Author Topic: AV real-time does not detect viruses downloaded in Chrome and Firefox  (Read 8022 times)

Offline praful

  • Newbie
  • *
  • Posts: 6
Hello

There is a web site, eicar.org, that provides test virus files that can be downloaded in eight forms (http, https, unzipped, zipped). These are not real viruses: they're just files whose signature is recognised by all AV tools.

Here the results of testing the eicar files with IE, Firefox and Chrome:

- Comodo real-time detects the virus in the eight files in IE 8.0.7600.16385.
- Comodo real-time DOES NOT detect the virus in the eight files in Firefox 3.6.10.
- Comodo real-time DOES NOT detect the virus in the eight files in Chrome 7.0.517.41 beta (it failed on the latest non-beta as well).

That means the real-time scanning is ineffective with Firefox and Chrome. You have to wait for the scheduled scan to run, which could be up to a week, before the virus is detected by which time a lot of damage could have been done to your PC!

Please address this ASAP.

Thanks

Praful

Offline brucine

  • Comodo's Hero
  • *****
  • Posts: 1533
Re: AV real-time does not detect viruses downloaded in Chrome and Firefox
« Reply #1 on: October 22, 2010, 04:05:35 AM »
I don't know about Chrome, but you are definitely wrong about FF 3.6: the real-time alert detects all of them, i suppose you have some defectuous sandboxing and/or virtual machine settings.

Offline clockwork

  • Comodo's Hero
  • *****
  • Posts: 2051
  • Oxygen requires Chuck Norris to live
Re: AV real-time does not detect viruses downloaded in Chrome and Firefox
« Reply #2 on: October 22, 2010, 05:41:36 PM »
really? the comodo antivirus scans archives now with the real time scanner? because two of eicars are archives...
"If there is a problem, it`s something interesting. Try to circumvent or fix it.
In the old ages there was no support. That`s why we got the brain we have today.
Otherwise we would only be able to call a number and listen."

Offline Guillermo391

  • Comodo Loves me
  • ****
  • Posts: 135
Re: AV real-time does not detect viruses downloaded in Chrome and Firefox
« Reply #3 on: October 22, 2010, 06:24:21 PM »
The thing is it will not detect the archives, but it will detect them when opened.

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6831
Re: AV real-time does not detect viruses downloaded in Chrome and Firefox
« Reply #4 on: October 23, 2010, 05:54:43 PM »
Everything is working as advertised on Firefox 3.6.11 here.

Downloading the .com file is caught as it is attempted to save to the HD. (The desktop in this instance, see screenshot) Firefox will indeed open the .txt file without issue, but if you read the website, the only reason for the .txt file is because some people have problems downloading the .com file. The .txt file is intended to be downloaded and renamed eicar.com to circumvent these download issues.

The archives are indeed not scanned when downloaded. The AV engine is an on-access scanning engine, so by design to improve performance, archives are only scanned when accessed.

Contrary to what some may think, there is absolutely no risk in having inert malware sitting in an archive on your HD for any length of time. The only thing that matters is whether or not the AV can grab the malware when it actually runs.

Offline clockwork

  • Comodo's Hero
  • *****
  • Posts: 2051
  • Oxygen requires Chuck Norris to live
Re: AV real-time does not detect viruses downloaded in Chrome and Firefox
« Reply #5 on: October 24, 2010, 04:31:28 AM »
there is a risk if you have a virus on your drive... one day it might be copy pasted on a stick, you bring it to another pc, and ...

one day you might have comodo on trainings mode to let a game work, and ...

i dont want a virus on my drive at all.

"If there is a problem, it`s something interesting. Try to circumvent or fix it.
In the old ages there was no support. That`s why we got the brain we have today.
Otherwise we would only be able to call a number and listen."

Offline brucine

  • Comodo's Hero
  • *****
  • Posts: 1533
Re: AV real-time does not detect viruses downloaded in Chrome and Firefox
« Reply #6 on: October 24, 2010, 04:40:40 AM »
Whatever the mode is, you cannot, even if Comodo was not installed at all, run an executable from a compressed folder without opening the said folder.

Scanning compressed archives somehow makes no sense, as only their access is relevant.

Offline clockwork

  • Comodo's Hero
  • *****
  • Posts: 2051
  • Oxygen requires Chuck Norris to live
Re: AV real-time does not detect viruses downloaded in Chrome and Firefox
« Reply #7 on: October 24, 2010, 07:12:13 AM »
"i dont want a virus on my drive at all."
"If there is a problem, it`s something interesting. Try to circumvent or fix it.
In the old ages there was no support. That`s why we got the brain we have today.
Otherwise we would only be able to call a number and listen."

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6831
Re: AV real-time does not detect viruses downloaded in Chrome and Firefox
« Reply #8 on: October 24, 2010, 09:29:17 AM »
Again, as hard as it may be to believe, a virus sitting in an archive is as good as having no virus on your drive...

Online Chiron

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 9910
Re: AV real-time does not detect viruses downloaded in Chrome and Firefox
« Reply #9 on: October 24, 2010, 10:49:35 AM »
A manual scan will check inside archives and catch it anyway. I believe the reason that real-time does not is to save system resources.

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 1994
Re: AV real-time does not detect viruses downloaded in Chrome and Firefox
« Reply #10 on: October 25, 2010, 01:29:21 PM »
Quote
Scanning compressed archives somehow makes no sense, as only their access is relevant.
+ 1       I agree
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline Hikertrash

  • Comodo's Hero
  • *****
  • Posts: 420
Re: AV real-time does not detect viruses downloaded in Chrome and Firefox
« Reply #11 on: June 30, 2012, 12:25:38 PM »
Since I recently started using Chrome, I was curious about dowloads being scanned for virus.  Happy to confirm, CIS caught a eicar.com, text and a zip from Eicar.

 :rocks:

« Last Edit: June 30, 2012, 12:34:11 PM by Hikertrash »
Dell Vostro 3500 | Windows 7 Pro 32bit | 500GB HD [at] 7200 rpm | 4 GB ram | Intel i5 | CIS v5.10|CTC|

Offline clockwork

  • Comodo's Hero
  • *****
  • Posts: 2051
  • Oxygen requires Chuck Norris to live
Re: AV real-time does not detect viruses downloaded in Chrome and Firefox
« Reply #12 on: July 01, 2012, 06:47:39 AM »
"Caught eicar"

Because it knows it.

I see eicar as a test "if your antivirus is switched on" ;)
"If there is a problem, it`s something interesting. Try to circumvent or fix it.
In the old ages there was no support. That`s why we got the brain we have today.
Otherwise we would only be able to call a number and listen."

Offline Seany007

  • Comodo's Hero
  • *****
  • Posts: 2376
  • Comodo Commando
Re: AV real-time does not detect viruses downloaded in Chrome and Firefox
« Reply #13 on: July 04, 2012, 07:53:17 PM »
Don't use old or beta versions. They are not stable and you risk massive security problems.
Proud Comodo User (CIS, CD, CID and CMS)

Offline HeffeD

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6831
Re: AV real-time does not detect viruses downloaded in Chrome and Firefox
« Reply #14 on: July 04, 2012, 08:07:28 PM »
Don't use old or beta versions. They are not stable and you risk massive security problems.

What is this reply in regards to?  ???

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek