From the forum I have understud that there is no necessary need AMON to have an unpacker. B U T I've recorded a CD with Nero Express. The objects were EICAR test files, in different form, with un/know extensions plus packed files. NOD spring and warn me about unpacked files while of burning. Packed files were recorded without any warning... :(
So, thing again what could happens with an user without any AV installed (and, of course, you know there are many without a elementary PC higiene who could be a pottentially infection sources), which copy these files in his (above described) computer...:(
I don't suggest anything. I tell you what I need:AMON to remain the same light fighter and automatically activate a option for scanning packed files only in the moments of operations as: right click on the mouse, copy, cut, using transfer within recording (on any kind of external or fixed support), attaching e-mails.

So, let me know how could I be covered in this area?

{QUOTE-> quoting: Emil link=board=39;threadid=27154;start=0#msg156385 date=1081237643]
So, let me know how could I be covered in this area?
<-QUOTE}
To state it one more time again: you are protected by AMON. Packed infected file is pretty harmless until extracted. and in this moment AMON will intercept it. There is for a good reason no need to scan packed files with AMON.


And Eicar file is no virus, just for safe testing of your antivirus.

I know what is EICAR. Because is the almost known "virus", I've decided to do these test with it.

But your answer is no longer complete. Please let me know what will happens with the really infected archives:
1. opened from the recorded CD by a "newby", like me??? (BUT without AV protection). Could be that PC infected? Yes/No...
2. received as attachment (on a PC with an AV without POP3 scanning or simply without AV). Could be that PC infected? Yes/No...
3. ...and keep in mind that the station where these infected archives are from, is M Y NOD32 PROTECTED PC!!

4. So, is not a sadly thing that NOD, which have this wonderful AH engine, to don't use it? and I said, automatically activation of this engine (which I've understud is separately by main engine), on some certain situations...

{QUOTE-> quoting: Emil link=board=39;threadid=27154;start=0#msg156426 date=1081248907]
But your answer is no longer complete. Please let me know what will happens with the really infected archives:

1. opened from the recorded CD by a "newby", like me??? (BUT without AV protection). Could be that PC infected? Yes/No... <-QUOTE}

As soon as the archive are actived without AV protection: yes.

{QUOTE-> 2. received as attachment (on a PC with an AV without POP3 scanning or simply without AV). Could be that PC infected? Yes/No... <-QUOTE}

Same answer as mentioned above ;)

{QUOTE-> 3. ...and keep in mind that the station where these infected archives are from, is M Y NOD32 PROTECTED PC!! <-QUOTE}

You can enable archive-scanning in the On Demand Scanner*, perform a full system scan. Infected archives will be recognized and if instructed, deleted. Bear in mind you'll loose the complete archive when doing so. Going for a 'scan' instead of a 'clean' full system scan will point you to possible infected archives.

{QUOTE-> 4. So, is not a sadly thing that NOD, which have this wonderful AH engine, to don't use it? and I said, automatically activation of this engine (which I've understud is separately by main engine), on some certain situations... <-QUOTE}

You can apply Paolo Monti's Advanced Heuristics (see the sticky post above ;)

edit - *: typo; AMON replaced by On Deman Scanner

regards.

paul

OK
Thanks, Paul!

I know that I could replace AMON with NOD in certain situation but let me know: it is normal? It seems as a lame good fighter...
After I'll burn the CD I have to do a ''little" scan. OR, before to burn something, I have to create a folder special for my compilation, so I could scan it first. Waste of time.
Paul, here is not as in developed country, where everybody could transfer entire Mo's through network (so, IMON is wonderful-but outgoing email are not scanned by AMON). We'll make, for a long time, CD copies of our work (and who have a CD burner is happy...).

I think that my particullary need is not so... particullar, especially in East countries.

EVERYTHING I WOULD LIKE TO KNOW IS: THERE, i.e. ESET, IS ANY INTENTION TO MAKE SOME ESSENTIALLY CHANGES IN AMON, I MEAN AUTOMATICALLY SWITCH TO AH OR INTEGRATED UNPACKER WHEN RIGHT CLICK, COPY, CUT, MOVE, ATTACH/OUTGOING, BURN CD OF ARCHIVES?? YES/NO/OTHERS-LET ME KNOW

Thanks a lot!

Emil

{QUOTE-> IS ANY INTENTION TO MAKE SOME ESSENTIALLY CHANGES IN AMON <-QUOTE}

As far as I know, yes. I have no clue as to when that will be implemented though.. Probably not within the next couple of months.

Best regards,
Anders

Ok Anders.

Your answer put me in waiting. I've taken the "pulse" of some server administrators. They have no experience with NOD on the companies servers, because the owners bought AV's by x or y amateur advices, before they (admins) to be employed there. BUT particullary they like NOD32 and they agree the professional problem described above. Fixing this problem, you would have a real succes in Romania. Even myself, in the moment in which I am conviced, I'll begin a passional advertiser ;)

Thanks a lot for any second lost with me (hopfully will have fruits).

As soon as possible I'll open another thread about NOD32's scheduling tasks that could not be manually stopped.

Emil