NOD32 is still no.1?

fatpizzaman · #1 April 13th, 2002, 02:13 AM

So, is NOD32 still the no.1 antivirus scanner?

Paul Wilders · #2 April 13th, 2002, 06:39 AM

Quote:

So, is NOD32 still the no.1 antivirus scanner?

Hi fatpizzaman,

Any reason for asking?

regards.

paul

spy1 · #3 April 13th, 2002, 11:14 AM

Probably because of this:

https://grc.com/x/news.exe?cmd=artic...em=46895&utag= .

Let's face it, it's not the smartest way in the world for them to be handling POP3 scanning. Pete

Technodrome · #4 April 13th, 2002, 11:30 AM

I never even considered NOD32 Antivirus to be No.1. It's a good utility but certainly it's not no.1

Technodrome

spy1 · #5 April 13th, 2002, 11:53 AM

In the meantime, I've sent an email to support@nod32.com , requesting the new pop3scan.exe with instructions on how to replace the old one.

I'll be sure to let everyone know how it goes and how long it takes to get a response. Pete

MickeyTheMan · #6 April 13th, 2002, 01:06 PM

Funny, i don't have any of these temp files !
Oh yeah that's right, i have learned a long time ago to regularly clean my temp file folder. Besides, i'm using Internet Sweeper !

spy1 · #7 April 13th, 2002, 01:35 PM

Bravo, MTM!

Let's fix third party software with more third-party software! lol!

Everyone already knows they can remove the temp files created, Mick, the point is - why are they getting created to start with?

If it were a M$ glitch, I could understand it - but since NOD's offering a 'fix' , then that wouldn't seem to be the case (it's also supposed to not occur anymore when the 'environment' update occurs).

But thank you for that valuable input! Pete

TonyKlein · #8 April 13th, 2002, 01:46 PM

Guys,

Not 10 minutes ago Nod32's Pop3 scanner detected Hybris in an email attachment.

I ran Nod32>clean, but the file wasn't found.

I then saved the file somewhere, and subsequently was alerted by Amon that it was infected. *I clicked 'delete', afterwards I ran Nod32, and no infection was detected.

Fine, you would say.

I then ran NAV, which however alerted me to the fact that C:\Windows\Temp\Nod328335.TMP (or something like that) *was still infected.

So what's the deal?

Once the infected temp file's created, am I still at risk because of it?

Do I need to clean out my Temp directory after a virus has been removed by Nod32, or it will still be active??

Do I need to run 2 virusscanners all the time??

TonyKlein · #9 April 13th, 2002, 01:51 PM

OK, *I answered one question myself: *I added *.tmp to the extensions to be scanned by Nod32 and Amon.

One wonders why this extension isn't included by default, given this program's apparent idiosyncrasies.

[edit] I just answered my first stOOOpid question as well:

As the infected attachment has been renamed to *.tmp, it's no problem anymore, I guess.

I will now emigrate to Tierra del Fuego, and change my name... :-/

[/edit]

Is NAV overdoing it when it still identifies the file as being infected after it has been 'converted' to a temp file?

spy1 · #10 April 13th, 2002, 02:01 PM

Hi, Tony!

I hear what you're saying, but having selectable scanning of extensions serves a good purpose for those who don't want all extensions scanned (although I really can't imagine why everyone wouldn't want all extensions scanned - if I'm going to scan, I'm going to
scan! ). Pete

TonyKlein · #11 April 13th, 2002, 02:04 PM

I understand, but what I'm wondering is why NAV identifies the temp file created by NOD32's pop scanner as infected after the file has been deleted by AMON.

I'm puzzled.

spy1 · #12 April 13th, 2002, 02:12 PM

Even though the code's in text in the temp file (or at least I think it is - I don't have one to play with here) , NAV is probably still picking up on its' presence.

Tried checking Symantecs' KnowledgeBase? Pete

TonyKlein · #13 April 13th, 2002, 02:27 PM

Not yet, Pete.

It would be nice if Eset would be able to come up with a new POP3 scanner that doesn't create the files in the first place, though.

MickeyTheMan · #14 April 13th, 2002, 04:16 PM

Are The nod temp files annoying ? *Definitely !
Do they pose a security risk ? No !
ESET has acknowledged that the problem exist, but not a vital one to warrant issuing a new version in a rush. *They said the fix *will be included in the upcoming version.
As for Nav, this is to be considered a false positive the same as code red was in Spyblocker's log file.
Should the temp file be emptied ? *Yes, regularly, regardless of Nod !

TonyKlein · #15 April 13th, 2002, 06:06 PM

Hi Mickey,

Thanks!

