After using NOD32 for almost a year without problems, I upgraded yesterday to v2. Installation went smoothly, I rebooted, and the new splash screen came up. I went into the console and scheduled nightly signature-file update and checked the IMON settings. So far so good.

But then I could not open one of my mailboxes in Eudora 5.2 (paid version without ads). The mailbox had a lot of messages in it, BTW. Others mailboxes I could open, but the messages displayed as HTML not as rendered text. After uninstalling NOD32, these problems went away, yet when I reinstalled NOD32 v2 last night these problems did NOT reappear. Mysterious.

HOWEVER, I can send myself the EICAR.COM test file (downloaded from ESET yesterday before I upgraded, with AMON v1 turned off) and NOD32 blithely lets it in! :o

And I can copy the EICAR.COM test file from a network share onto my hard drive, and NOD32 lets it in. Yet if I try to download the test file from the Eset website, NOD32 flashes a big red warning message. I don't understand this behavior.

I am not using Eudora but may I give you some things to check.

Is eudora downloading from port 110 ?
Is Imon configured on port 110 ?
Did you try to do a repair network configuration in IMON -> Setup ?

Hope it will help you


Sisko

Hi timo,

>HOWEVER, I can send myself the EICAR.COM test file (downloaded from ESET yesterday before I upgraded, with AMON v1 turned off) and NOD32 blithely lets it in!

If you have used v1 - just AMON is blocking the incoming malware - so it would be normal when disabled. In v2 IMON is doing this job (for e-mail) too.

>And I can copy the EICAR.COM test file from a network share onto my hard drive, and NOD32 lets it in.

AMON catches the EICAR.COM when trying to copy it from a network share on my side. I hope you have the correct AMON settings - at least the "Network" scanning checked.

Rgds.,

jan

Thanks for the help.

IMON is on 110, as is Eudora. AMON is checking Diskette, Local, and Network on open, execute, create, and name.

Under v1, AMON would catch malware attachments as Eudora attempted to write them to her attachments directory; I would expect no less from v2, even if IMON were configured incorrectly, which it does not seem to be.

I did tell IMON to repair the network, then I rebooted, before testing with EICAR. As far as v2 is concerned EICAR is a welcome guest, except when I try to download it directly from the Eset site.

Timo

Here's a picture of the NOD32 console.

And here's a screencap of an email in Eudora that contained EICAR.COM as an attachment. It is called EICAR2.COM because Eudora adds a numeric suffix to the attachment if an attachment of the same name already exists. As you can see, IMON scanned the incoming email.

Hi timo,

we need to give it a check - I sent you a PM.

Thx., :)

jan

Since NOD32 was able to detect the EICAR.COM file when I attempted to download it, but not when I tried to email it to myself, I had the bright idea ::) that perhaps my local EICAR file itself had become corrupted and was not being recognized.

So, I went to a different PC where NOD is not installed and downloaded EICAR to it and then sent it to myself via webmail. This time IMON caught it!

Hi,

> I had the bright idea that perhaps my local EICAR file itself had become corrupted and was not being recognized.

This is possible - we had such cases. Hope it's OK now.

Thks., :)

jan