Amon configuration question

Discussion in 'NOD32 version 2 Forum' started by faffy, Mar 7, 2004.

Thread Status:
Not open for further replies.
  1. faffy

    faffy Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    23
    I have been testing different antivirus programs and I am not satisified with some of the features. I am trying to set up the antivirus software that if I download a zip file from the net then it scans it automatically and scream if it finds something nasty inside. So I open NOD32 and in the AMON settings I add ZIP in the Extensions. Then I go to the EICAR test site and download the EICAR.ZIP file. I can see that AMON scanned the file but nothing happens. It only screams when I try to unzip the file. Is there a way to set NOD32 up to scan inside archives?
    (I am not interested in on-demand scans, that does this job very well.)

    Faffy
     
  2. spamcat

    spamcat Registered Member

    Joined:
    Oct 9, 2003
    Posts:
    28
    Location:
    North Carolina, USA
    I don't believe that their is way to do this in AMON, and honestly for good reason. Even with a very fast computer scanning on-access within archives can be very resource intensive. I have also used KAV and with its monitor's archive scanning enabled I find performance to be much less than acceptable (especially when launching programs, i.e., Mozilla takes 5-10 seconds vs. 1 to load).

    You obviously realize that you are still protected even when you try and access the archive. Perhaps someone else can provide additional information.

    spamcat
    :cool:
     
  3. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    AMON doesn't scan inside ZIP, RAR, etc. files because is useless. A virus can't infect you if you don't extract the file before and execute them.
     
  4. faffy

    faffy Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    23
    Sir Carew your argument is very weak. I want virus protection so I don't have virus on my computer, not because I want to keep them in "jars".

    Faffy
     
  5. faffy

    faffy Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    23
    I know that KAV warns you that if you want to scan archives it will deteriorate your computer performance. However, I do not intend to scan all my files every time I access them. BUT, I want to scan all files that I have just downloaded from the net. There should be an option something like "scan on file creation".

    (Just to note: Bitdefender screamed in all cases when I tried to download the eicar com, txt, zip, and zip2 files.) ;)

    Faffy
     
  6. dos

    dos Registered Member

    Joined:
    Oct 17, 2003
    Posts:
    43
    There is no reason for AMON to scan inside zip files to be honest. Any virus inside the zip file is harmless, and as mentioned above, it would be very resource intensive for AMON to do this. What is the point of sacrificing system performance because someone is too lazy to right click on a file and choose scan? It takes all of 5 secs, if that. NOD32 does scan files upon creation, but in the case of zip archives it'll be the archive itself and not the contents, unless you are creating the zip archive yourself, where obviously any files you add will be scanned.
     
  7. faffy

    faffy Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    23
    That's incorrect. You can easily spread viruses around because AMON does not scan inside ZIP files. Since NOD32 does not scan outgoing e-mails, because of the philosophy that your computer should not conatin any viruses since you have NOD.

    And this subject has nothing to do with laziness either.
     
  8. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I wouldn't want AMON to scan zip files either because of the performance issue.

    I much rather just right click and check it with NOD.

    That is my personal preference and why different folks select different AVs.
     
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    faffy,

    I fail to see logic in a) downloading a file - with the purpose of using/inzipping it (why bother downloading in the first place im case one doesn't feel the need to unzip it?) b) forwarding such an unzipped file to others without even actually knowing the (unzipped) contents. The file will not forward itself for sure ;). No offense intended, but it seems like a hypothetical issue here.

    regards.

    paul
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Maybe you could use a download manager that has an option to trigger an external scanner after a file has been downloaded.
     
  11. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Why should I have to go to the trouble of unzipping it in order to find out it is infected? I should be alerted immediately so I don't have to waste my time unzipping an infected file. I used to agree that it wasn't needed for AMON to catch viruses inside zipped files but I have since changed my mind. I'm watching KAV development with much interest.
     
  12. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    I don't found any problem downloading a zip file, right click and scan it using NOD. It's easy and take seconds. People who don't do that is very lazy, sorry.
    AMON rule is protect your system from dangerous action like open documents, execute programs, etc. and if you've files compressed it isn't a dangerous action. AMON will deny the access if you try to open them.
     
  13. hayc59

    hayc59 Guest

    could not have said it better!! :D
     
  14. Kym

    Kym Registered Member

    Joined:
    Jun 15, 2003
    Posts:
    38
    Location:
    Cessnock
    Would it be possible to create a locked post "Nod Does Not Scan Zipped/Archived Files and Here Is Why, or something like that. It seems not a day goes by without this topic coming up and it gets a little annoying to open posts up to read the same arguments time and time again. I know that people have a right to ask whatever they want as long as it concerns Nod, but I wish sometimes that people read privious posts. Do a scan for Zip and then Archive and see how many posts there are related to these subjects.
     
  15. Lars

    Lars Guest

    A comment from someone just passing thru;

    Scanning for viruses inside archives is a smoke and mirrors "feature" dreamed up by advertising men. All it does is waste resources for no valid reason. It is a nonsensical feature praised by lamers who know no better. It has no redeeming factors in the real world.

    If you download a zip or rar or ace archive, you download it for a reason. That reason is because you want to use the program inside it. To use the program, you must extract it from the archive. When you extract it, NOD32 or McAfee or Norton or whatever scanner you are using it will scan it.

    One time only in 12 years of computing, NAV alerted me to a virus as I extracted files from an archive. I deleted the file, then deleted the archive. If I ever download another archive containing a virus, NAV will alert me in exactly the same way.

    "I like archive scanning because I want to know what is on my hard drive" is lamer crap! I have about 40 archives on my hard drive, and I know none of them contain a virus, because I have extracted and installed the programs inside them.

