CA eTrust EZ Antivirus r7 BETA

http://www.my-etrust.com/news/pressreleasedetails.cfm?pressReleaseID=26

Sounds interesting!

 

heres a picture of the new interface:

http://www.bluecue.net/newezav.jpg
a vast improvement imho!

 

hbkh,
Hey that does look nice. I currently use on one of my machines EZAV 6 I think it is. I like it and I like what I see here even better. I'll keep a sharp eye on this. Thanks for the information.

 

Not that its the most important, but it was about time they improved the GUI.
I always had a soft spot for EzAv. but the GUI is hmmmm. not the best in the world, if i may say so.

 

What about configurations? I could not find any. Archives? Does it delete infected stuff or what?
It looks great, but I miss the configuration ability badly!

Greetings,

Putin

 

To everyone from Firefighter!

eTrust EZ 7.0.0.26 (beta) is quite good av -- to test how your Anti-Trojan works, if you have any (according to eTrust EZ's trojan detecting).

PS. These NOD and Avast scanning results were about a week older than the other's, that means in my test that they are able to detect some 10 - 20 total findings more than there are now, based on DrWeb's, Command AV's and ClamWin's newer detectings compared those a week old ones.

Best regards,
Firefighter!

 

Have been trying this and looks like a great program, but when I receive mail with the Eicarcom2.zip file attached, it will just report the infection, but does not cure or delete it!!!!!! I'm not to happy with that.

putin

 

I think it is nice that etrust offers new EZ Armor 2005 version in Microsoft 1 year free offer. It is nice when you just download new, fresh version of some program and enter serial from old one and then use new one for time left from old one.

 

Archives are scanned by default. If you don't want to scan them, use the Exclusion list for either on-demand or real-time scanners. Infected stuff is treated depending on what you set in the Scan Settings (notice the Clean or Quarantine options).

 

Build 28, RC1 now available:

ftp://myetrustbeta:2rustsam@ftp.ca.com/EZAV7_0_0_28EN.exe

Please uninstall older builds of EZ AV 7 Beta before installing this latest build.

 

Like I said before, when receiving an e-mail with the Eicarcom2.zip file as an attachment, Etrust just reports this as an infected mail, but does not do anything with it, while it should be moved to Quarantine.......anyone else experience with this?

Please let me know.

Putin

 

This is by design. If you have a 20 meg zip file which contains 100 files, and only one is infected, you don't want to quarantine the other 99 clean files, which you may still need to access. While inside the .zip, the infected file is not a threat. The real-time protection will pick up the one infected file inside the .zip when/if you access it. Those are the reasons behind this design. The alternative would be to unzip the file on the fly and move only the infected file to qurantine, and then recreate the archive without the infected file. With the bezillion archive formats our there... hmmm.

 

Thanks for your respons, but I think they should build in an option how to treat this infection. Make a menu for deleting, renaming or moving to quarantine.
I find this a bit tricky, as I can imagine, that some users just leave it as it is reported and don't know what to do with it and that means, that there is still an infection crawling around.

Putin

 

"Thanks for your respons, "

You're most welcome.

"but I think they should build in an option how to treat this infection. Make a menu for deleting, renaming or moving to quarantine."

But why? For the sake of more options? Allow me to go into some detail...

Renaming is the same as quarantine, really. The end result is exactly the same - you want to prevent the file from being executed or opened accidentally. Quarantine does this far better than a rename (more secure, all the nasty stuff in one place instead of all over the drive). So why have a rename option? Who needs it?

Deleting? What if it's a false alarm? When it's in quarantine, users can restore it. Better still, if cleaning does not work or is not available, a file in quarantine can be cleaned and restored to the original location later, at a time when a new signature is made available. If you delete the file, it's gone for good. You may regret it. And while it's in quarantine, you can decide to empty the quarantine at any time. Guess what? That's just like deleting

The options you ask for just add complexity and confusion. A properly designed quarantine takes care of all these issues, still allows you to do what you want in all the cases you mention above, and reduces the number of options a user can *set incorrectly*.

