How CIS V4 Handles Eicar Tests

As posted by a user on

Scanning within an archive means you SHOULD NOT HAVE TO RIGHT CLICK ON AND SCAN IT. The eicar file should be detected as soon as its done downloading. The reason the eicar test does not get detected is cause CAV’s real time shields cannot scan within an archived file like a zip or rar. Any anti virus will detect the eicar test when running an on demand scan. You need to learn what you are talking about Tor. The fact that CAV does not detect the eicar test as soon as its done downloading is not a good thing. What if zip file had a real virus inside of it and not just the eicar test. The user would know until her tried extracting it. That is if CAV even detects it…and then:

Your missing the point. CIS will only ask you what to do if it detects it. The point is that a newbie that downloads a zip or rar file has no idea whats inside of it. So they will try and extract it. If your real time anti virus can scan within archives then no need to worry about every extracting malware. And yes it is a downfall. What this proves is what I have been saying all along about CIS. Comodo is a great firewall but CIS relies to heavily on D+. When you look at security you need to look at it from a real world point of view and not your experienced point of view.

My purpose of posting this is the fact that I think this is an interesting subject. This is not to call out a user on another forum, just to answer a (in my mind) legitimate issue.

Excepting active contents in mail or websites (and, funny enough, i don’t see anyone quarantining mail attachements until they are locally scanned), no malware jumps on you if the archive file is not auto-executable, but in this last event, no one can keep one of its own foolness.

If the archive is extracted, it is time enough to scan it before using whatever of its files, and it shall be from the realtime guard item of whatever av.

I have a lot of zipped archives (wherein i exactly know what resides) and i don’t use Comodo but Avira as an AV.

Avira has the ability of scanning archives in real time, but it is not realistic to scan several and heavy zips which i know to be safe; these archives are placed in specific folders and/or partitions, and these are excluded from real time scan if i don’t wan’t it to spend hours.

I find the way that Comodo handles the Eicar test files to be perfectly acceptable. It may not detect the archived files as they are downloaded but it will when you try to extract them. Even if you turn off the AV to extract the file and then turn it back on, you don’t even have to click on the extracted file for CAV to detect it as bad, you only have to mouse over it.

If there is a bad file within a folder, it is detected as soon as the folder is opened and again you don’t even need to click on the file. Since it does these things, scanning the archive as it is downloaded is not necessary since the archived file can do nothing bad and could sit there forever with no harmful effects…


I’m just not sure what some people get so excited about. Even the most harmful virus is no threat if it is just sitting there in an archive on your hard drive. If you or any other user (or application) tries to access it, CIS will intervene. Scanning immediately after downloading is a redundant operation.

This has been discussed more than just several times in the past. CIS does not have a web or other shields (IM, p2p, mail, etc) as Comodo thinks that once the malware gets loaded in memory or accessed on disk is still timely enough. It also helps to keep CIS light and snappy.

Trying to explain this is a bit difficult. :-\

there is no purpose of web shield or such becasue any website you see all of the files end up on the hard drive anyway and they have to be written there so it will still get scanned by CIS. Unless the program uses IP blocking, there is no purpose of any shield. Malwarebytes uses IP blocking and that is effective but anything else is basically a waste of your computers resources.