I do clean my temps out on a daily basis.
I have a convenient little batch file for that, which I access via a desktop shortcut.

However, the fact that NAV alerted me to this so called infected file, *after Nod32 zapped it was a little disconcerting to me.

However, you have managed to reassure me now. *

root · #16 April 13th, 2002, 10:39 PM

Hi Tony, I'm not a big Norton fan by any stretch of the imagination, but in this case I would say it's a good call by Norton.
AV's look for signatures. When NOD renamed the extension, it did not change the Code in the file. Norton, for some reason is scanning tmp files, so it picked up the code (virus signature) and warned you. I would not call that a false positive.
I have NOD32, and have always considered it a very good AV. I think this little quirk should be fixed soon, but don't think it's panic time.
Always good to have a backup AV and AT to do manual scans with. Nobody catches everything,

TonyKlein · #17 April 14th, 2002, 06:42 AM

I've always used NAV, and I don't really have the strong feelings that many others here appear to feel whenever the word Norton pops up..

I recently switched to NOD32 mainly because of problems with NAV 2002's email scan, and because I do believe NOD32 is among the finest you can get.

I will keep NAV updated, and use it as an on demand scanner.

2 things:

I saw a post at the NOD32 board at Becky's where one Phil was sent the new and improved POP3scan module just by asking for it.He now has no more temp files being created

I wonder why as yet it hasn't been made available to everyone generally.

Second, *As my *NOD32 just caught its first virus I have one question:

When the POP3 module alerts you to the presence of a virus in an attachment, it isn't able to destroy or repair it itself, right?

Does it convert the virus in the extension to a temp file straight away to be detected and destroyed by a NOD32 scan, and does that mean that the attachment is rendered harmless as a result?

This isn't clear, and as you can't just rightclick an attachment and have it scanned, I'm wondering how exactly to go about it.

Paul Wilders · #18 April 14th, 2002, 10:34 PM

Hi Tony,

Quote:

I wonder why as yet it hasn't been made available to everyone generally.

As Mickey has stated, since it does not have first priority (not being a dangerous flaw), Eset is concentrating on the upcoming new build.

Quote:

When the POP3 module alerts you to the presence of a virus in an attachment, it isn't able to destroy or repair it itself, right?

Right.

Quote:

Does it convert the virus in the extension to a temp file straight away to be detected and destroyed by a NOD32 scan, and does that mean that the attachment is rendered harmless as a result?

It does.

regards.

paul

TonyKlein · #19 April 14th, 2002, 10:55 PM

Thank you, Paul!

Nod32 should be so informative... :-/

Thanks a lot for enlightening me on this subject.

Cheers,

Paul Wilders · #20 April 14th, 2002, 11:01 PM

My pleasure, Tony.

In case of matters concerning security software like NOD32 in this case: whenever you encounter a problem, feel free to drop me an email. We do have frequent contact with many software vendors - could speed up things.

regards.

paul

spy1 · #21 April 15th, 2002, 04:43 PM

Got *the 'fix' for the Temp email folders problem - Paul, you want me to send it to you and let you put it up for d/l? Probably won't be too much of a bandwidth drain. Pete

TonyKlein · #22 April 15th, 2002, 05:05 PM

Great, Pete! *

Can I have one, pleaaaase? *

spy1 · #23 April 15th, 2002, 06:53 PM

Tony - You have mail. The copy I sent you is for the English version of Win9x. Instructions follow:

"1. make sure you are using english version of nod32. if not so, please contact us for appropriate language version of the pop3scan.exe file
2. quit pop3 scanner
3. overwrite the old pop3scan.exe with the attached one. it is located where you installed nod32 (typically c:\program files\eset)
4. start pop3 scanner" Enjoy! Pete

spy1 · #24 April 15th, 2002, 07:41 PM

For others who're not sure of the way to go about getting it direct from eSet, do this:

Go to: http://www.nod32.com/support/support.htm

Click on the country in the list that's closest to you or which uses the language of your choice. This will bring you to the 'Technical Support Request' page, which you'll then have to fill out (fill it out and follow all instructions exactly - it's really not that hard).

When you're done, click 'Submit'.

That's it. You'll have it in your email before you know it. Pete

TonyKlein · #25 April 15th, 2002, 07:44 PM

Pete,

Thanks a Mil!

I do have the English version, but I already replaced mine before seeing this post.

I did it slightly differently:
I didn't overwrite the old one, *but closed it down and removed it.
Then put the new one in and rebooted.
It started working right away and didn't even need to be configured.

I owe you one!

Thanks again,

Tony

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search