i test IMON by downloading eicar test file from nod32sse.com (i use IDM integration with firefox 2) and imon let it downloaded ??!! when i check nod32 log it said that virus detected and connection terminated. ??? ive set idm to higher efficiency. imon work well if i dont use idm.

Just tried the Eicar download from nod32sse and using FireFox 2.0 the file downloaded without any interaction from Nod32 2.7.23. Has FF changed in some way IE7 the d/l gets terminated but not in FF. Anyone else confirm or is it just my settings ?

it seems that idm cause it. i change with another download manager and work fine now.

{QUOTE-> it seems that idm cause it. i change with another download manager and work fine now. <-QUOTE}

I'm just using standard FF 2 with download manager tweak and no matter what settings I use it still gets past Nod32 ???

I am running FF 2.0.0.1 with NOD32 2.70.23. I tested the Eicar file and NOD32 caught it and reported file in Threat Log. What download manager tweak are you using?

I'm using 2.0.0.1 too and this extension (http://dmextension.mozdev.org/).

Cheers

I installed the extension and restarted FF. NOD32 still had no problem with the Eicar virus.

{QUOTE-> I installed the extension and restarted FF. NOD32 still had no problem with the Eicar virus. <-QUOTE}

I've double checked my settings and uninstalled the extension, NOD still lets me download the eicar test file. :o and nothing in the threat log :(

have you set your client compatibility setting in NOD32 http scanner(IMON) ? set to high efficiency

{QUOTE-> have you set your client compatibility setting in NOD32 http scanner(IMON) ? set to high efficiency <-QUOTE}

Tried that made no difference. :wacko: Also tried running FF in safe mode with all extensions disabled and re-installing both FF and Nod32 and it still bypasses nod32 and lets me download. I tried the test files from eicar.com and they were blocked - all of them, just not the test file on nod32sse.com. IE7 blocks ok just FF that doesn't.

This is what I get using higher compatibility settings in NOD using Firefox.

{QUOTE-> This is what I get using higher compatibility settings in NOD using Firefox. <-QUOTE}

Hi Ron thats what I get on the eircar site but the test file on nod32sse.com totally bypasses Nod32, I'm worried that someone will exploit this weakness.

Banger696,

Thanks for the link. I still get a warning using typical settings in NOD on the Eicar file at the nod32sse.com site using Firefox. It does state it is downloading a harmless file. Not sure where it went but I can't find it. (I did terminate the download) And, because NOD knows this file is "malware", it will go nowhere.

{QUOTE-> Banger696,

Thanks for the link. I still get a warning using typical settings in NOD on the Eicar file at the nod32sse.com site using Firefox. It does state it is downloading a harmless file. Not sure where it went but I can't find it. (I did terminate the download) And, because NOD knows this file is "malware", it will go nowhere. <-QUOTE}

Hi RonJor I don't get that warning with the nod32 site for some reason despite re-installing Nod32 using BS settings and Firefox 2. I used to get that warning before I updated to FF 2 but now I don't. I have no option to terminate the download but with IE7 I get the warning Dialog. :gack:

Not sure what's going on Banger696. You could try Firefox in the (Firefox) safe mode located on your start menu and see if that makes a difference. That would eliminate any extension interference.
Barring that, you could try using the default settings in NOD.

{QUOTE-> Not sure what's going on Banger696. You could try Firefox in the (Firefox) safe mode located on your start menu and see if that makes a difference. That would eliminate any extension interference.
Barring that, you could try using the default settings in NOD. <-QUOTE}

I think you have fixed it Ron. Safe mode in FF didn't help but resetting Imon to the default settings seems to have fixed it.

I still don't get the warning dialog but Imon seems to clean the Zip file of the infection and quarantine it now and download the empty multiple zip files. Imon says infections detected 1 and cleaned 1 thats good enough for me cheers Ron. :)

Edit: I spoke to soon. It's not repeatable it still downloads the zip file with eicar.com in tact. I think the cleaned file was from the eicar.com site that I tested before. I'm really stuck now - help!

A couple of things:

Is Port 80 included in the IMON->Setup->HTTP protocol?
Did you try FF with the default theme?
What other extensions do you have installed?

{QUOTE-> A couple of things:

Is Port 80 included in the IMON->Setup->HTTP protocol?
Did you try FF with the default theme?
What other extensions do you have installed? <-QUOTE}

Yes port 80 is included and I tried in FF safe mode with all extensions and themes disabled - still the same behaviour. Any more ideas ?

You sure IMON is set to scan archives?

{QUOTE-> Banger696,

Not sure where it went but I can't find it. (I did terminate the download) And, because NOD knows this file is "malware", it will go nowhere. <-QUOTE}

Works fine with Opera, but what do you mean by 'Not sure where it went but I can't find it.' Surely when the download is terminated, as you did, that's it, no download of the malicious file(s). ???

{QUOTE-> that's it, no download of the malicious file <-QUOTE} That's correct Ocky. Nothing was downloaded.

Thanks ronjor, and Merry Christmas.

{QUOTE-> You sure IMON is set to scan archives? <-QUOTE}

Yes, like I say if I download the file in IE7 Nod32 blocks it with a warning window offering me the option to terminate it. This is what I get with IE7. FF just happily downloads the file.

Hmm.. Try these
1. http://dl.nod32sse.com/eicar.rar
2. http://dl.nod32sse.com/eicar.zip
3. http://dl.nod32sse.com/eicar.com

{QUOTE-> Hmm.. Try these http://dl.nod32sse.com/eicar.rar, http://dl.nod32sse.com/eicar.zip & http://dl.nod32sse.com/eicar.com <-QUOTE}

All of those were blocked by Nod32 which popped up the red warning dialog in Firefox. Could it be how firefox gets the file ?

Ok try this: http://dl.nod32sse.com/10.zip

{QUOTE-> Ok try this: http://dl.nod32sse.com/10.zip <-QUOTE}

That was blocked with a red warning window and terminated.

Hmm... But you can download it if you click the "AV test file" link?
This is very strange. Did you try to empty the cache too?

{QUOTE-> Hmm... But you can download it if you click the "AV test file" link?
This is very strange. Did you try to empty the cache too? <-QUOTE}

Guess what clearing the cache fixed it ! Not sure why but I feel safer now !

Nice :)

{QUOTE-> Nice :) <-QUOTE}

Many thanks for your help with this Brian and Happy Holidays. ;D