NOD32 & OUTLOOK - A USERS GUIDE

[bubs]

What follows is a copy of a post I made a few months ago when this forum was hosted elsewhere - I hope it may be of use to somebody who like me uses Outlook.

If you use Outlook as your email client - whatever its email shortcomings, it is a fair personal info manager - you can configure NOD32 so that it will quarantine any inbound emails which are infected, or have infected attachments. This is different to the POP3 scanner.

1. NOD32 Config.
You can only do this when you install - so re-installation may be required.

After you've unzipped the NOD installation files, and run setup, you get a series of dialogue screens. Screen 3 has two parts: NOD mail scanner for MAPI, and NOD mail scanner for POP3.

Tick BOTH boxes - you will now have 'resident protection for emails' (MAPI clients) as well as the POP3 scanner. If you run a second email client for another account, you will still need POP3 protection.

Complete the installation as normal.

2. Outlook Config

Outlook (I use 2k version) must be in 'corporate / workgroup' mode for this to work - i.e operating as a MAPI client as well as a POP3 client. If you've got Outlook 2000, you can change from 'Internet Only' 'on the fly', 'tho you may need to insert your installation CD to complete the process. With Outlook 98 you'll have to do a full re-install.

In Outlook 2000 'internet only', go to Tools /Options / Reconfigure Mail Support. Change to 'Corporate or Workgroup', then follow the instructions. With Outlook XP I believe there is ONLY a 'Corporate or Workgroup' mode. (Can sbdy confirm this?)

Once you've re-started Outlook, go to Tools / Services / Add. Click on NOD Mail Scanner. Accept, close Outlook. When you've re-opened, you can try sending yourself the Eicar virus as a test. You will find that when you receive it, you will get a Virus warning in your inbox. The footer will read:

__________ Warning from NOD32 1.270 (20020617) __________

Attention, NOD32 for Exchange has found the following infiltrations in the message:
attachment eicar.com contains Eicar test file (has been removed)
The message with all attachments which contain infiltrations has been copied to "Infected messages" folder
__________________________________________________

An 'Infected messages' folder is created, and a copy of the msg, complete with attachment, is parked there.

All your inbound Outlook messages will now have a footer along the lines of

__________ Information from NOD32 1.270 (20020617) __________

This message was checked by NOD32 for Exchange e-mail monitor.
http://www.nod32.com
____________________________________________________

IMHO this is a much better feature than the POP3 scanner, as your infected messages are effectively quarantined. The virus warning will tell you the message originator, and you can delete the entire 'infected messages folder without ever having to 'touch' the message. Useful for butterfingers like me!

As to why the NOD32 footer says 'for Exchange' - my guess would be that the majority of users of this feature will be in a corporate environment, and ESET want to market their MS Exchange Server plug-in.

Comments from the gurus most welcome!

[root]

Good post Bubs.
Hope you've been well.

[bubs]

Thanks Root - fine

[JVasek]

Thanks for the info Bubs - I don't think this works in Outlook 2002 XP - the option you suggest is not available except maybe on a new outlook install.

You can try to configure a new e-mail account to connect to an exchange server, but you get problems with not actually having an exchange server on the system.

Maybe someone can suggest a workaround as it would be really useful to quarantine infected e-mails to a separate folder automatically rather than just intercepting and getting notification using the POP3 scanner.

Jan V