AV real-time does not detect viruses downloaded in Chrome and Firefox

[Guest]

[praful]

Hello

There is a web site, eicar.org, that provides test virus files that can be downloaded in eight forms (http, https, unzipped, zipped). These are not real viruses: they're just files whose signature is recognised by all AV tools.

Here the results of testing the eicar files with IE, Firefox and Chrome:

- Comodo real-time detects the virus in the eight files in IE 8.0.7600.16385.
- Comodo real-time DOES NOT detect the virus in the eight files in Firefox 3.6.10.
- Comodo real-time DOES NOT detect the virus in the eight files in Chrome 7.0.517.41 beta (it failed on the latest non-beta as well).

That means the real-time scanning is ineffective with Firefox and Chrome. You have to wait for the scheduled scan to run, which could be up to a week, before the virus is detected by which time a lot of damage could have been done to your PC!

Please address this ASAP.

Thanks

Praful

[brucine]

I don't know about Chrome, but you are definitely wrong about FF 3.6: the real-time alert detects all of them, i suppose you have some defectuous sandboxing and/or virtual machine settings.

[clockwork]

really? the comodo antivirus scans archives now with the real time scanner? because two of eicars are archives...

[Guillermo391]

The thing is it will not detect the archives, but it will detect them when opened.

[HeffeD]

Everything is working as advertised on Firefox 3.6.11 here.

Downloading the .com file is caught as it is attempted to save to the HD. (The desktop in this instance, see screenshot) Firefox will indeed open the .txt file without issue, but if you read the website, the only reason for the .txt file is because some people have problems downloading the .com file. The .txt file is intended to be downloaded and renamed eicar.com to circumvent these download issues.

The archives are indeed not scanned when downloaded. The AV engine is an on-access scanning engine, so by design to improve performance, archives are only scanned when accessed.

Contrary to what some may think, there is absolutely no risk in having inert malware sitting in an archive on your HD for any length of time. The only thing that matters is whether or not the AV can grab the malware when it actually runs.

[clockwork]

there is a risk if you have a virus on your drive... one day it might be copy pasted on a stick, you bring it to another pc, and ...

one day you might have comodo on trainings mode to let a game work, and ...

i dont want a virus on my drive at all.

[brucine]

Whatever the mode is, you cannot, even if Comodo was not installed at all, run an executable from a compressed folder without opening the said folder.

Scanning compressed archives somehow makes no sense, as only their access is relevant.

[clockwork]

"i dont want a virus on my drive at all."

[HeffeD]

Again, as hard as it may be to believe, a virus sitting in an archive is as good as having no virus on your drive...

[Chiron]

A manual scan will check inside archives and catch it anyway. I believe the reason that real-time does not is to save system resources.

[jay2007tech]

Scanning compressed archives somehow makes no sense, as only their access is relevant.

+ 1       I agree

[Hikertrash]

Since I recently started using Chrome, I was curious about dowloads being scanned for virus.  Happy to confirm, CIS caught a eicar.com, text and a zip from Eicar.

 

[clockwork]

"Caught eicar"

Because it knows it.

I see eicar as a test "if your antivirus is switched on"

[Seany007]

Don't use old or beta versions. They are not stable and you risk massive security problems.

[HeffeD]

Don't use old or beta versions. They are not stable and you risk massive security problems.

What is this reply in regards to? 

[Tags:]