Eicar test

Discussion in 'ESET Smart Security v3 Beta Forum' started by francgaulois, Apr 11, 2007.

Thread Status:
Not open for further replies.
  1. francgaulois

    francgaulois Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    6
    Location:
    Haut-Rhin, FRANCE
    Hi,
    I tested ESS (on Vista) with the compressed files Eicar.
    From level 11 , ESS does not detect any more Eicar.
    I think that ESS does not scan the compressed files more than 10 times.:(
     
  2. ASpace

    ASpace Guest

    So does NOD32 , I think . Compressed 11+ times it does not pose any threat to your computer . When it gets unpacked , it may be a threat and the it gets detected immediately :)
     
    Last edited by a moderator: Apr 11, 2007
  3. francgaulois

    francgaulois Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    6
    Location:
    Haut-Rhin, FRANCE
    KIS has not this problem. An early detection ensures a better security. Eset must innovate if it wants to form part of the best antiviruses :)
     
  4. ASpace

    ASpace Guest

    As some people in their forums say : False sense of security

    Being detected even in 30+ compression is of no point . As I said , any virus/malicious code can only pose a threat and harm your computer not compressed . ;)
     
    Last edited by a moderator: Apr 11, 2007
  5. francgaulois

    francgaulois Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    6
    Location:
    Haut-Rhin, FRANCE
    that does not worry you to have in your archives some potential malwares whose you are unaware of the existence. prevention is better than cure ;)
     
  6. ASpace

    ASpace Guest

    With no offense I want to say it again that real-time scanner's point is to ensure there are no malicious files loaded in your computers/trying to do something . The onliest malicious files can be bare files , no pack , no zip .

    Files zipped (1 time , 20 times or 100 times) are not malicios files themselves because they , when zipped/packed can not load in memory , cannot affect/infect the user's files or operating system , can do nothing . Scanning such files can only increase the time necessary for AV software to scan files .

    Alarming user that there is a potential threat in 11+ or 40+ packed file is again False sense of security , detect something that is not the real threat.If you unzip the file , the executable inside can pose a threat so it gets detected right on time .

    Sorry for the long explanation , just trying to explain it ...
     
  7. francgaulois

    francgaulois Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    6
    Location:
    Haut-Rhin, FRANCE
    I understand very well your opinion. I prefer all the same that the infected archive is deleted before the virus is active. This is my opinion. KIS reacts in this manner. It privileges the prevention. :thumb:
     
  8. ASpace

    ASpace Guest

    NOD32 or Eset Smart Security will never allow a malware get active !

    That's why they have the option to scan files on-access/on-execute and on-create . When you try to unpack your archive , the malware will get caught before it gets active because of ESET's function to scan malware on-create . This function is enabled by default and as I said , it is specially designed to prevent malware load in memory .

    See these 5 pics , files taken from from www.eicar.org ,ignoring the HTTP scan alert ;) :thumb:
     

    Attached Files:

  9. francgaulois

    francgaulois Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    6
    Location:
    Haut-Rhin, FRANCE
    Your screenshots are not necessary. You do not understand me. But I understand your mind. If the Eicar file is compressed more than 10 times, it is not detected by ESS. Each one has an opinion. This reality advances the world.
    The word of the end: I like ESS, but I would like that it will be better.
     
  10. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    Last time I checked it didn't detect a 10 zipped file, however 2.7 does.
     
  11. minceypw

    minceypw Registered Member

    Joined:
    Sep 25, 2005
    Posts:
    22
    Yes; same here. I tried the eicar link at your website with both NOD32 and ESS. IMON picked it up straight away and blocked the download. ESS allowed me to download. Nor did ESS pick it up with an ondemand scan, until I manually unpacked the file.

    I gather from ESET that ESS does not currently have IMON's higher efficiency option. I hope that they will restore that capability as an option.
     
  12. Melchi501

    Melchi501 Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    90
    For my case, Ess blocks right away the zip files standard protocol http and SSL enabled protocol https...
     
  13. Melchi501

    Melchi501 Registered Member

    Joined:
    Apr 11, 2007
    Posts:
    90
    Ok try again and don't block anymore SSL enabled protocol https!!
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    How can a firewall check secured communication over SSL if the data received is encrypted? There must be a dedicated plugin for mail clients that will check already decrypted data passed to the plugin by a mail client. What you can do is block all secured communication but there's no sense in it.
     
    Last edited: Apr 12, 2007
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,726
    Location:
    Texas
    Several off topic posts removed. If more off topic posts are made, they will be removed without notice.
    A reminder to all that post in an official support forum, comparisons with other products are not support issues and will be moved or removed, with or without notice.
     
  16. gderreck

    gderreck Registered Member

    Joined:
    Mar 17, 2005
    Posts:
    24
    I am not trying to be insulting, but do we care whether the virus is found in its packed state, or unpacked? Isn't the main concern that the virus not be allowed to infect the computer? ;)

    Thanks
     
Thread Status:
Not open for further replies.