MIMO OK, internal scanning not performed, anyhow 3rd party solutions find infection

Discussion in 'ESET NOD32 Antivirus' started by aapapapa, May 10, 2012.

Thread Status:
Not open for further replies.
  1. aapapapa
    Offline

    aapapapa Registered Member

    It is about my NOD32 AV installation
    On PC i have some mbox files (generated and used by Mozilla Thunderbird).
    In the same mail client there are several e-mails.
    Some of them are very old, other quite new.

    Recently I started a virus scan of all partitions.
    For this scan I didn't use the installed nod32 av but
    3rd party solution (bitdefender, kaspersky, other).
    These scan was started from live-CD, ubuntu based.

    Bitdefender and kaspersky hit alarms for these mbox files.
    All the nod32 av can say when scanning them is
    "MIME OK, internal scanning not performed", regardless of if to scan
    the mbox file or just the affected mail message exported to eml file.
    Also several items on virustotal hit alarm for these files.

    VERY FRUSTRATING it is.
    How many other infections on my partitions stay uncovered due to this approach of nod32 av?
  2. Marcos
    Online

    Marcos Eset Staff Account

    "internal scanning not performed" means that you have scanning archives or email files disabled so the emails in the MBOX file were not scanned.
  3. aapapapa
    Offline

    aapapapa Registered Member

    EAV 5.0.95.0 is in use.
    Always when I am performing on-demand scan I do it from contextual menu
    of file to be scanned. Never from EAV gui (computer scan).
    Problems reported here occur while scanning eml and/or mbox files from
    windows explorer contextual menu for file to be scanned.
    Therefore I think the option "scan mails" is not relevant here.
    Please correct me if I am wrong.

    Help and advanced settings dialog present following modules
    - real-time protection
    - document protection
    - computer scan
    - startup scan
    - HIPS
    - web and email

    If to study eav help I get the impression that in setup section "computer scan" the scans triggered from eav GUI window only are addressed.
    Not the scans started from context. menu of file to be scanned.

    In all modules where it is possible, except for startup protect.
    module, scanning emails option is and was enabled. The same applies to archives.
    Now after your hint, I double checked these settings and tried to scan these
    files once again. This time by invoking the scan from eav gui window - custom computer scan.
    The scan report claims "OK", string "internal scanning not performed" is not produced this time.
    Currently the scans started from gui - custom comp. scan - seem to perform internal check
    because the warning about lack of such is missing.
    But if to again start scan from context menu the results are still as described in initial mail - internal scanning not performed.
    So, there are discrepancies between results of on-demand scan started from gui and from scan object's context. menu.
    This would confirm my observation regarding relevance of computer scan setup section, see above.

    The fact that custom computer scan started for these files from gui does
    not hit any alarm and bitdefender hits such is a different story.
    I don't want to discuss this now.
    1. Where to find setup for on-demand scan started from scan object's
    contextual menu?

    In setup dialog for computer scan one has a list of choises - scan profiles.
    However I am not able to find a place where these profiles can be adapted
    to own needs.
    2. Are they hard-coded? I guess in previous versions they where
    configurable.
    Last edited: May 11, 2012
  4. Marcos
    Online

    Marcos Eset Staff Account

    To customize context menu scan profile, open the main GUI, navigate to Computer scan -> Computer scan setup, select "Context menu scan" from the profile list and then open the ThreatSense engine setup by clicking the Setup button.
  5. aapapapa
    Offline

    aapapapa Registered Member

    ESET plug-in for Mozilla Thunderbird is not functional since several versions -
    disabled by Thunderbird due to issues of incompatibility.
    So the on-the-fly scan of mails is not possible at all.

    Yes, the profile used by context.-menu on-demand scan is available
    wizard for custom scan - the eav gui. I think it is not optimal, the placement,
    because users interested only in adapting this profile will find it not until they attempt to perform custom computer scan. And the place where list of profiles can be changed is yet one different - bad concept.

    Indeed, now I can see the details of on-demand scans profiles started from
    context. menu. It is indeed a separate profile than that one used for
    on-demand scan, computer scan or quick scan. Mails, archives, maybe some
    others were not selected in this profile indeed. That's the reason why my eav
    did always skip internal check.
    After had enabled emails and all other types, the scan report does not report
    "MIMO OK, internal check not performed" anymore. However, it does not also say anything. Just a blank result window. On-demand scan started from gui
    says "OK" for these files. Must be this discrepancy?
Thread Status:
Not open for further replies.