Web Av not working properly

Discussion in 'ESET Smart Security v4 Beta Forum' started by xpsunny, Dec 12, 2008.

Thread Status:
Not open for further replies.
  1. xpsunny

    xpsunny Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    163
    Hello,

    1.The malware packed in 7ZIP and RAR format are not scanned via Web AV.
    2.The eset module can be terminted easily. Many malware can use this technique to halt the protection.
    3. Some malwares (named as Statik) by web av are not detected by file av/on demand scan, although heuristics are set to the highest level in each module.
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    1. As in only .zip and not .7z and .rar?
    2. In v4?
    3. Web heuristics are more sensitive on purpose.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    We know ways how to terminate ANY security product, no matter how good self-protection it has. It's possible to make it more difficult for malware writers, but it will never be impossible once you run malware with administrator rights.
     
  4. xpsunny

    xpsunny Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    163
    1. Yeah, and if the the archives are larger than 10 MB many of them are not scanned.

    2. Yes, of course! This is ESS v4 beta forum. ;)

    3. Well, then on-demand scan should also be sensitive.
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Couldn't it be that you have set some limits for scanning objects / archives? Could you send me a link to such an archive?

    You're completely wrong here. By saying this you mean that you'd like to have a highly paranoid heuristics in all modules because it detects more malware, regardless of how many false positives it triggers. Remember that the most paranoid scanner would detect every single file and it would have 100% detection of malware, but I don't think you'd like it.
     
  6. xpsunny

    xpsunny Registered Member

    Joined:
    Jul 16, 2006
    Posts:
    163
    Nope, no limits are set. You can download any 7Zip infected archive. It wouldn't be scanned!

    EDIT: I did some more testing. Although RAR archives are scanned to a certain depth, the entire archive is blocked instead of only removing the infected file from the archive.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    I have never said that the 7-zip format is supported.

    That's how scanning of archives always worked. I can't imagine that the web protection would download archives, unpacked them to the disk, scanned them, remove infected files and then recompress the files. In theory, this could be possible with the on-demand scanner (even though you'd never get the same result and the program would have to support tons of compression algorithms/methods), but the web scanner continually passes data streams in packets to the browser/applications.
     
  8. qzex

    qzex Registered Member

    Joined:
    Nov 30, 2008
    Posts:
    42
    If an unsupported archive version is unpacked then the antivirus should detect it after it is unpacked, so there shouldn't be any problems.
     
  9. redlabour

    redlabour Registered Member

    Joined:
    Dec 28, 2006
    Posts:
    27

    :ninja: Is this a Joke? When will support for 7-zip be added? o_O
     
  10. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Why is it a joke? 7z is one of the most uncommonly use extensions ever. I think I've come across a 7z file once in, um, 6 years? That was a genuine file, having a harmful file in a 7z file would just be even worse as the low popularity would damage the goal of the virus, to spread.

    Although I use 7zip myself, I use it for zip files, never for 7z files.

    I'm surprised RAR is even supported :D
     
  11. redlabour

    redlabour Registered Member

    Joined:
    Dec 28, 2006
    Posts:
    27
    Ever heard about professionals working with Windows and GNU/Linux files?

    o_O?

    This is Standard at every AV!
     
  12. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,853
    Um, *cough* gzip *cough*

    I know, but totally unnecessary, because malware will be in a rar file, um, never? Malware authors, like said above, want to spread their software. They will use the most common software to achieve this: Windows, Internet Explorer, ZIP.
     
Thread Status:
Not open for further replies.