Hi,

Has anyone been following this thread at the Becky forums?

http://www.morelerbe.com/ubb/ultimatebb.php?ubb=get_topic;f=39;t=000334

Does not sound like a good situation for those of us who use both Becky and NOD32.

I have seen no reply from Eset as of yet.

Logan

Hi,

Not a big issue : as far as a virus is compressed, it cannot be activated. Nod32 would catch it at uncompressing.

AFM I find pointless to scan archived files. Anyway, any AV or AT fails detecting virus/trojans/worms if the compressing rate is strong enough :)

http://smilies.sofrayt.com/1/r/biggrincurtain.gif

My understanding of the situation is that it is a problem for users of those two programs, but NOD32 WILL catch the virus before it's run -- it just might give the false impression of you not having a virus at all before the file is run. In my opinion, though it is a problem, it's not a deadly one...

As far as I know, the upcoming new version will tackle this issue. Indeed it's not a "deadly issue" right now.


JacK,

-{ Quote: "AFM I find pointless to scan archived files. Anyway, any AV or AT fails detecting virus/trojans/worms if the compressing rate is strong enough" }-

DrWeb never missed a strongly compressed virus/worm in archived files ;). But that's just a side note!

regards,

paul

Hey,

Thanks for the info.

Glad to see they will (I hope) be addressing the issue with the upcoming version.

Logan

My pleasure, Logan ;).

regards,

paul

-{ Quote: " quoting: Forum Admin link=board=24;threadid=2112;start=0#15236 date=1025599704]
As far as I know, the upcoming new version will tackle this issue. Indeed it's not a "deadly issue" right now.


JacK,

-{ Quote: "AFM I find pointless to scan archived files. Anyway, any AV or AT fails detecting virus/trojans/worms if the compressing rate is strong enough" }-

DrWeb never missed a strongly compressed virus/worm in archived files ;). But that's just a side note!

regards,

paul


" }-

Hi Paul,

I look for a links with sample (harmless) of different rates of compression and shall post it here :)

Dct Web like the other AV misses on a certain amount of compression

Cheers, ;)

JacK

JacK,

-{ Quote: "I look for a links with sample (harmless) of different rates of compression and shall post it here" }-

Nice!

-{ Quote: "Dct Web like the other AV misses on a certain amount of compression" }-

I will not argue that possibility; in reality, I've never encountered such an example ;)

regards,

paul

As for the Becky's part, here is Carty's response:
"For the security consideration, viruses are never activated when they are MIME encapsulated.
Suppose that if a virus file are decoded on retrieval. Some viruses might be new and virus scanner could not detect them.
IMO, it is far more dangerous because the file is stored in executable form, which means you can execute it from everywhere (including LAN). It is just a click away.
If they are undecoded, you will need a decode tool when you want to execute it outside of Becky!. It will diminish the potential risk of unknown viruses being executed.

Some people may feel unconfortable that undecoded viruses sit in your hard disk. But for that matter, all I can say is that virus scanning is not my job, their job"

-{ Quote: " quoting: Forum Admin link=board=24;threadid=2112;start=0#15254 date=1025610506]


I will not argue that possibility; in reality, I've never encountered such an example ;)

regards,

paul




" }-

Hi Paul ;)

Could take some time : I don't have it anymore and wrote to R.Garcia to have it.

I tried on lots of AV/AT last year just to compare but as I find pointless scanning the archives as the malwares in those are harmless (and I have a lot of archived virus too:))

As soon I get it, I forward the link.

CU ;)

JacK

JacK,

-{ Quote: "Could take some time : I don't have it anymore and wrote to R.Garcia to have it." }-

No prob; patience is a virtue ;)

-{ Quote: "I tried on lots of AV/AT last year just to compare but as I find pointless scanning the archives as the malwares in those are harmless" }-

In essence: agreed. On the other hand: quite some email clients do create separate databases (if only for importing possibilities) in archived form. Thus, even after deleting an infected file, it could easily be around in the archived database(s). Personally, I'm not fond of that idea.

-{ Quote: "(and I have a lot of archived virus too:))" }-

grin..I know your have 8)

-{ Quote: "As soon I get it, I forward the link." }-

Thanks in advance!

regards,

paul

-{ Quote: " quoting: Forum Admin link=board=24;threadid=2112;start=0#15262 date=1025616700]
JacK,

-{ Quote: "Could take some time : I don't have it anymore and wrote to R.Garcia to have it." }-

No prob; patience is a virtue ;)


paul

" }-

Hi Paul ;)

Here for your patience : http://www.attac.net/

So sorry : in French : Testez votre anti-virus

Enjoy ;)

http://www.les-smileys.inforum-city.com/diables/blueScreen_D.gif

JacK