    You guys are arguing about a triviality. No-one except lamers needs archive scanning, and they only think they need it.
     
  16. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Well, I'm not you. I have a lot of zipped files on MY computer that I have never unzipped. It is not true that you download something only because you are so hot to trot that you want to install it right at that moment. I download something because it looks interesting. I may not decide though to try it until days, weeks, months later. Plus, as I have said before why should I have to go to the trouble of unzipping it before the virus is found? My AV should find it before that.
     
  17. QuinnK

    QuinnK Registered Member

    Joined:
    Mar 11, 2004
    Posts:
    47
    Plus, as I have said before why should I have to go to the trouble of unzipping it before the virus is found? My AV should find it before that.

    Purely my personal opinion. I like the Nod philosophy of small footprint, low resource use... and, since there's really no free lunch in the 'add features that would be nice, or save me a few seconds or a little trouble now an then', I would hate to see the program gradually become bloated, as many do over a period of time, because of that.

    I would rather see them focus on detection and bug issues that can have a real effect on security. Now, if they were to make changes in the quarantine area such that the original file is actually quarantined and rendered harmless... I, and many other users, would consider that a desirable and useful change that could affect security. Many Nod users don't realize the quarantine doesn't work like virtually every other AV program, and the Nod implementation really doesn't make a lot of sense to me. Just MHO. :rolleyes:

    Take care... Quinn
     
  18. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I guess you haven't read all my comments on NOD quarantine!
    I'm the person who first raised the issue with quarantine and I definitely agree with your statements. I certainly think quarantine is a pressing issue and should be addressed quickly. However, I don't feel that Eset is only capable of addressing one issue!

    As for bloatedness, I don't like that either but I don't think NOD is in any danger of catching up with NAV in this regard! If we want to do away with "bloatedness" allow us to not install IMON! I don't use IMON but I am still forced to install it. Ugh! I'd far prefer to have scanning inside zipped archives than IMON at all. If you want to know what is worthless junk on any AV it is the email scanner.
     
  19. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Hi Mele20,

    I would disagree with this.

    I prefer to have IMON, which also uses AH by default and can check zip attachments, to check the mail prior to the Inbox.

    I probably receive more infected e-mails then you do.

    I want the infected attachment removed but also like to be notified, at the same time, what the infection was which is what IMON does.

    Your prior posted method of saving e-mail attachments and then scanning them, etc. would require additional, unnecessary work and time on my part by having to first save the attachment, then having to navigate to where I saved it, then right click and select scan, then delete the saved attachment if infected and also delete the infected email.

    IMON allows me do to all the above automatically by notifying me of an infected e-mail, then with just one mouse click I can "Delete" it. IMON also makes a note in the Subject line of the e-mail noting the name of the infection for reference.

    I am running WinXP Pro and don't have any problems using IMON. IMON, with AH, does a good job of catching the infected mail without additional effort on my part.

    IMON also scans zip attachments.

    An example of some I have received:


    __________ NOD32 1.654 (20040305) Notification __________

    Warning: NOD32 antivirus system found the following infiltrations in the message:
    part000.txt - is OK
    dinner.zip - Win32/Netsky.B worm - deleted


    _______________________________

    A personal preference for different features is one of the reasons some folks choose one AV over another AV.
     
  20. Quinn

    Quinn Guest

    I guess you haven't read all my comments on NOD quarantine!

    I wasn't implying I was posting anything new on Nod quarantine... in fact I said "I, and many other users". Just adding my own opinion.

    but I don't think NOD is in any danger of catching up with NAV in this regard! If we want to do away with "bloatedness" allow us to not install IMON!

    I agree that Nod32 is way short of the bloated condition of NAV, I would just like it to stay that way. On Imon: considering the small install size of Nod32, I wouldn't think the additional install size for Imon would be of any consequence to anyone (if someone is really that short of space, they have worse problems). As completely as Imon can be shut down during operation, I also wouldn't think it's resource or similar use would be of any particular consequence to anyone. Imon is a desirable feature to most users, and has competitive considerations, so it definitely should be included in the installation package. Considering what I've already stated, I would doubt that whatever it would take to allow it as an optional install component would provide any worthwhile benefit to Nod32 users in general. It would take at least some amount of development time, which is money, that I would think would be better spent on higher priorities.

    Then again, YMM of courseV... Take care... Quinn :p
     
  21. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Said by Stan999:
    >I probably receive more infected e-mails then you do.

    I receive almost none. My ISP, Road Runner, scans all mail (except internal from one Hawaii RR customer to another) for viruses using Symantec Corporate engine. My other active email address, dslreports.net, also scans all mail using Kaspersky. Most ISPs now scan for viruses so IMO IMON is not such a hot useful thing as you make it out to be. If your ISP is not scanning then maybe it is time you look for another one? My ISP is offering a free firewall and free antivirus for as long as I have Road Runner so when my license is up for NOD32, I'll probably being going with Road Runner's free package. This is the trend now. ISPs scan all incoming mail and offer free av and firewall packages.
     
  22. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    Hi Mele20,

    It may not be true for all the folks world wide that their ISP is now scanning for viruses. Also a lot of folks don't have the choice of using another ISP especially with a broadband connection.

    For you to post, "If you want to know what is worthless junk on any AV it is the email scanner", is just not true for everybody.

    The different features available is one of the reasons some folks choose one AV over another AV.

    While you feel an e-mail scanner "is worthless junk on any AV" someone else may find it very useful.

    In addition, even if your ISP is scanning for viruses sent by e-mail, I like the fact that IMON also scans it again automatically using NOD32 current definitions and also using AH which has caught some new infections. I find your method of not using IMON and having to save the attachments and then scanning them again using AH both time consuming and an unnecessary effort.
     
Thread Status:
Not open for further replies.