Avast 5 out, no more 9x support

[North of Watford]

aru, thanks this is something Clam A/V has needed for a while.

Agreed.

The ClamWin team is working on an official real-time scanner but that will not work on Win98SE/Me.

Shame that they have turned their back on Win98.

In the meantime, thanks a million for the work you put into getting Clam Sentinel working, especially for Win98. For me, this add-on is what makes ClamWin usable. Without it, I would probably not bother with ClamWin at all.

[Multibooter]

While I was repairing my computer from an infection with Tenga.a (see this topic http://www.msfn.org/board/infection-tengaa-virus-t142726.html ) I had installed Avast under WinXP. The main reason for selecting Avast was that about 13 years ago, when I was more knowledgeable about this subject, Avast was very good at detecting hard-to-detect viruses. Avast was then kind of complementary to Kaspersky, which I am using now under Win98.

After having used Avast for a while under WinXP to find out how this Tenga.a infection came about, I can confirm that Avast is still complementary to Kaspersky and a good second choice. But Avast, in contrast to Kaspersky, gives a lot of false positives. When Kaspersky identifies something as a virus, it most likely is one. Kaspersky still updates fine under Win98, but the difficulty is how to buy a valid key for the version 6 which runs under Win98.

Using a virus scanner in a problematic case like the Tenga.a infection could be compared to using a "telephone joker" in the game "Who wants to be a millionaire": there is a good chance that the opinion is right, and a good chance that the opinion is wrong. At www.virustotal.com you can submit suspicous files, and they get checked by 40+ virus checkers. But what do you do if 20 virus checkers say that the file is infected, and 20 say that the file is good?

[herbalist]

At www.virustotal.com you can submit suspicous files, and they get checked by 40+ virus checkers. But what do you do if 20 virus checkers say that the file is infected, and 20 say that the file is good?

If I got results like that at VT scanning a file, I'd get rid of that file. IMO, 20 AVs missing a detection is more believable than 20 false positives. There could be exceptions to this, such as utilities that are used maliciously as much as they are for legitimate purposes or software that big money industries would have issues with. Even then, if you need to keep a file where the scans give mixed results, open it on a test system that's isolated from all the others and set up to detect malicious and unusual activities. With the problem you've had, the first tool I'd put on that test system is an integrity checker. Better yet, put the integrity checker and other investigative tools on read-only media so they can't be compromised and check the system before and after opening each suspicious file. I'd also use a flash drive or small hard drive to transfer the files to the test unit and overwrite/erase the whole thing after each transfer.

[jds]

Oh BTW, I forgot to mention one more detail : The real-time scan breaks first, so run or open the EICAR test file to be sure, don't just trust the manual scan as your test.

Joe.

Just tried the test file and it worked, so it appears to be working properly. Thanks for the heads up though.

Edited April 21, 2010 by jds

[jds]

Update - After trying Kaspersky 6.0.3.837 for a while, and finding this made my PC extremely unstable, I've now re-installed Symantec Antivirus 9.0 and can confirm that indeed, when the virus definitions of about September 2009 or later are installed, what breaks is the real-time scanning (Symantec seem to call this "auto-protect"). Manual scanning (eg. Explorer context menu) still seems OK, yet you can copy the Eicar test pseudo-virus onto your hard drive, and you can execute it (as eicar.com), yet SAV doesn't detect this. So a real virus would also go undetected as it gets copied onto your hard drive and/or executed!

Joe.

Oh BTW, I forgot to mention one more detail : The real-time scan breaks first, so run or open the EICAR test file to be sure, don't just trust the manual scan as your test.

Joe.

Just tried the test file and it worked, so it appears to be working properly. Thanks for the heads up though.

[jds]

Update - After trying Kaspersky 6.0.3.837 for a while, and finding this made my PC extremely unstable, I've now re-installed Symantec Antivirus 9.0 and can confirm that indeed, when the virus definitions of about September 2009 or later are installed, what breaks is the real-time scanning (Symantec seem to call this "auto-protect"). Manual scanning (eg. Explorer context menu) still seems OK, yet you can copy the Eicar test pseudo-virus onto your hard drive, and you can execute it (as eicar.com), without SAV detecting it. So a real virus would also go undetected as it gets copied onto your hard drive and/or executed!

Joe.

Oh BTW, I forgot to mention one more detail : The real-time scan breaks first, so run or open the EICAR test file to be sure, don't just trust the manual scan as your test.

Joe.

Just tried the test file and it worked, so it appears to be working properly. Thanks for the heads up though.

[Lastime]

Dr.Web Antivirus OS Supported

Windows 95/98/Me/NT/2000/XP/Vista (32-bit uniquement).

[JorgeA]

Dr.Web Antivirus OS Supported

Windows 95/98/Me/NT/2000/XP/Vista (32-bit uniquement).

That's correct, and the last time I checked they even had a version that works on MS-DOS and Windows for Workgroups 3.11 !

--JorgeA