4.0.474.0 and DNS requests to Mailshell.net

Discussion in 'ESET Smart Security' started by jbachofner, Feb 8, 2010.

Thread Status:
Not open for further replies.
  1. jbachofner

    jbachofner Registered Member

    Joined:
    Feb 8, 2010
    Posts:
    2
    Recently had to renew 3 licenses and downloaded smart security 4.0.474.0 and install on 3 machines. Within minutes of install we started to see DNS requests to 16 different IPs logged on our corporate firewall. Our corporate firewall only allows outbound DNS requests to servers maintained by our ISP. All other requests generate a warning email to our admins. We tracked these mysterious requests to servers for mailshell.net and later found that mailshell provides spam protection for ESET. Getting about 100 warning emails a day prompted us to try to resolve this with customer support at ESET as we had NEVER seen this behaviour in over 2 1/2 years of using ESET. We have yet to get a real answer from ESET identifing the problem. We asked the question of why is ESET making DNS requests to servers for Mailshell.net instead of using the DNS configuration of the host PC'so_O?

    We were told not to use Smart Security and instead use Antivirus. That was their answer and their fix. It was also suggested that we post this question here as apparently ESET engineers look at the forum. Begs the question of what does support do?

    So has anyone seen this behavior as well?
     
  2. BFG

    BFG Registered Member

    Joined:
    Oct 27, 2004
    Posts:
    482
    Location:
    San Diego
    Hello jbachofner,

    Might you have asked how to contact the developers and ask them the question yourself? I could also see that they might suggest ESET Anti Virus instead of Smart Security if you were using a firewall already.

    BFG
     
    Last edited: Feb 8, 2010
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The communication comes from the antispam protection module which sends DNS requests to Mailshell to find out if a particular message is spam or not. For more information read this article.
     
  4. jbachofner

    jbachofner Registered Member

    Joined:
    Feb 8, 2010
    Posts:
    2
    Oh I did ask to talk to the developers and was pointed to this forum by Eset support. Al I wanted was a reasonable answer and so far the reply from Marcos has been the closest. You see prior to this release Eset did not exhibit the behavior which means to me something has changed. That is either a programming error or an intended change. All I want is an honest answer without trying to sidestep the question. Make sense?
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    V3 uses Netcheck to create direct connections with the antispam provider while v4 uses Livefeed that is faster. See my previous post with a link to a description of that technology provided by the antispam provider.
     
Thread Status:
Not open for further replies.