NOD32

[Logan5]

Hi,

Just curious if anyone here has seen the discussion over at Becky's on this topic and what their thoughts might be on this issue.

http://www.morelerbe.com/ubb/ultimatebb.php?ubb=get_topic;f=39;t=000334


Thanks
Logan

[Paul Wilders]

Hi Logan,

New to me. You could post the essence over here; after that, It'll be my pleasure to contact Eset/NOD32.

regards.

paul

[Logan5]

Paul,

I would not know how much or how little to post here, and with Palo's answer near the end, I guess it is a dead issue for Eset for now.

I was just wondering other NOD users thought.

Logan

[Technodrome]

I stopped using NOD32 6 months ago so i guess this issue doesn't concern me!

Sorry!


Technodrome

[Paul Wilders]

Logan

Quote:

I would not know how much or how little to post here, and with Palo's answer near the end, I guess it is a dead issue for Eset for now.

Just had a look. "Low priority" eg of no importance to Eset as it seems. reading Palo's answer. Btw: we could have provided you with Palo's info weeks ago..Anyway: Becky users seem to have a problem here - without a solution. Sorry to hear so. IMHO the POP3 email scanner part from NOD32 isn't by far a reliable component at the moment by design. Probably/hopefully the upcomng version 2.0 will be vastly improved.

Quote:

I was just wondering other NOD users thought./quote]

mmm...fact is, the info provided today by Eset is in fact "old news". We could have informed you likewise weeks ago.

Looking forward to NOD32 v2.0 !

regards.

paul

[MickeyTheMan]

1.I have yet to see someone reporting the pop3 scanner missing a file on download.
2. Attachments are stored in base64 encoding in Becky and are therefore harmless in that state.
3. Upon activating of the attachment (which would be stupid to do) amon does advise.

I see no problem and can appreciate ESET concentrating on dev on new version.

[Technodrome]

Quote:

quoting: MickeyTheMan link=board=24;threadid=2571;start=0#17657 date=1027461003]
2. Attachments are stored in base64 encoding in Becky and are therefore harmless in that state.

It's harmless but virus is still there!


Technodrome

[Paul Wilders]

Hi Mickey,

Quote:

1.I have yet to see someone reporting the pop3 scanner missing a file on download.

It's a matter of design. The po3 scanner does "miss" numerous (compressed) files. Both JacK and my person have reported this on many occasions to Eset. Only in case the compressed files are actually activated, NOD32 will jump in. In the meanwhile, if only for "importing" reasons, the infected file is stored in an archived email client file - thus, in case anyone chooses to import archived email files/databases, the infected files will be imported as well.

Proof of the pudding: activating:
a) NOD32 pop3 scanner;
b) DrWeb anti-virus;
c) The Bat! email client;
d) DrWeb - The Bat! pop3 scanner .dll

Now, when receiving an infected compressed attachment, NOD32 pop3 scanner will not alert in any way. DrWeb detects the infected file at the spot, and handles it the way one has configured it (many options available). This leaving aside the config from DrWeb and/or DrWeb SpiderGuard.

Quote:

2. Attachments are stored in base64 encoding in Becky and are therefore harmless in that state.

stored is an issue here; see my comment about archived files mentioned above. What happens when for some reason one chooses to import archived email files using Becky?? - infected files will be imported IMHO...

Quote:

3. Upon activating of the attachment (which would be stupid to do) amon does advise.

As stated: a matter of design - and IMHO this could be handled far better - as might be demonstrated by now.

Quote:

I see no problem..

A matter of opinion. I for one am not a happy camper with the actual design.

Quote:

..can appreciate ESET concentrating on dev on new version.

I knew we would agree on at least one item in the end!

regards.

paul

[Technodrome]

NOD32 is not able to block/delete infected archives in anyway. In this case DrWeb's archives handling is better addressed...


Technodrome