Re: virus/firewall protection
PCR wrote:
| Roger Fink wrote:
|| PCR wrote:
||> Roger Fink wrote:
||>>> You are welcome. Let us know what your final decision is. I
||>>> hesitate to offer...
||>>>
||>>>
http://www.avast.com/eng/avast_4_home.html Avast (free)
||>>>
||>>> ..., because it does have a problem (though avoidable) with some
||>>> of Windows's icons. Also, although avast! behaves well otherwise
||>>> & has many wonderful functions & settings-- it DOESN'T get into
||>>> every archive file during its On-Demand scans! On the plus side,
||>>> there are some archives it DOES get into that even WinZip will
||>>> not try. However, archives are harmless until opened. At that
||>>> point, it is avast!'s On-Access scanner that matters-- & there's
||>>> no reason to think it won't work!
||>>>
||>>
||>> Emphatically agree, but would add that with 98, 98SE, you need to
||>> deal with this:
||>>
http://www.avast.com/eng/webshield_issues.html#idt_6869
||>>
||>> which you can do by viewing these:
||>>
||>>
http://www.avast.com/files/tutorials/ws_ieproxy.htm
||>>
http://www.avast.com/files/tutorials/ws_ffproxy.htm
||>>
||>> Of course, now that I've high tech'd it to W2K, it all just
||>> magically works without tutorials or even human input. To borrow
||>> from the old Alka Seltzer ad, I've traded my headache for an upset
||>> stomach, but, on balance, I'll take it.
||>
||> I DIDN'T have to do any of that, either, in Win98 SE-- not manually,
||> anyhow.
||>
||> At "Internet Options, Connections tab, LAN Settings button"...
||>
||> "Automatically detect settings".......... is checked.
||> "Use automatic configuration script"... is unchecked.
||> "Use a proxy server for your LAN"....... is unchecked.
||>
||> At "Internet Options, Connections tab, NetZero, Settings button"...
||> NONE of those three is checked!
||>
||> I'm abashedly unsure whether it was all like that before, but I
||> believe what was necessary was done automatically, when I selected
||> to install the avast! WEB Shield Provider. Could be things have been
||> reversed-- it was the NetZero setting that was checked before,
||> possibly. So far as I always thought, I do not have or use a LAN.
||> And it looks like I'm using one now!
||>
||> It's possible... yea, I think I did have to state my smpt & pop3
||> servers somewhere along the line, though. I appear to have said they
||> were... smtp.netzero.net & pop.netzero.net... respectively. Even IF
||> I've actually left out a "3"-- looks like all is working with that.
||>
||> HOWEVER, soon I will start a thread on what I should allow Kerio to
||> allow IN & OUT for avast!-- above & beyond what I already have done!
||> I think I've almost got it right now!
||
|| PCR - When I first installed Avast I thought Webshield was operative.
|| The reason was because when I opened up the display, it said so!, as
|| it did for Internet Mail and Standard Shield. But I soon noticed that
|| this wasn't being reflected in the statistics in the box, because for
|| Webshield (only) the scan count was always zero.
|
| If that's what matters, then... yea... you would be correct it isn't
| working. Kerio shows AshWebSv.exe (localhost:12080) to be always
| listening, but I do see zeros in all its fields, yea.
|
| It's odd, though, I don't see NetZero (Exec.exe) on Kerio's "Opened
| connections at localhost" list AT ALL-- but somehow my NET connection
| is working fine! The apps there with the most activity by far are
| Kerio apps. The only other one showing anything is IExplore.exe.
| (Exec.exe is mentioned in the Kerio log file often enough, though.)
|
| HOWEVER, that list is not static. Let me open an URL & see what is
| added... losts more IExplore.exe pop in/out. Could be Exec.exe pops
| in/out too quick for me to see it (something certainly does).
|
| AshWebSv.exe still shows zero in its byte counts & speed numbers. But
| all of the 4 AshMaiSv.exe (avast! e-Mail Scanner Service) ALSO show
| zero in their counts-- yet that services is working! That is proven
| by...
|
| X-Antivirus: avast! (VPS 000758-3, 07/22/2007), Inbound message
| X-Antivirus-Status: Clean
|
| ... in the Properties, Details tab, of all posts read into this
| machine, & additionally...
|
| X-Antivirus: avast! (VPS 000758-3, 07/22/2007), Outbound message
| X-Antivirus-Status: Clean
|
| ... is in the Properties of mine. Also, I know I cannot send or
| receive any of the Eicar test viruses as an attachment, without
| pausing avast!'s Internet Mail Provider first. That's for sure!
|
|| You may indeed have a fully working installation of Webshield, but I
|| would confirm it by checking the statistics, i.e. the "scanned
|| count", to make sure Webshield is really doing anything, irrespective
|| of the feel-good news ("The provider is currently running") at the
|| top of the box.
|
| I don't have a box like that in the Home Edition v.4.7. However, I can
| pause & resume the various providers in a context menu. Let me pause
| the WEB Shield Provider... everything looks the same in Kerio. And
| STILL the virus is detected at...
|
http://www.eicar.org/anti_virus_test_file.htm
| ... when I click either Eicar.com, which is the same as before. (The
| .zipped ones, I have to open, before avast! will detect them. The .txt
| ones, I have to R-Clk & scan.)
|
| I'm not sure what to think. Can it be, if WEB Shield were actually
| working, I would not have to click anything at Eicar to get the
| alert? I GUESS, I will try what you say, Zabcar-- thanks. I'll get
| back to you later or tomorrow.
UPDATE... OK, I made the change...
At "Internet Options, Connections tab, NetZero, Settings button"...
"Automatically detect settings".......... is unchecked.
"Use automatic configuration script"... is unchecked.
"Use a proxy server for your LAN"....... is checked.
............................................ Address: localhost
............................................ Port: 12080
I need to evaluate it further. I STILL have 4 AshMaiSv.exe & 1
AshWebSv.exe in Kerio "listening" & showing ZEROS as before. I'm hoping
a reboot will eliminate them.
But, NOW I've got 2 MORE AshMaiSv.exe & 1 MORE AshWebSv.exe that DO seem
to be functioning. They pop in/out of the list as necessary, it seems,
when I click an URL.
The Eicar site seems to work better. Now, every one of the 4 "standard
protocol http" will trigger an avast! alert when clicked, not just the
..com.
The 4 "secure, SSL enabled protocol https" work as before-- the .com
only will trigger the alert when clicked. The .txt must be R-Clkd &
scanned after the download to trigger it. The .zip's must be unpacked
first. Additionally, once the "secure" Eicar.com.txt is read in this
way, the "standard" .txt will revert to behaving like that too-- until
Eicar.com.txt is deleted.
SO... that's lots better (I guess), thanks a lot, Fink (but you should
change that name to Zabcar). You've been invaluable!