Virus inside of a Virtual Machine

I have a Win7 system and on it I have WinXP installed inside of VirtualBox. I have the Guest Additions installed in VB but there is absolutely no networking or file sharing.


Just for fun the other day, I wanted to test the anti-Virus that I have inside of VirtualBox so I went to a site that tries to download the EICAR test virus onto your system. Imagine my surprise when it was the anti-Virus on my host system that nailed the test virus (I use two different AV for the host and guest). Somehow my host AV had "seen through" the VM and nailed the virus.

I posted about this on the VirtualBox forum and in so many words received an answer that stated something like, VirtualBox is still just binary code inside of a file on your host so it will still be scanned by your scanner; everything was working as it should.

I know that Sandboxie will allow things like scanners in but still keep the virus trapped. Is this also the way that VMs work? I thought that VMs gave a little bit more isolation than this or was I mistaken? Interested to see if folks here agree with the VB forum.

Thanks much,
Acadia

 

Hi!

Is it possible that AV on your host system detected test file during download, when scanning all http traffic?

I would disable AV on host, download file and then re-enable AV. Then I would try to open test file in VM and see if AV on host would detect it.

 

How do you have the vm's networking setup? NAT, bridged, Internal? i think if it's bridged then your vm shares the same networking device driver as the host, so maybe the host machine's antivirus is scanning the infected data that your vm is downloading. Just a guess.

 

I did the test with ESET. It is ESET's HTTP protection that detects a file and not real-time scanner.

P.S.: my VM is using attached to NAT type connection so it looks like my AV can scan this network traffic.

 

Bingo, tomazyk, that was it!! Thank you very much.

Acadia

 

You're welcome!

 

phew had me worried !