AV real-time does not detect viruses downloaded in Chrome and Firefox

Hello

There is a web site, eicar.org, that provides test virus files that can be downloaded in eight forms (http, https, unzipped, zipped). These are not real viruses: they’re just files whose signature is recognised by all AV tools.

Here the results of testing the eicar files with IE, Firefox and Chrome:

  • Comodo real-time detects the virus in the eight files in IE 8.0.7600.16385.
  • Comodo real-time DOES NOT detect the virus in the eight files in Firefox 3.6.10.
  • Comodo real-time DOES NOT detect the virus in the eight files in Chrome 7.0.517.41 beta (it failed on the latest non-beta as well).

That means the real-time scanning is ineffective with Firefox and Chrome. You have to wait for the scheduled scan to run, which could be up to a week, before the virus is detected by which time a lot of damage could have been done to your PC!

Please address this ASAP.

Thanks

Praful

I don’t know about Chrome, but you are definitely wrong about FF 3.6: the real-time alert detects all of them, i suppose you have some defectuous sandboxing and/or virtual machine settings.

really? the comodo antivirus scans archives now with the real time scanner? because two of eicars are archives…

The thing is it will not detect the archives, but it will detect them when opened.

Everything is working as advertised on Firefox 3.6.11 here.

Downloading the .com file is caught as it is attempted to save to the HD. (The desktop in this instance, see screenshot) Firefox will indeed open the .txt file without issue, but if you read the website, the only reason for the .txt file is because some people have problems downloading the .com file. The .txt file is intended to be downloaded and renamed eicar.com to circumvent these download issues.

The archives are indeed not scanned when downloaded. The AV engine is an on-access scanning engine, so by design to improve performance, archives are only scanned when accessed.

Contrary to what some may think, there is absolutely no risk in having inert malware sitting in an archive on your HD for any length of time. The only thing that matters is whether or not the AV can grab the malware when it actually runs.

[attachment deleted by admin]

there is a risk if you have a virus on your drive… one day it might be copy pasted on a stick, you bring it to another pc, and …

one day you might have comodo on trainings mode to let a game work, and …

i dont want a virus on my drive at all.

Whatever the mode is, you cannot, even if Comodo was not installed at all, run an executable from a compressed folder without opening the said folder.

Scanning compressed archives somehow makes no sense, as only their access is relevant.

“i dont want a virus on my drive at all.”

Again, as hard as it may be to believe, a virus sitting in an archive is as good as having no virus on your drive…

A manual scan will check inside archives and catch it anyway. I believe the reason that real-time does not is to save system resources.

Scanning compressed archives somehow makes no sense, as only their access is relevant.
+ 1 I agree

Since I recently started using Chrome, I was curious about dowloads being scanned for virus. Happy to confirm, CIS caught a eicar.com, text and a zip from Eicar.

:rocks:

“Caught eicar”

Because it knows it.

I see eicar as a test “if your antivirus is switched on” :wink:

Don’t use old or beta versions. They are not stable and you risk massive security problems.

What is this reply in regards to? ???

In this topic somebody used google chrome beta.

You do realize that the original post was made two years ago?

And do you realize that it’s not me who got this post back in the action. It was Hikertrash. See the topic again.

Plus don’t tell me that beta still not there! New things always will be beta and ppl still will use old versions.

I never said you revived the post.

The point I was trying to make was that the software versions weren’t old when the post was originally made…

I got that. Yes but google chrome was beta.