NOD32 unable to find 'EICAR' test virus

Having recently been bitten with McAffee's new ASAP product on a multi-site licence in that I found that viruses (the eicar test) were only found at the basic level and gave no protection when 'virus' in zip files.

Fortunately this was recognised by NAI's local representatives as an issue and they accepted that product was unsuitable and cancelled license with full refund.

I am now on a "fast track" evaluation of other AV softwares and NOD32 is showing the same characteristics as explained above. In fact probably its detection is even less trustworthy.

From the eicar.org website I tried to download the 4 options of 'eicar' and only the original 'eicar.com' was detected by NOD32. The 'text' file version opened in notepad and the zipped and double zipped downloaded successfully or in this case most unsatisfactory.

Checking settings and changing a few and repeating tests have shown no improvement.

Does anyone know ifthis is just a local (being myself) issue or have I missed something during install and setup.

I know that NOD32 did, as did McAffee ASAP, successfully found the virus during extraction from the 'zipped' files, but this is only of a token effort, as had the zipped file been placed on any storage media floppy's, CD's etc. then there is always a possibility that that media could be used on another unprotected machine. This is specifically the case, in my instance, where within the company only certain PC's have internet download capabilities (for security purposes) and quite often downloaded files are distributed both internally and externally.

Thanks in advance.

Best Regards,
DenisG

 

Paul,

Thanks for your quick reply. I do understand the direction from where the replies are pointing me too etc.

I totally agree that a 'packed' virus is on no danger till it is unpacked but the argument is several levels deep, in that I have no control on what an employee has as AV software on their home system, if they are taking any work home with them etc.

The second problem I have, is that some install softwares require that AV softwares be 'shutdown' for the duration on install. Whoops !! Too late if packed install contains virus etc.

I know there are always ways and means around such issues, but in business time is money, and it is nice to be able to accomplish certain tasks seamlessly. One can't always assume that the user / operator is computer literate and has understanding of how thinks should work.


As with previous AV's that we have used, at least the choice was mine as to what and how the san took effect. Whilst NOD32 seems to be acceptable to me in many ways. This issue certainly has me thinking twice about the package. That risk, however small, may not be worth the NOD32 solution, when I consider 45 in-house PCs, nearly 100 operators and no control over approx 12 users with permissions to take home data etc.

Thanks,

Best Regards,
DenisG

 

Here is a link to a very lenghty thread I started back in June of 2003. Here is that link:

https://www.wilderssecurity.com/showthread.php?t=10337

If you have any qurstions please feel free to email or send me a personal message. Hope this helps.