Did I miss a step?

Discussion in 'NOD32 version 2 Forum' started by Red Dawn, Jul 24, 2006.

Thread Status:
Not open for further replies.
  1. Red Dawn

    Red Dawn Registered Member

    Jun 28, 2004
    I am currently setting up NOD32 on a server, win2k Advanced server and have come across a problem. First, I have DMON, and EMON disabled. I do have both AMON and IMON setup and active, IMON isn't causing any issue on the server, and since it's (server) connecting to company sites to pull data off of batch files, I felt it wouldn't hurt to keep it and AMON active. I have them both setup as per Blackspear's guide, but have an issue.

    I tested the settings by using the eicar test file from: hxxp://www.eicar.org/anti_virus_test_file.htm

    The first 4 top links, NON SSL, won't allow the download, either by left click or right clicking. Through SSL though, I can infact download the zip file to my desktop. So I figured that the SSL port should be added to IMON, added port 443 along with the other default HTTP ports already setup in NOD32. Tried again, same thing, can save the file to desktop. Now once I try to unzip, NOD32 kicks in, but how can I setup the app to stop the download from ever taking place, SSL or not, can this be done?

    I also noticed that on the same server/setup, I can FTP the zip file to the server. The zip file stays intact, no NOD warning or anything. It's not until I try to execute the file that it's flagged, by my supervisor wants it seutp to delete/quarantine the file upon my upload, so it's never sitting there on the server to begin with. They feel since this is a test file that all virus apps should detect and the zip file stays on the computer, that a un-known type of file could somwhere infect the system. So where do I have to setup NOD to delete/quarantine these files as requested above? Thanks for any help..
  2. NOD32 user

    NOD32 user Registered Member

    Jan 23, 2005
    Hi Red Dawn,

    IMON operates on HTTP data, not HTTPS (since it's encrypted)

    On my system with the settings from Blackspears Extra Settings all the unzipped samples are detected by AMON / IMON, as are the non SSL zipped ones by IMON.

    It is not possible for AMON to halt the system while archives are unpacked and checked (would only be useful here for the case of archives via SSL) since in some instances this could take some time. Obviously they are detected during the unpacking that is necessary for the OS to access them.

    Just double check you have followed step #39 through #46 here...

    Cheers :)
Thread Status:
Not open for further replies.