archive, then decompress it (unzip or whatever) and reconstruct your archive without the infected file. What good would it do to put the archive into quarantine? What would the user do with it there. Stare at it for a while? Eventually delete it? Meanwhile, the user has lost access to potentially useful files inside the archive.

    The simplest solution is often the best. As I said, the other alternative would be to decompress archives to a temporary directory, clean the infection(s), and reconstruct the archive. Slow? You bet. Unreliable? Probably. Overkill? I think so.
     
  15. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    You're right......all the way along, but my problem is: the infected attachment with eicarcom2.zip was NOT Quarantined, like it should. I did get the report about the infection, but that was it! According to the manual, it should be quarantined automatically.

    But I second your explanation, good story! But I just don't think it's right if nothing is done with the infection. Sure, I can do everything myself as a reaction on the report, but I think there should be some automatic action on this infected attachment, like other scanners do.

    But.....keep it up and thanks again.

    ;) Putin
     
  16. shemmazur

    shemmazur Guest

    "But I second your explanation, good story! But I just don't think it's right if nothing is done with the infection. Sure, I can do everything myself as a reaction on the report, but I think there should be some automatic action on this infected attachment, like other scanners do."

    What automatic action would you like to see? What is the "some automatic action" *you* would set it to?
     
  17. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    At least that it is put in Quarantine, like the manual states!!!! That's all!!

    ;) Putin
     
  18. shemmazur

    shemmazur Guest

    Ahhh... so the documentation is wrong ;-) Got it.
     
  19. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Don't know if the documentation is wrong, maybe the program does not do what it should be doing. I really don't know.
    When I activate eicar.com on that site, it is quarantined......great. When I receive a mail with eicarcom2.zip as an attachment, it is just reported and not quarantined.

    Thanks again for your reply!

    ;) Putin
     
  20. shemmazur

    shemmazur Guest

    "maybe the program does not do what it should be doing. I really don't know"

    Let me answer that :) It's doing what it is designed to do. The docs will be changed.

    Shem,
    CA
     
  21. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Thanks again and now I see the light......you are from CA!!!! I'll try to be happy with the way it works now and will report back about other findings as soon as the moment is there.
    Keep up the good work and good luck with this great product!

    Greetings & ;) Putin
     
  22. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    Just some other information about detecting and handling of infected e-mails.
    I did the test at this site: http://www.testvirus.org/ with the following result.
    Used AVG 7.0 Free version Beta and CA EZ Antivirus r7 Beta.

    Results AVG 7.0 free Beta:

    25 testmails
    8 x not detected: #5, #8, #14, #16, #20, #23, #24, #25
    17 x detected with the eicar file
    17 x moved to Quarantine

    which is a great score as all the infections mails are quarantined!

    Result eTrust r7 Beta:

    25 testmails
    7 x not detected: #4, #5, # 20, #22, #23, #24, #25
    18 x detected with the eicar file
    8 x moved to quarantine: #1, #2, #3, #6, #9, #13, #15, #16
    10 x detected with infection, but just reported and nothing done with:
    #7, #10, #11, #14, #17, #18, #19, #21, #26

    I find this no good, compared to AVG, as the program should at least move these to

    quarantine and now these 10 files are left to be deleted or moved by hand!!!!!

    I hope you can do something with this information.

    Good luck & ;) Putin
     
  23. shemmazur

    shemmazur Guest

    Thanks for all the info Putin. It's all related to the same issues I already explained, and currently it works as intended. Having said that, it is something we could change in future if enough users want it. Really appreciate you taking the time. Thanks!
     
  24. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    I still like your program......don't get me wrong, just thought to try a few things.

    But I really prefer an AV scanner, that deals with infected files one way or the other, like moving to quarantine at least!

    Take care .......... ;) Putin
     
    Last edited: Oct 15, 2004
  25. Benvan45

    Benvan45 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    556
    And this is what Panda Platinum 7.0 did with the e-mail test.

    Results Panda Platinum:

    25 testmails
    6 x not detected: #5, #16, #17, #19, #20, #24
    19 x detected with the eicar file
    7 x disinfected: #4, #11, #18, #21, #22, #23, #26
    12 x moved to quarantine: #1, #2, #3, #6, #7, #8, #9, #10, #13, #14, #15, #25

    so....all detections were dealt with!!!!!!
     
Loading...
Thread Status:
Not open for further replies.