Trust No Program

TheBat, Avast and Sandboxie

Please post your problem description here

TheBat, Avast and Sandboxie

Postby atomheart » Wed Oct 24, 2012 6:02 pm

Sandboxie 3.74 64-bit
Windows 7 64-bit
Avast free 7.0.1473
TheBAT E-mail client

Hello,

I use TheBat as e-mail client and have configured Sandboxie that TheBat can write e-mail data (including attachment files) outside the sandbox. I use Avast free as my antivirus software. When I recveive mails with file attachments these files will be stored in a separate folder called "Attach". These folder is within the folder path which I have specified in Sandboxie as the folder for "theBat". When I get mails with malware attachments (for example a pdf file with a trojan inside) these files will be stored in the Attach folder as well. The problem is that Avast cannot detect this file as malware in the moment when it was stored first time in that folder. Only when I for example move or copy the file into another folder or when I let Avast check the file Avast will detect the file as malware. May it be possible that Sandboxie prevents Avast from scanning the files?
atomheart
 

Postby tzuk » Wed Oct 24, 2012 9:12 pm

And you are sure that if Sandboxie is not the mix, then avast detects the malware as soon the file is placed in the Attach folder?
tzuk
tzuk
Site Admin
 
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Postby Guest10 » Thu Oct 25, 2012 12:24 am

If you can exclude some folder from Avast scanning, you can probably use Notepad to create a .txt file in that folder that contains the EICAR test file.

See the one-line test string listed under "Design":
https://en.wikipedia.org/wiki/EICAR_test_file
(Don't include the [1] footnote symbol)

You need to create the file in a folder that Avast isn't scanning. Otherwise, Avast will "clean" the file right away.
Then, see if you can attach that file to two emails to yourself.
Open one when sandboxed and one when not sandboxed, to compare the two.
Paul
XP Pro SP3 (Admin), Zone Alarm Pro Firewall, Malwarebytes Pro, Firefox 28, Thunderbird 24
Guest10
 
Posts: 4743
Joined: Sun Apr 27, 2008 10:24 pm
Location: Ohio, USA

Postby atomheart » Thu Oct 25, 2012 10:26 am

it was not Sandboxie, it was Avast who was not fast enough with updates for virus signatures. That was the reason why Avast did not detect it when it was written first time on the harddisk. Later (few hours) I checked the file again and it was detected. Amazing how fast malware distributes these days.
atomheart
 


Return to Problem Reports

Who is online

Users browsing this forum: No registered users and 0 guests