I’m not having any luck adding CAV to Free Download Manager so that it will automatically scan my downloads. I believe cavscan.exe is the correct file to use, but with what arguments?
I’m not sure, normally an application would pass it’s info on %1
Are you not running real-time scan and is that the reason to use a “cavscan” ?
Good morning. Yes, I am running CAV real time. Would that scan the download?
Thanks for your help.
Yes CIS real-time scan’s all files written to disk, so it should already alert on “known bad downloads”…
You could try to download the AV test file from EICAR and see if it alerts…
It will only alert you on files that aren’t in compressed archives.
From tests I did previously, the first two Eicar files are picked up immediately. The aren’t zipped. The second two are zipped and they are only picked up when you attempt to access them.
Edit: Oh, and the %1 argument does nothing when calling cavscan.exe. Apparently the engine does not accept any command line arguments.
It could well be that they handle that differently, i don’t use it very much.
Or that there is no option to “feed” the cavscan.exe directly.
Thank you both, CAV responded to EICAR exactly as stated.`
Others are asking about this at FDM Forums, would it be OK to link to this thread? (V)
Edit: One more related question: would this same principle apply to e-mails downloaded with Thunderbird?
Yes, of course.
(As long as don’t copy all of this, I think it is fine.)
Sorry Jeremy, I was editing while you were posting. ;D
Yes, any time CIS’s Real-time scanner is enabled, and you write/download a file that it has signatures for to your disk, the scanner should detect it.
OK - Thank you very much. :-TU
I have tested thunderbird before, and you can have an email in you inbox (or other folders) CIS won’t alert on it, and won’t kill you thunderbird files on disk. Just when you want to save a "bad’ file CIS will alert.
So a manual/real-time scan will never kill your thunderbird mail folders.
I think you know everything.
OK, now I’m confused. If CIS/CAV scans everything written to disk, why wouldn’t it scan/alert when Thunderbird writes to disk?
I think I figured it out. I placed the four EICAR files and SYSInternals Blue Screen Saver in a draft and saved it in Thunderbird. Neither CAV, SAS, a-squared nor MBAM can read the format that Thunderbird files are stored in. Hence, no alert. But once the files are executed, CAV, then D+, then SAS Pro alerted. I can live with that as long as I know I’m protected.
I know Kaspersky (at least online version) will scan the files and find them in there…
It doesn’t scan everything when it writes to disk. It appears to only scan certain file types. And it doesn’t scan compressed archives.
When you downloaded the four Eicar files, did it pick up the first two (uncompressed) on write, but only the second two (compressed) on access? This is what it does on my system.
Interesting. I have KAV AVK and will set up the bogus malware again in Thunderbird to see if it is detected.
Yes, exactly as you say.
No, Kaspersky AVK doesn’t read TB mail, either. >:(