"I find this a bit tricky, as I can imagine, that some users just leave it as it is reported and don't know what to do with it and that means, that there is still an infection crawling around"

EZ AV has never, ever cleaned infections inside archives. Many AV products don't. The infections are not "crawling around". They are harmless while inside an archive. They are contained - can NOT replicate. And if you do try to unzip and execute them, you don't have to do a thing, because the EZ AV real-time drivers will pick up the infection during a file open, execute or close operation.

If you are uneasy about having an infection in an archive, then decompress it (unzip or whatever) and reconstruct your archive without the infected file. What good would it do to put the archive into quarantine? What would the user do with it there. Stare at it for a while? Eventually delete it? Meanwhile, the user has lost access to potentially useful files inside the archive.

The simplest solution is often the best. As I said, the other alternative would be to decompress archives to a temporary directory, clean the infection(s), and reconstruct the archive. Slow? You bet. Unreliable? Probably. Overkill? I think so.

 

You're right......all the way along, but my problem is: the infected attachment with eicarcom2.zip was NOT Quarantined, like it should. I did get the report about the infection, but that was it! According to the manual, it should be quarantined automatically.

But I second your explanation, good story! But I just don't think it's right if nothing is done with the infection. Sure, I can do everything myself as a reaction on the report, but I think there should be some automatic action on this infected attachment, like other scanners do.

But.....keep it up and thanks again.

Putin

 

"But I second your explanation, good story! But I just don't think it's right if nothing is done with the infection. Sure, I can do everything myself as a reaction on the report, but I think there should be some automatic action on this infected attachment, like other scanners do."

What automatic action would you like to see? What is the "some automatic action" *you* would set it to?

 

At least that it is put in Quarantine, like the manual states!!!! That's all!!

Putin

 

Ahhh... so the documentation is wrong ;-) Got it.

 

Don't know if the documentation is wrong, maybe the program does not do what it should be doing. I really don't know.
When I activate eicar.com on that site, it is quarantined......great. When I receive a mail with eicarcom2.zip as an attachment, it is just reported and not quarantined.

Thanks again for your reply!

Putin

 

"maybe the program does not do what it should be doing. I really don't know"

Let me answer that It's doing what it is designed to do. The docs will be changed.

Shem,
CA

 

Thanks again and now I see the light......you are from CA!!!! I'll try to be happy with the way it works now and will report back about other findings as soon as the moment is there.
Keep up the good work and good luck with this great product!

Greetings & Putin

 

Just some other information about detecting and handling of infected e-mails.
I did the test at this site: http://www.testvirus.org/ with the following result.
Used AVG 7.0 Free version Beta and CA EZ Antivirus r7 Beta.

Results AVG 7.0 free Beta:

25 testmails
8 x not detected: #5, #8, #14, #16, #20, #23, #24, #25
17 x detected with the eicar file
17 x moved to Quarantine

which is a great score as all the infections mails are quarantined!

Result eTrust r7 Beta:

25 testmails
7 x not detected: #4, #5, # 20, #22, #23, #24, #25
18 x detected with the eicar file
8 x moved to quarantine: #1, #2, #3, #6, #9, #13, #15, #16
10 x detected with infection, but just reported and nothing done with:
#7, #10, #11, #14, #17, #18, #19, #21, #26

I find this no good, compared to AVG, as the program should at least move these to

quarantine and now these 10 files are left to be deleted or moved by hand!!!!!

I hope you can do something with this information.

Good luck & Putin

 

Thanks for all the info Putin. It's all related to the same issues I already explained, and currently it works as intended. Having said that, it is something we could change in future if enough users want it. Really appreciate you taking the time. Thanks!

 

I still like your program......don't get me wrong, just thought to try a few things.

But I really prefer an AV scanner, that deals with infected files one way or the other, like moving to quarantine at least!

Take care .......... Putin

 

And this is what Panda Platinum 7.0 did with the e-mail test.

Results Panda Platinum:

25 testmails
6 x not detected: #5, #16, #17, #19, #20, #24
19 x detected with the eicar file
7 x disinfected: #4, #11, #18, #21, #22, #23, #26
12 x moved to quarantine: #1, #2, #3, #6, #7, #8, #9, #10, #13, #14, #15, #25

so....all detections were dealt with!!!!!!