Hello!

NOD (IMon) is running on my server and it seems that every mail I get is checked twice. It looks like:


__________ NOD32 1.502 (20030905) Notification __________

Warning: NOD32 Antivirus System found the following infiltrations in the message:
q413720.exe - Win32/Gibe.B worm - renamed to q413720.vxe

http://www.nod32.com

__________ NOD32 1.502 (20030905) Notification __________

Warning: NOD32 Antivirus System found the following infiltrations in the message:
q413720.vxe - Win32/Gibe.B worm - renamed to q413720.vxe

http://www.nod32.com


Note that in the second part the attachment was already renamed to .vxe and IMon renamed it again :)

I assume the problem is the Spam filtering mailproxy (SpamPal) which is accessed by the mailserver thru localhost/port 110. IMon is configured to monitor port 110.

Is there something I can do or do I have to live with it?

Tnx, tBB

No it isn't - there are only two notices... After scan is message clean so any other scan can't found anything else...

I wrote this as "wish-to-fix-or-add-feature"

http://www.wilderssecurity.com/showthread.php?t=12710;start=msg81524#msg81524

Well, after the scan the message isn't actually "clean" because IMon just renames the attachment to .vxe. As far as I know, IMon doesn't identify files by their extension but by their header so from that point it would be ok that the renamed .vxe was checked again.

As you can see, IMon renamed the Attachment to .vxe in the first run, then scanned the already renamed .VXE (and renamed it again to .VXE) I assume, IMon checks the file the first time when my Mailserver accesses the local Mailproxy at port 110 and the second time, when the local Mailproxy fetches my mail from the Pop-Server, also at 110.

After a bit of research it seems that this problem is very common on machines with IMon and local Mailproxys installed (like SpamPal, SpamAssassin, PopFile and so on)

-tBB

I have simple rule in IMON - if you found virus - just delete it. Why it leave in message?

And I get most of Sobig.F mails with two notify texts...

I have no clue but I thought the NOD developers were reading this Forum. Obviously I was wrong :(

-tBB

-{ Quote: " quoting: tBB link=board=39;threadid=13541;start=0#msg86619 date=1063206942]
I have no clue but I thought the NOD developers were reading this Forum. Obviously I was wrong :(

-tBB
" }-

Wrong conclusion, tBB ;)

regards.

paul

Oh, the chief himself :)

Could you please tell me the right conclusion then? Is

1) the whole NOD team on vacation?
2) the NOD team just too busy?
3) my question just to stupid?
4) nobody in the NOD team who has an answer?
5) All of the above

Tnx & bye

-tBB

-{ Quote: " quoting: tBB link=board=39;threadid=13541;start=0#msg86823 date=1063269001]
Oh, the chief himself :)" }-

Nice meeting you ;)

-{ Quote: "Could you please tell me the right conclusion then?" }-

I'll give it a try ;)

-{ Quote: "Is

1) the whole NOD team on vacation?" }-

No.

-{ Quote: "2) the NOD team just too busy?" }-

As usual, the Eset/NOD32 team indeed is very busy - but not too busy.

-{ Quote: "3) my question just to stupid?" }-

If I'm not mistaken, I've reacted to your presumption - not to questions asked in regard to the software. Since I never gave the impression you are stupid in any way; where does this question come from?

-{ Quote: "4) nobody in the NOD team who has an answer?" }-

If you would bother to read threads over on this forum as well as the other NOD32 forums over here, you'll notice several Eset techs answering to many questions.

-{ Quote: "5) All of the above" }-

Grin..Nice try tBB. Unfortunately, trolling doesn't work that well over here.

-{ Quote: "Tnx" }-

You're most welcome.

regards.

paul

-{ Quote: "
If you would bother to read threads over on this forum as well as the other NOD32 forums over here, you'll notice several Eset techs answering to many questions.
" }-

Why should I read threads not related to my problem? Also I was referring to my question. I've never said that Eset techs wouldn't answer questions at all.

-{ Quote: "
Grin..Nice try tBB. Unfortunately, trolling doesn't work that well over here.
" }-

Sorry? It was not meant as "trolling" nor to insult someone and I don't think it sounded alike. Have you tried caffeineless coffee yet? ::)

Anyway, as I'm a registered user I'll try the official supportform at the Eset page now.

Thanks, tBB

tBB,

-{ Quote: "Why should I read threads not related to my problem? Also I was referring to my question. I've never said that Eset techs wouldn't answer questions at all." }-

Here's a quote from your statement:

-{ Quote: "I have no clue but I though the NOD developppers were reading this Forum. Obviously I was wrong" }-

In case they don't read the Forum(s), the wouldn't be able to answer questions, could they?

-{ Quote: "Sorry? It was not meant as "trolling" nor to insult someone and I don't think it sounded alike." }-

These questions at least are highly suggestive and do come close:

-{ Quote: "Is

1) the whole NOD team on vacation?
2) the NOD team just too busy?
3) my question just to stupid?
4) nobody in the NOD team who has an answer?
5) All of the above" }-

There's nothing wrong in wanting answers to questions: that's what these Official NOD32 forums are all about. They way you've worded some statements (see the last one) has quite a negative tone at the least. I for one fail to see the reason for such posts.

-{ Quote: "Anyway, as I'm a registered user I'll try the official supportform at the Eset page now." }-

That's your perogative no doubt ;). I do hope you'll receive an answer that satisfies you soon!

regards.

paul