Hi! I do this test on my computer, with lastest update of NOD32 and Thunderbird Mail Client and NOD32 failed in this tests: Test #5: Eicar virus sent using BinHex encoding Test #6: Eicar virus embedded within another MIME segment Test #7: Eicar virus sent using uuencoding within a MIME segment Test #8: Eicar virus sent using BinHex encoding within a MIME segment Test #12: Eicar virus within a password protected ZIP file Test #14: Eicar virus sent in a Microsoft TNEF file (winmail.dat) Test #19: Eicar virus within zip file hidden using the "Blank Folding Vulnerability" Test #20: Eicar virus within zip file hidden using the "MIME Boundary Space Gap Vulnerability" Test #21: Eicar virus within zip file hidden using the "Long MIME Boundary Vulnerability" Test #23: Eicar virus within zip file hidden using the "Empty MIME Boundary Vulnerability" These are my settings: http://student.dei.uc.pt/~umbelino/lixo/nod32_imon.png http://student.dei.uc.pt/~umbelino/lixo/nod32_imon2.png
I haven't taken a closer look at all of those tests, but what surprises me is a test in which eicar is sent in a password-protected archive. How one can expect that an AV will detect it? Maybe we could implement a brute-force password detection to IMON, but I'm not sure someone would dare to wait several hours/days to receive an email with a password-protected archive in attachment.
Hi Marcos, You're right, the password-protected archive is a stupid test... I'm very satisfied with NOD32
I'm not sure I understand why one would possibly want NOD32 to detect a password protected zipped virus. Isn't the reason for password protection in such an instance because one wishes to bypass ISP virus scanning so that one can successfully send a viral sample to someone who is expecting it and who has the password? Having NOD detect/destroy this would defeat the purpose of password protection!
All of you just noticed zip protected test failure ? What about test number 6,7,8 . To VaMPiRiC_CRoW you have to worry about that ! because MUA's can read such a mail and from my experience you can't relay on end user common sense I've posted few days ago message about NOD32 on Linux not scanning properly malformed mail and pointed out that antivirus program can't expect that mail created by viruses will tight close to specs, on the contrary they will use every possible vulnerability. I've wrote about that to NOD tech support but with no replay. For now I'm little bit disappointed with NOD32 reliability Previously I've use MicroTrend InterScan without such a problems. Krzysztof Cieniuch