Eicar Test File In Safepay

I can successfully download EICAR test file and Bitdefender don't display any pop-up for its detection.

Comments

  • camarie
    camarie Principal Software Developer BD Staff
    I can successfully download EICAR test file and Bitdefender don't display any pop-up for its detection.


    Safepay does not scan files, nor executes them. That should have been caught by HTTP scan.


    I submitted to QA the case anyways.


    Thanks for signaling this to us.


    Regards,


    Cristian

  • camarie
    camarie Principal Software Developer BD Staff
    I can successfully download EICAR test file and Bitdefender don't display any pop-up for its detection.


    The file should have been caught by OnAccess module. You can check if the file was deleted or not, but in our tests was deleted.


    It is displaying a popup but is probably displayed in the default desktop, this is why you cannot see it being in the Safepay desktop.


    I will submit to PM this improvement (to get notified by the onaccess file deletion and display a message inside Safepay).


    Regards,


    Cristian

  • coolcool1227
    coolcool1227 ✭✭✭
    edited December 2012

    I can still successfully download EICAR file in Safe Pay and Bitdefender don't detect it during downloading even if http scan is enabled while in normal browser Bitdefender successfully detect it during downloading via detection in the temp file created by the Browser. In the former case (the EICAR download in SafePay), however the On-Access Scan successfully detect it e.g. from C:\Users\Toshiba\Downloads\BitdefenderSafepay\ .

  • camarie
    camarie Principal Software Developer BD Staff
    I can still successfully download EICAR file in Safe Pay and Bitdefender don't detect it during downloading even if http scan is enabled while in normal browser Bitdefender successfully detect it during downloading via detection in the temp file created by the Browser. In the former case (the EICAR download in SafePay), however the On-Access Scan successfully detect it e.g. from C:\Users\Toshiba\Downloads\BitdefenderSafepay\ .


    Although I am not fully aware on how http scan injects, I suspect that it is somehow excluded from http scan, I don't have other explanation at this time.


    Let me recheck with Andrei (my QA teammate) and send some questions to http scan team.


    It will be probably needed to incorporate a custom scanning method in Safepay, after all... *


    Cristian


    * ... only that will be done after New Year's holiday, almost everyone in development is in vacation.

  • Hello,


    Could you please tell us if you are trying to download eicar files from http://www.eicar.org?


    If yes, are you downloading eicars using the standard protocol http or the SSL enabled protocol https?


    If not, please provide us with the link you are using for download so we can further investigate.


    Thank you for your feedback!


    Andrei Burdun


    QA Analyst

  • * ... only that will be done after New Year's holiday, almost everyone in development is in vacation.


    I appreciate your way of replying....


    Although I am not fully aware on how http scan injects, I suspect that it is somehow excluded from http scan, I don't have other explanation at this time.


    Let me recheck with Andrei (my QA teammate) and send some questions to http scan team.


    It will be probably needed to incorporate a custom scanning method in Safepay, after all... *


    How come it could be excluded from http scan? Browsing the malicious website can be blocked, but why download of malicious file is not blocked?


    Hello,


    Could you please tell us if you are trying to download eicar files from http://www.eicar.org?


    If yes, are you downloading eicars using the standard protocol http or the SSL enabled protocol https?


    If not, please provide us with the link you are using for download so we can further investigate.


    Thank you for your feedback!


    Andrei Burdun


    QA Analyst


    Since my account was suspended for three days because I show the sleeping face of technical support to them which was not replying to our posts in a timely manner, so I couldn't replied promptly.


    Its from the official site "http://www.eicar.org" but I don't know which protocol is used by SafePay. How do I confirm this? However I enable all Privacy options and also http scan option in the Antivirus, but still the issue remains.

  • Hello,


    To confirm whether you are downloading the eicar test via HTTP or HTTPS please provide us the url address you are using.


    - the link should look like: http://www.eicar.org/download/eicar.com via HTTP


    - the link should look like: https://secure.eicar.org/eicar.com via HTTPS


    Best regards!


    Andrei Burdun

  • Hmmmm......I checked it with both.

  • First Bitdefender first shows the successful completion of download of EICAR file in SafePay in blue color text pop-up and when I exit from SafePay, Bitdefender then shows the pop-up of detection of EICAR and moves it to quarantine. Is this normal behavior?

  • First Bitdefender first shows the successful completion of download of EICAR file in SafePay in blue color text pop-up and when I exit from SafePay, Bitdefender then shows the pop-up of detection of EICAR and moves it to quarantine. Is this normal behavior?


    Hello,


    It is normal that Bitdefender has moved the eicar test file to the quarantine. That means that OnAccess has blocked it.


    I admit that it is confusing that you see the notification after you close Safepay. We have forwarded this to PM and we might integrate a custom message inside Safepay whenever a downloaded file has been blocked.


    Best regards!


    Andrei Burdun

  • coolcool1227
    coolcool1227 ✭✭✭
    edited January 2013

    But I think its dangerous, SafePay also uses Cloud engines (as said here http://forum.bitdefender.com/index.php?sho...t&p=162897) which can provide better detections than the local engines, so why the cloud engines failed to detect the downloading of EICAR files?

  • Hello ONT,


    Is your Bitdefender Toolbar turned OFF? If Yes, then this is why the page is not scanned.


    Best regards!


    Andrei Burdun

  • Hello ONT,


    Is your Bitdefender Toolbar turned OFF? If Yes, then this is why the page is not scanned.


    Best regards!


    Andrei Burdun


    Kindly see the attachment, EICAR file can be still download successfully even BD toolbar and http scan option are active.

    post-31288-1360644569_thumb.jpg

  • Kindly see the attachment, EICAR file can be still download successfully even BD toolbar and http scan option are active.


    I never got a Bitdefender toolbar with Total Internet Security even though this is a clean install on this machine how do I get a toolbar for internet explorer and Mozilla's Firefox browser? Can someone please tell me? Thank you in advance.


    Sincerely,


    Rich W

  • I never got a Bitdefender toolbar with Total Internet Security even though this is a clean install on this machine how do I get a toolbar for internet explorer and Mozilla's Firefox browser? Can someone please tell me? Thank you in advance.


    Sincerely,


    Rich W


    Do you have the toolbar turned on?


    settings-Privacy-Antiphishing tab-Show Bitdefender Toolbar.

  • Yes, and that little guy can be hard to find against a dark background. At times I've navigated to a whiter web page to find it easier :)


    tabhiding.jpg

  • Yes, and that little guy can be hard to find against a dark background. At times I've navigated to a whiter web page to find it easier :)


    tabhiding.jpg


    Yes, it would be much easier to find if it had the 3 little green lights similar to the traffic light .

  • lol, you were reading my mind, as I was thinking of posting an image of that too. So now that you've mentioned it, so RichieW can see, here is what that looks like. I agree with you ozziebear, I would like to see it too, maybe a Feature Request?


    BDtralfficlight.jpg

  • Sure. We'll add it to the list.

  • @RichieW: Kindly open your issue in another topic as you are off-topic here. Check you Privacy Module settings otherwise.

  • @RichieW, ozziebear, columbo - I am glad you sorted out with the Bitdefender Toolbar.


    @ONT - I have looked at the screenshot you posted. It seems you are downloading the eicar test file from wikipedia, which points to https://secure.eicar.org/eicar.com.txt


    At the moment, Safepay does not block it when using the https protocol, but the development team is looking to implement this as well. Until the implementation is done, the file is detected and blocked by OnAccess.


    Best regards!


    Andrei

  • @RichieW, ozziebear, columbo - I am glad you sorted out with the Bitdefender Toolbar.


    @ONT - I have looked at the screenshot you posted. It seems you are downloading the eicar test file from wikipedia, which points to https://secure.eicar.org/eicar.com.txt


    At the moment, Safepay does not block it when using the https protocol, but the development team is looking to implement this as well. Until the implementation is done, the file is detected and blocked by OnAccess.


    Best regards!


    Andrei


    As I replied already to your post "http://forum.bitdefender.com/index.php?showtopic=38957&view=findpost&p=171314" that the issue is same for http and https protocol, (the link should look like: http://www.eicar.org/download/eicar.com via HTTP


    - the link should look like: https://secure.eicar.org/eicar.com via HTTPS), I have checked the issue on various machines for both protocols. Bitdefender should detect it while downloading and not on the end of download. So what about EICAR remains undetected using http protocol?

  • As I replied already to your post "http://forum.bitdefender.com/index.php?showtopic=38957&view=findpost&p=171314" that the issue is same for http and https protocol, (the link should look like: http://www.eicar.org/download/eicar.com via HTTP


    - the link should look like: https://secure.eicar.org/eicar.com via HTTPS), I have checked the issue on various machines for both protocols. Bitdefender should detect it while downloading and not on the end of download. So what about EICAR remains undetected using http protocol?


    ONT what forum should I post in and how can I move the post? Can you move the post for me? Thanks very much.

  • ONT what forum should I post in and how can I move the post? Can you move the post for me? Thanks very much.


    You can post the Toolbar related issues here in the Privacy Module sub-forum


    http://forum.bitdefender.com/index.php?showforum=319


    And since I am not from Bitdefender staff, so I can't move your posts.