Eicar Virus not detected by on access scanner [RESOLVED]

I downloaded the Eicar test virus but the On Access scanner didn’t even detect it. What caused that to happen? The strange thing is that it can pick up the Eicar virus when I set the on access scanenr to scan all files but it doesn’t detect it on selective extenstions.

That is because some file types such as .txt etc are considered to be safe and non-executable but file types such as .exe, .com, .scr, .jar are all considered far more likely to have malicious code and are also executable.

The reason antivirus products have filtering of extensions is to speed up the scanner so that it’s not scanning files that are extremely unlikely to have a virus in them.

EDIT: Typos

Thank you for your input. (L) I clicked on the Eicar com file with the selective extensions on but it didn’t even detect it.

Maybe it is because COM files are not ASCII (plain text) files & the EICAR string is a text string. Try an extension like JS (JavaScript), JS files are ASCII.

BTW in CAVS you can alter the real-time scanner to not use selective extensions, but to scan all extensions… or you could add TXT to the list of file extension to be scanned both in the real-time & on-demand scanners (I think its under Advanced options for each section). Anyway, as Rotty says… its like that for efficiency reasons. Making CAVS scan all extensions will slow things down, probably sufficiently enough that you’ll notice it.

I changed it to Js and the on access scanner detected it. Thank you for your help.

No problem Cowboy Rusty. So, you’re happy? I can mark this topic as [RESOLVED] and close it?

Sure and i’m happy now. :slight_smile: