In this post I will share some of my initial experiences with avast! antivirus v4.8. Although I am evaluating avast! 4.8 on a Windows 98 system, some of the problems I've noticed would also exist under Windows XP and Vista. I have chosen avast! antivirus as a replacement for Grisoft's AVG, which will no longer support Windows 98. The fact that many people running Windows 98 are also AVG users inspired me to write this post. Perhaps people seeking a new antivirus program will find my observations helpful.
Since I use my computer commercially I am not eligible for the free home version of avast!. A comparison between the home and professional versions indicates they are the same except for the following features only available in the professional version: command line scanner, enhanced user interface, script blocking, push updates, creating tasks, scheduling tasks, and storing scan results. If I don't encounter major problems I can't solve during the trial period I will buy the professional version.
I had no difficulties with avast!'s download and installation. Before installing avast! I booted my computer into safe mode so that AVG would not be running. I uninstalled AVG by running setup.exe in the AVG folder. The setup program provided an option for removing AVG. Then I rebooted and installed avast!. I chose the custom installation and chose not to install the scanning modules for applications I don't have -- Outlook, peer-to-peer networking (P2P), and instant messaging (IM). Near the end of the installation process a wizard configured email scanning.
Avast! with POPFile
Installing avast! reconfigured my four email accounts in Eudora so that they no longer worked. I had anticipated that problem. I use POPFile to examine, sort, and tag my email before it gets to Eudora. I would have been very impressed if avast! had inserted itself into the mail-processing stream without creating a problem. I wasn't sure of the easiest way to restore my Eudora accounts to their prior settings, so I simply restored the eudora.ini file from the Eudora folder in the disk backup I had made before uninstalling AVG. That worked. I could send and receive mail from my various accounts again but the mail wasn't being scanned for viruses. I researched the problem online and found the solution for avast! 4.5 in the POPFile Documentation Project. I updated the avast4.ini file using the instructions on that site, and it worked. I did not change anything in Eudora or in POPFile.
Scan of Internal Hard Disks
I wanted to run a scan overnight. I was curious to see if avast! would identify any viruses that AVG had either missed or ignored. I found three ways to run avast!: by clicking avast! antivirus in the Windows start menu, by double-clicking the desktop icon added during installation, or by right clicking the avast! tray icon and selecting "Start avast! Antivirus". Here's a reduced image of the simple user interface using the default skin, which looks like a media player.
You have to point the cursor at each button and wait for a pop-up description to appear to see what each button does. I tried the alternate skin offered, but it was no more intuitive to me. You still must hover the cursor over each button to see what the button does. I went back to the default skin.
I tried to adjust the sensitivity setting by clicking and dragging the indicator in the pop-up sensitivity graphic. My screen went black. The keys and mouse were inoperable so I had to reboot. Then I discovered the menu that's displayed by clicking the button on the upper left of the simple interface. I set the scan area to local disks, set the scan level to thorough, decided not to scan inside archives, started the scan, and went to bed.
About a half hour after going to bed I was startled to hear a siren and a male voice say "Caution, a virus has been detected." I got up and investigated. The scan had stopped and was awaiting a response to a pop-up window. My plan had been to run the scan, check the results in the morning, and decide what to do about anything that had been found. That plan wasn't going to work if the scan couldn't be run unattended. I examined the pop-up window's options. I think they were: delete, move, and move to chest (i.e. avast!'s quarantine area). I didn't want to do any of those things. I wanted the file's name and location to be logged and the scan to continue. There was a check box that said something like, "Don't show me this message again." I checked the box hoping it would allow the scan to run unattended. Then I clicked "continue" at the bottom of the window without selecting an option for what to do with the file. The alarm went off again and the window came back demanding an action. I told it to move the file to the chest. Then I went back to bed and although more viruses were detected, no more alarms went off. The program automatically moved each file containing a virus to the chest without bothering me.
The thorough scan took about eight hours and twenty minutes to scan about 255,000 files (on a 3.2 GHz Pentium 4 - Northwood, with 1 GB RAM, and two 7,200 rpm Western Digital IDE drives). I can't give an exact duration or file count because both the "last scan results" and "view scan report" were grayed out. (Later I discovered the report file creation feature was not turned on. It can be turned on by going to settings in the simple menu, and then selecting "Report file". There's a check box that says, "Create report file".)
[Update 5/21/08: I ran another thorough scan overnight. Afterward when I used the simple menu to go to Tools, View scan reports, the "View scan reports" menu item was grayed out. I went to Settings, Report file and verified that "Create report file" was checked. I used Windows Explorer to find the report file. I viewed it and the latest scan report had been appended to the file. So the report was created although viewing it was not available in the Tools menu. Here's the path and name of the report on my system: "C:\Program Files\Alwil Software\Avast4\DATA\report\Simple user interface.txt". The report named ten files that could not be scanned because there was not enough storage. The files ranged in size from 289 MB to 4 GB. Over 20 GB of space is free on C: so the storage limitation must be RAM or a logical area programmatically defined in the avast! scanner.]
Seven viruses were detected, all in old emails. There were five copies of "Win32:Beagle-gen@mail" and two copies of "VBS:Kak-A [Wrm]". Avast! did not identify which emails contain the viruses. I restored one of the large mail files from the virus chest back to Eudora. Then I right clicked the file's name in Windows Explorer and selected "scan" from the context menu. Avast! alarmed, said a virus had been detected, and popped up the action window. The options were move/rename, delete, and move to chest. I clicked continue. The alarm went off again and the same window popped up, only this time there was a fourth option, repair. I clicked repair and another window popped up with three choices: repair all, repair, and cancel. I clicked repair all. The windows went away as if the repairs had worked and the problem had been solved. I went back to Windows Explorer and scanned the same file again. The alarm went off and named the same virus that had supposedly been repaired. So "repair all" was deceptive and unreliable. (I have never had success with an antivirus program's repair facility.) This time I selected "repair" rather than "repair all" in the second pop-up, and a message was displayed that said, "The file was not repaired."
I don't like the choices I see for handling old mail files. I can have large mail files kept in avast!'s virus chest, in which case thousands of emails would be inaccessible to Eudora, or I can restore them to Eudora and have them cause problems each time I perform a system scan. I don't have to worry about the viruses becoming active and infecting anything, because if an email containing a virus were ever opened, avast!'s resident shield would catch the virus. A Eudora mail file might contain a thousand emails, but avast! has to delete or move the entire file of a thousand emails, not just the email containing the virus. That's a problem. If avast! could show a block of text from each offending email I could easily perform a search myself, find the email, and delete just that email. If anyone can tell me how to identify which emails contain viruses please leave a comment telling me how. The Eudora files are ".mbx" text files that can be edited with any text editor.
The next day I discovered how to turn off skins. Click the simple interface's upper left button, or right click the skin, to get the menu. Choose settings, then common. There's a check box that can be unchecked to disable skins. Close avast!. Start it again and there's a clear, functional, simple interface. Here's a reduced image of the simple user interface displayed when skins are disabled.
And here's a reduced image of the enhanced user interface that's available in the professional version.
I ran another scan of my fixed drives. This time I selected a sensitivity level of standard rather than thorough. The scan took 48 minutes and 11 seconds to scan 255,935 files and 12,990 folders. Zero infections were found. The standard scan did not find the viruses in the old mailbox text files I had restored from the virus chest.
I have temporarily used the Settings, Exclusions screen to exclude two old mail files from scanning. I'll discover the names of the other mail files I restored on my next thorough scan, then I can exclude those files too. Adding a file or path to the exclusions list does not prevent on-access scanning, so I'm still protected from the old viruses in the excluded files. There's a problem with the design of the exclusions screen. The display area for showing the list of exclusions is not wide enough to show the file names. The display is not resizable and there's no horizontal scroll bar. Items can be added or removed, but the file names can't be seen when the path is long.
[Update 5/21/08: I discovered where you can see the file names in your exclusion list when the path is too long for the exclusions list display. Exclusions are listed in the [Common] section of the avast4.ini file in the avast data folder.]
Virus Chest Keeps Copies of Restored Files
This isn't really a problem, but it is unexpected based on user experiences restoring files from the Windows recycle bin. Files can be removed from the virus chest manually.
[Update 5/21/08: I ran another thorough scan which did not find the old mail files I thought I had restored from the virus chest. I wanted to find them so I could add them to the list of files to exclude from scanning. Apparently I was wrong in thinking I had restored files that were automatically deleted from the virus chest. I have edited the above paragraph to remove the misinformation I had previously posted. To verify that restoring files does not remove them from the virus chest I performed tests using two EICAR test viruses, called EICAR.exe and EICAR.com. When I right clicked on one and selected scan, avast! alarmed and let me move the file to the virus chest. I double clicked on the other file to run it. Avast! alarmed and I moved that file to the virus chest too. I restored both files from the virus chest to their original locations. The virus chest retained copies of the restored files.
I was interested that I had no trouble saving, modifying, copying, or deleting the EICAR files. Investigation revealed why. I right clicked the tray icon and selected "On-Access Protection Control". The Standard Shield was set to Normal sensitivity, which scans executable files that are executed, but not when they are read, modified, or copied. The High setting is stricter, and has various options for further defining the scanner's behavior.]
Voice Alerts
There's a voice announcement every time avast! automatically updates itself that I find quite annoying. Here's how to stop that voice announcement. On the simple menu go to settings, then sounds, then settings. Scroll down the list of sounds until you come to the section called "avast! antivirus". Click on the sound called "Automatic VPS update" to highlight it. Click the arrow on the right edge of the "Name" field and select "None". Click "Yes". The sound list also contains two other avast! voice alerts you can change if you like -- one for when a virus is detected and one for when something suspicious is detected.
Simple Menu Loading Failures
Several times the avast! simple menu has failed to run when I've tried to start it using either the desktop icon or the right-click menu of the tray icon. It seems to work the first time I run it after a reboot, but sometimes subsequent attempts to run it fail, as if it doesn't shut down cleanly. After the avast! simple menu has failed to load I have to reboot before it will run again. The first time it failed I got this error, "The process cannot access the file because program cannot set property into main storage."
The most similar error I found in a FAQ on the avast! web site said, "Unknown error. Program cannot set property into main Storage." The solution began, "Solution described in this FAQ should not be used with the program version 4.7. This error message is displayed when your ODBC drivers are too old, or damaged, or if they aren't installed properly. avast! before version 4.7 uses these drivers by default." The FAQ goes on to describe two solutions -- update the ODBC drivers or use a text editor to change one line in the avast4.ini file from "Database=ODBC" to "Database=XML". I opened my avast4.ini file and found the line in question. It says, "Database=SQLT", so I didn't change it. Apparently version 4.8 uses SQLT instead of ODBC or XML. Other errors I've gotten when running the simple menu include: "avast! splash screen cannot load configuration" and "avast! simple user interface cannot load configuration".
This problem is intermittent and aggravating but something I can live with. The resident scanners for mail, scripts, file access, and Internet access load automatically. I only need the menu for infrequent activities like configuring features, running an on-demand system scan, or viewing the virus chest, logs, or reports. Files, folders, and entire disks can be scanned using the right-click menu in Windows Explorer. The enhanced menu offers task creation and task scheduling which further reduce the frequency at which a menu is needed.
I have an untested theory regarding the menu-loading problem. In the avast4.ini file I noticed a line that says, "ThreadTerminationTimeout=30000". It might be that the program does not shut down quickly and cleanly, thus hanging processes are terminated after a specified time period. It could be that attempting to run the program before all of its processes have timed out results in the menu-loading error. When I wait a few minutes between shutting down avast! and running it again I have not had the problem.
[Update 8/7/08: The avast! shutdown problem seems to be solved. I can now run avast! repeatedly in the same Windows session without problems. See details in the update at the end of this post.]
No Script Blocking in Firefox
The customization screen for script blocking has check boxes for three browsers: Internet Explorer, Netscape Navigator, and Mozilla. The browser I use most often is Mozilla. I also use Firefox and Internet Explorer. The avast! script scanner has a splash screen that appears when I start Mozilla or Internet Explorer, but not when I start Firefox. Script blocking is offered only in avast!'s professional version.
Mail Scanner Repeatedly Registers Itself to Run at Startup
I use a small free utility program called Startup Monitor that displays a pop-up window whenever a program tries to register itself to run at computer startup. I like to control which programs run at startup and Startup Monitor gives me that control. It probably pops up less than once a month. Startup Monitor lets me allow or deny a program's request to run at startup.
Avast!'s mail-scanning program is ashmaisv.exe. The first time that program tried to register itself to run at startup I gave my permission and the program was added to the computer's startup process. That should have been the end of it, however, the program keeps trying to set itself to run at startup. I have had avast! installed for less than two days and ashmaisv.exe has tried to add itself to the startup list at least nine times.
This startup-requesting behavior is the most bothersome problem I've found in avast! thus far. When a program tries to add itself to the startup process I want to pay attention, examine it, and make the right decision. I can't afford to let a trustworthy program desensitize me to the startup alerts by unnecessarily popping up several times a day. I need to find a solution to this problem. I may research it on the avast! site, ask a question in the forum, or write to technical support. I hope the program's behavior is due to an answer I gave to the email-configuration wizard. I checked a box saying I want avast! to scan the mail of any new mail account I set up. If I'm very lucky the fact that avast! must periodically check for new mail accounts is causing this repeated startup registration, and I can change a "1" to a "0" on some line in the avast4.ini file to make it stop. I know, that's wishful thinking.
[Update 5/20/08: This problem appears to be solved. It looks like the only change needed was to change one line in the MailScanner section of the avast4.ini file to say "AutoSetProtection=0". I think that stops ashMaiSv from repeatedly adding itself to startup, but it also means the mail in future mail accounts will not be scanned.
Details for technical folks: I described the problem in the avast! forum and asked if there was a setting I could change in the avast4.ini file to fix it. When I checked the forum a few hours later a member of the Alwil team had answered, saying the behavior I described was caused by the option to protect future accounts and that I could run the wizard again from the start menu and leave that option unchecked. Although I was delighted to get that information, I had hoped someone would tell me which line to change in the avst4.ini file, because running the wizard would likely break my email and POPFile setup again as it had the first time.
Since everything seemed to be working correctly, my plan was to run the wizard again with no intention of keeping its results, but rather to see what setting in avast4.ini it changed to prevent ashMaiSv from adding itself to startup.
I backed up eudora.ini, avast4.ini, and the entire avast data folder (in case the wizard changed multiple files). I booted the computer into safe mode so avast! would not be running. I ran avast!'s Mail Protection Wizard from the Windows Start menu. I left the option to protect future accounts unchecked. The wizard gave me several error messages naming each mail and news protocol, saying that my mail and news would not be protected. Here's one of the errors,
avast!: Mail Scanner Warning
avast! will not be able to protect incoming mail (POP3 protocol)
Error: 10047
I suspected the errors were due to the changes I had made in Eudora so that POPFile would work with avast!. I assumed the errors were wrong, although I planned to verify that mail was being scanned later.
I compared the before and after eudora.ini files, using ExamDiff. Eudora.ini had not been changed. I compared the avast! data folder from before and after running the wizard, using WMatch. Two files had changed -- 400.vps and avast4.ini. I tried to view the 400.vps file and discovered it's a binary file so my viewer didn't work. I opened the file using the hex editor HxD. The text in the first few lines indicate that 400.vps is a virus definition file, thus not relevant to my wizard run. Two lines were different in avast4.ini. The line "AutoSetProtection=1" was changed to "AutoSetProtection=0" and a new line was added related to the NNTP news protocol (which I don't use). I deleted the new avast4.ini and edited the previous avast4.ini, changing "AutoSetProtection=1" to "AutoSetProtection=0".
I rebooted and tested email scanning as follows. I right clicked the avast! tray icon and selected "On-Access Protection Control". I selected the provider "Internet Mail". I clicked the customize button. On the POP and SMTP tabs I checked "Insert note into clean message". Then I clicked OK twice. I opened Eudora and sent a test message to each of my mail accounts. I received the messages and checked to make sure they each had avast!'s notes at the bottom, both the note saying saying the message being sent was clean and the note saying the received message was clean. Each mail had the proper notes verifying that avast! had scanned both outgoing and incoming mails. Finally, I went back to On-Access Protection Control and unchecked the boxes for adding the notes.]
The fact that I describe problems in this post does not mean I dislike avast! antivirus. Every antivirus program has problems. I had problems when I used McAfee, Norton, Bit Defender, and AVG. Problems are a certainty. The question is whether the problems outweigh the usefulness of the program. So far the avast! problems I've noticed are irritations rather than reasons for me to reject the product. Avast antivirus may be the best antivirus program that still works with Windows 98.
I'm fairly happy with avast! antivirus professional after using it for two days. I think it's protecting my computer with minimal impact on the system. If I find more problems worth mentioning, or solutions to problems I have described, I will update this post. If anyone knows how I can isolate which mails in my Eudora mbx files contain "Win32:Beagle-gen@mail" or "VBS:Kak-A [Wrm]" please let me know in a comment. Thanks.
[Update August 7, 2008: I have used avast! antivirus for almost three months. I bought the professional version in July before my trial period expired. I had hoped I would see how avast! handles a virus in an incoming email before I bought it, but I never received a virus by email. My fear is that avast! may demand that the entire in-box file be moved, deleted, or repaired, rather than simply handling the email containing the virus. I still don't know what will happen if I receive a batch of emails and one email contains a virus.
One aggravation with avast! is that about once a day my computer becomes unresponsive while avast! updates itself in the background. The mouse stops working and keystrokes no longer appear. At first I thought the computer was frozen and would have to be rebooted. Now I know to wait. After several seconds avast!'s blue notification slides up on the lower right, telling me the virus database has been updated.
A few days ago I discovered I could no longer run avast! manually. When I double-clicked the icon the splash screen would appear, the memory scan would not start, and I would get the error message: "The process cannot access the file because Program cannot set property into main Storage". Rebooting did not solve the problem. I reloaded my C: drive from a backup created a week earlier, but avast! gave the same error. I sought help on the avast! forum. The recommendation I got was to uninstall avast!, download the newest version, and reinstall it. By using a task manager I was able to make the avast! splash screen terminate. After the splash screen disappeared, a partially-functioning simple user interface came up. The settings menu appeared to work. I turned off the optional memory scan on startup. After that avast! would run without crashing on startup. There still seemed to be problems though, so I decided to uninstall it and install the latest version from scratch. I suspect the program update named Jul2008 had not worked properly and was the cause of my problems.
I uninstalled avast! using both Add/Remove Programs in Control Panel and the avast! uninstall utility.
I then downloaded and installed the newest version. As I was testing the program I noticed the avast! icon in the tray had a red crossbar on it. The on-access protection was disabled. I could not enable the on-access protection, through the icon's menu or through the simple user interface's settings menu. Rebooting did not solve the problem.
I started over. I uninstalled avast! again and installed the newest version. This time everything seemed to work perfectly. The on-access scanning works. The email scanning works (with no changes on my part). Avast! runs on demand and shuts down cleanly. I no longer have the problem of only being able to run avast! once per Windows session. It looks like either Alwil fixed the shutdown problem or my initial avast! installation was flawed. Either way it seems to work fine now.]
Jon Maloney
---------
My software info:
Windows 98 SE (build 4.10.2222)
POPFile v0.22.2
Eudora 4.3.2
Mozilla 1.7.12
Firefox 2.0.0.14
Internet Explorer 6.0.2800.1106
Startup Monitor