NOD32

Discussion in 'other anti-virus software' started by Logan5, Jul 1, 2002.

Thread Status:
Not open for further replies.
  1. Logan5

    Logan5 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    116
    Location:
    Ohio, USA
    Hi,

    Has anyone been following this thread at the Becky forums?

    http://www.morelerbe.com/ubb/ultimatebb.php?ubb=get_topic;f=39;t=000334

    Does not sound like a good situation for those of us who use both Becky and NOD32.

    I have seen no reply from Eset as of yet.

    Logan
     
  2. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi,

    Not a big issue : as far as a virus is compressed, it cannot be activated. Nod32 would catch it at uncompressing.

    AFM I find pointless to scan archived files. Anyway, any AV or AT fails detecting virus/trojans/worms if the compressing rate is strong enough :)

    http://smilies.sofrayt.com/1/r/biggrincurtain.gif
     
  3. adaMada

    adaMada Guest

    My understanding of the situation is that it is a problem for users of those two programs, but NOD32 WILL catch the virus before it's run -- it just might give the false impression of you not having a virus at all before the file is run. In my opinion, though it is a problem, it's not a deadly one...
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    As far as I know, the upcoming new version will tackle this issue. Indeed it's not a "deadly issue" right now.


    JacK,

    DrWeb never missed a strongly compressed virus/worm in archived files ;). But that's just a side note!

    regards,

    paul
     
  5. Logan5

    Logan5 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    116
    Location:
    Ohio, USA
    Hey,

    Thanks for the info.

    Glad to see they will (I hope) be addressing the issue with the upcoming version.

    Logan
     
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    My pleasure, Logan ;).

    regards,

    paul
     
  7. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Paul,

    I look for a links with sample (harmless) of different rates of compression and shall post it here :)

    Dct Web like the other AV misses on a certain amount of compression

    Cheers, ;)

    JacK
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    JacK,

    Nice!

    I will not argue that possibility; in reality, I've never encountered such an example ;)

    regards,

    paul
     
  9. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    As for the Becky's part, here is Carty's response:
    "For the security consideration, viruses are never activated when they are MIME encapsulated.
    Suppose that if a virus file are decoded on retrieval. Some viruses might be new and virus scanner could not detect them.
    IMO, it is far more dangerous because the file is stored in executable form, which means you can execute it from everywhere (including LAN). It is just a click away.
    If they are undecoded, you will need a decode tool when you want to execute it outside of Becky!. It will diminish the potential risk of unknown viruses being executed.

    Some people may feel unconfortable that undecoded viruses sit in your hard disk. But for that matter, all I can say is that virus scanning is not my job, their job"
     
  10. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Paul ;)

    Could take some time : I don't have it anymore and wrote to R.Garcia to have it.

    I tried on lots of AV/AT last year just to compare but as I find pointless scanning the archives as the malwares in those are harmless (and I have a lot of archived virus too:))

    As soon I get it, I forward the link.

    CU ;)

    JacK
     
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    JacK,

    No prob; patience is a virtue ;)

    In essence: agreed. On the other hand: quite some email clients do create separate databases (if only for importing possibilities) in archived form. Thus, even after deleting an infected file, it could easily be around in the archived database(s). Personally, I'm not fond of that idea.

    grin..I know your have :cool:

    Thanks in advance!

    regards,

    paul
     
  12. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Paul ;)

    Here for your patience : http://www.attac.net/

    So sorry : in French : Testez votre anti-virus

    Enjoy ;)

    http://www.les-smileys.inforum-city.com/diables/blueScreen_D.gif

    JacK
     
Loading...
Thread Status:
Not open for further replies.