eMule and NOD32

Hi there

I know, this topic has already been discussed, I have even read some of the threads, but I'd like to know if I understand things right.

I installed NOD32 just 2 days ago, and I knew that NOD32 has no direct scanning of p2p clients, so I decided to do some testing. I downloaded several potentially dangerous files (warez and keygens) to see how NOD32 deals with them. Before someone preaches about piracy, I'd like to state that it was merely for testing purposes. It's all going to be deleted once I finish testing NOD32.
To be sure, I also downloaded the EICAR test file, which was available in eMule.

I should say I was very unlucky (or lucky to some people), because until now, the 3 files which completed downloading where clean, according to an on-demand scan. I plan to scan them later with KAV on-line scanner just to be sure.

The EICAR file however, was detected once the download finished. So if I get this straight, NOD32 doesn't scan the transfer, like my former AV did (BitDefender10 and before that Avast!), but AMON detects the virus once the file is created at the end of the download. Am I right? If this is so, does it mean that my laptop is well protected, but I could unwillingly help spread an infection while sharing the incomplete file?

Bye

 

AMON scans the files once created, accessed, or opened. IMON is responsible for internet downloads but only http and pop3.

O and btw, not every crack and keygen is necessarily malware. So NOD32 could be correct when it says theyre clean.

 

Yeah, I know cracks and keygens are not necessarily malware, but lets face it, the probability they're infected is very high. Thats why I said I was unlucky so far...
Murphy's law never fails: if someone want to download some warez from eMule, the sure as hell will get infected, but when you want the file to contain a virus for testin you AV, it is clean....

 

Hi !

Check them instead of guessing . Load them on VirusTotal and if they are detected by more than the half , send these files to Eset's Lab samples[at]eset.com

 

Great page. Bookmarked immediately!

I have a question regarding to compressed files (zip or rar or other) and eMule.
Are these scanned by AMON once they are created when the download finishes like "regular" files are? Or is it necessary to perform an on-demand scan on these files?

Thanks

 

You have to scan them on-demand.

 

No , you don't have to .

Although AMON does not scan archives on-created , they cannot post a security risk unless extracted so you may wish but you don't have to