Nod32 Xmon not picking up any viruses?

[ethos]

Hi guys,

We run exchange 2003 and surfcontrol with Nod32 xmon for virus protection.

Lately the viruses have been getting through to the workstation and the "infected" count in nod32 xmon is "0".

Surfcontroler uses port 25 and exchange is not on 26, although this shouldn't cause a problem.

Any ideas? It seems to of happened since the server rebooted itself a few weeks ago

Thanks

[ethos]

Because surfcontrol is on port 25.... and then forwards onto port 26 (exchange)... should I have "Scan transported messages" ticked?

It isn't at present.

[jasonblake7]

test a mail from outlook to yourself containing the eicar test virus as an attachment. See what happens. Make sure you disable any local anti virus software on the PC b4 adding the attachment.

http://www.eicar.org/anti_virus_test_file.htm

[ethos]

Thanks mate, i'll give this a go tomorrow

[mickhardy]

Quote:

Originally Posted by ethos

Thanks mate, i'll give this a go tomorrow

Thanks from me as well. I'd forgotten to test everything after configuring our email archiving software. Everything is working fine.

[ethos]

Good test, disabled AV on my machine. Set a test email with one of the .zip files from that website via outlook (internal) and outlook at home (external).

Both delivered fine to my outlook inbox

When I turned my AV back on it picked them up straight away. Good test that, hadn't thought to do it.

So yea, nod32 on the exchange server (xmon) ain't doing much! Any ideas?

[ethos]

Any ideas chaps? Has confused me

[mickhardy]

Quote:

Originally Posted by ethos

Any ideas chaps? Has confused me

I'd love to be able to help but I honestly have no idea. Sorry. I've never had an issue with XMON. It catches a lot of viruses.

I had one email recently where the Outlook engine caught it and I was surprised XMON missed it but there was a good explanation. I recently turned off background scanning so the store isn't rescanned when new virus definitions arrive. The virus was so new, it was delivered before it was in the definitions but opened by the user after it was in the definitions. Two hours earlier and my user would have been infected. A little bit of user training was the outcome. Why do people insist on opening anything that arrives in their inbox?

[ethos]

Thanks for the reply, hmm. Might have to ring ESET on this then and hope I don't get the two incompetent technicians I had last time....



Purhaps I will try ticking "potentially dangerous applications" and see if that picks it up.

[mickhardy]

Quote:

Originally Posted by ethos

Purhaps I will try ticking "potentially dangerous applications" and see if that picks it up.

Eicar should be picked up with basic settings.

[jasonblake7]

Have you got NOD32 antivurus software installed on the same server to ? IF so you should not with the nod exchange software as there maybe some conflict.

have you checked to see if you have the nod32 for exchange is showing in the list of installed licenses ?

[ethos]

Nod32 is installed on the server with the XMON addon, I can't see how it's not recommend to run both as they are the meant to run alongside? Also XMON just monitors exchange were as the rest protects the server...

You mention licenses, I put some new licenses in the other day (2009) but i haven't removed the OLD licenses yet. Although I can't see this being too much of an issue?

[ethos]

For reference I've updated to the latest version and restarted the exchange server, it is now picking up email viruses