NOD32

Discussion in 'other anti-virus software' started by Logan5, Jul 23, 2002.

Thread Status:
Not open for further replies.
  1. Logan5

    Logan5 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    116
    Location:
    Ohio, USA
    Hi,

    Just curious if anyone here has seen the discussion over at Becky's on this topic and what their thoughts might be on this issue.

    http://www.morelerbe.com/ubb/ultimatebb.php?ubb=get_topic;f=39;t=000334


    Thanks
    Logan
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Logan,

    New to me. You could post the essence over here; after that, It'll be my pleasure to contact Eset/NOD32.

    regards.

    paul
     
  3. Logan5

    Logan5 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    116
    Location:
    Ohio, USA
    Paul,

    I would not know how much or how little to post here, and with Palo's answer near the end, I guess it is a dead issue for Eset for now.

    I was just wondering other NOD users thought.

    Logan
     
  4. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    I stopped using NOD32 6 months ago so i guess this issue doesn't concern me!

    Sorry!


    Technodrome
     
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Logan

    Just had a look. "Low priority" eg of no importance to Eset as it seems. reading Palo's answer. Btw: we could have provided you with Palo's info weeks ago..Anyway: Becky users seem to have a problem here - without a solution. Sorry to hear so. IMHO the POP3 email scanner part from NOD32 isn't by far a reliable component at the moment by design. Probably/hopefully the upcomng version 2.0 will be vastly improved.

     
  6. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    1.I have yet to see someone reporting the pop3 scanner missing a file on download.
    2. Attachments are stored in base64 encoding in Becky and are therefore harmless in that state.
    3. Upon activating of the attachment (which would be stupid to do) amon does advise.

    I see no problem and can appreciate ESET concentrating on dev on new version.
     
  7. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    It's harmless but virus is still there!


    Technodrome
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Mickey,

    It's a matter of design. The po3 scanner does "miss" numerous (compressed) files. Both JacK and my person have reported this on many occasions to Eset. Only in case the compressed files are actually activated, NOD32 will jump in. In the meanwhile, if only for "importing" reasons, the infected file is stored in an archived email client file - thus, in case anyone chooses to import archived email files/databases, the infected files will be imported as well.

    Proof of the pudding: activating:
    a) NOD32 pop3 scanner;
    b) DrWeb anti-virus;
    c) The Bat! email client;
    d) DrWeb - The Bat! pop3 scanner .dll

    Now, when receiving an infected compressed attachment, NOD32 pop3 scanner will not alert in any way. DrWeb detects the infected file at the spot, and handles it the way one has configured it (many options available). This leaving aside the config from DrWeb and/or DrWeb SpiderGuard.

    stored is an issue here; see my comment about archived files mentioned above. What happens when for some reason one chooses to import archived email files using Becky?? - infected files will be imported IMHO...

    As stated: a matter of design - and IMHO this could be handled far better - as might be demonstrated by now.

    A matter of opinion. I for one am not a happy camper with the actual design.

    I knew we would agree on at least one item in the end! :D

    regards.

    paul
     
  9. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    NOD32 is not able to block/delete infected archives in anyway. In this case DrWeb's archives handling is better addressed...


    Technodrome
     
Loading...
Thread Status:
Not open for further replies.