Eicar test version2zip

Discussion in 'NOD32 version 2 Forum' started by claire, Feb 22, 2004.

Thread Status:
Not open for further replies.
  1. claire

    claire Guest

    Hi,
    Sorry if this has already been asked before but I am not aware of this
    Some acquaintance of mine claim that NOD soes not detect Eicarzip file version two available here
    http://www.eicar.org/anti_virus_test_file.htm
    Does some one have the same problem?

    The settings were the default one and the zipped file was not detected when downloade but well when unzipped
     
  2. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    It does indeed detect the file, I suggest your friend needs to take another look at his/her settings.

    :)
    Kev
     

    Attached Files:

    • scan.JPG
      scan.JPG
      File size:
      69.8 KB
      Views:
      1,311
  3. claire

    claire Guest

    Thanks Tinribs for your fast answer.

    Should the settings be on"deep" intead of the default ones?
     
  4. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    I dont run Nod32 as resident at the moment due to testing another product (hence the out of date signature files) but to detect zipped up files you'll need to make sure scanning of archives and the like is enabled.
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Nod will NOT detect it while it is downloading, but will either by a system scan or a right click scan of the file as soon as it has been downloaded

    it will detect as soon as you try and open it though

    I don't know of any antivirus that detects a virus inside a zip file whilst it is downloading or just sitting inactive on the computer, until the file is scanned or an attempt to open it is made

    Nod does however find and stop & delete these files when sent by email
     
  6. visitor

    visitor Guest

    yes dvk01. I tried and got the same

    1-I downloaded the zip file (Nod is silent)
    2-right clicked on it and clicked "nod32 antivirus system"
    the on demand scanner scanned the file as any normal file(no virus)
    3- tried to extract the file and here where I get NOD red-alert.
     
  7. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    So 'visitor' how do you explain the detection as detailed above? This was done with a 'right click' scan o_O??

    May I suggest you check your settings too
     
  8. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    See http://www.wilderssecurity.com/showthread.php?t=21171

    This is how I set up Nod on my PC and for my clients...

    Cheers :D
     
  9. visitor

    visitor Guest

    I did the same settings as in Blacksppear provided link. downloaded the file again->(Nod still silent)
    run "on demand scanning" right click->virous found=0,
    tried to extract ->Red-alert
    same as my post above
    I'm running commercial v2.000.9
     
  10. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    Then something seems verywrong with either your installation of Nod32 or your pc in general :(
     
  11. visitor

    visitor Guest

    the machine is new(3 weeks old) came preinstalled XP-Home sp1. we installed NOD,OfficeXP,paintshop pro8, and some other spybot things, it is running smoothly. Can you please tell me where to look. Thanks
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Sorry Visitor, I put through the link to show you how I set up Nod for my clients and my own PC.

    I didn't try the Eicar Test, and having done so, Nod does NOT pick it up when using a RIGHT CLICK scan this file only option.

    Having said that, I am not at all concerned due to AMON (Nods resident scanner) checking all files.

    Zipped, Double Zipped, Tripple Zipped files etc have been discussed many other times in this forum. Eset take the position that you can slow up a scan by trying to scan/unpack files that have been zipped/zipped again/again... and to what purpose, until the file has been extracted it is harmless, upon extraction AMON will pick up anything, so they leave it that way.

    Cheers :D
     

    Attached Files:

  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    It does pick it up with a general scan, so this appears to be a bug with Nod.

    Cheers :D
     

    Attached Files:

  14. spamcat

    spamcat Registered Member

    Joined:
    Oct 9, 2003
    Posts:
    28
    Location:
    North Carolina, USA
    Right click detects the file on my computer. When you have NOD setup as shown by Blackspear do you have "Use this profile for scanning objects within the context menu" checked under the "Profiles" tab in the NOD32 scanner component? This is a necessary step.

    Thanks,
    sc
    :cool:
     
  15. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Well, well, well, you learn something every day, thank you Spamcat.

    Why this isn't set as a default setting is beyond me, and I'd like the logic behind not setting it as a default to be explained... :doubt:

    For those that would like to know where the setting is, I have enclosed a pic...

    Cheers :D
     

    Attached Files:

  16. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    And it works when setup as above...

    Cheers :D
     

    Attached Files:

  17. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Back to profiles "irregularities"(for want of a better description!)its a pity you cannot delete the "default profile" in the nod scanner to make sure files are scanned how you want them to be. ie:-if the only profile available for nod to use was the one you'd set up it would/should make no diff how you scan rght click,full scan
     
  18. Phil_S

    Phil_S Registered Member

    Joined:
    Nov 13, 2003
    Posts:
    152
    Location:
    UK
    You can delete the "default" profile. Just create another profile set with the options you wish and make that the default profile, then delete the former profile. First thing I did when I configured NOD was to create a profile I called "default" and then delete the "My Profile" profile that NOD creates on installation, since I didn't think "My Profile" made a lot of sense on a multiuser system.
     
  19. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    Thanks for the info I must have done something wrong when I tried to delete the profile NOD loads on install,it kept coming back.Must admit I didn't spend much time on it just thought it was the way NOD was,always kept a record of the default install profile now I know different I will look a little harder
     
  20. steve1955

    steve1955 Registered Member

    Joined:
    Feb 7, 2004
    Posts:
    1,384
    Location:
    Sunny(in my dreams)Manchester,England
    I must have been tired,p###ed,both or had an attack of being thick I couldn't delete profile NOD loads on install cos I'd just "altered" that one (not actually created a new profile)and it was still in use.duh!
     
  21. sick0

    sick0 Registered Member

    Joined:
    Feb 12, 2004
    Posts:
    143
    this is off topic but since we are talking about context menu scanning, can anyone tell me if NOD fixed that thing? i.e. after i right click a folder and scan it, there's always a message that says "profile has change, do you want to save it?" its always like that no matter how many times i saved it.
     
  22. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Quarantine was discussed in this thread: http://www.wilderssecurity.com/index.php?action=display;board=39;threadid=18052;start=0#msg111807

    Cheers :D
     
  23. Bender

    Bender Guest

    Mele20, I am not an expert about NOD32, having just yesterday started to examine it closer, but to me IMON has already a great use. Some worms are not attachments, but the body of the e-mail IS the worm, a script executed by HTML upon reading the e-mail. If your ISP scanner passes such worm, IMON is another line of defence. If you see no use for IMON, simply switch it off. For the others, with attachment, like you, I have also scanned manually each one with KAV, even if it is from my own mother. Although it looks like IMON, using the same virusbases as the manual scanner, makes this step unneccessary. Yes, NOD32's quarantine is a litle unusual, but not hard to understand, and I can see the reason behind it. Although, I am sure, some people like yourself will prefer to delete the infected file automatically at the time of quarantine. It is a personal preference.
     
  24. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    off topic quarantine posts merged with on topic existing thread over here.

    Please stay on topic, ladies and gents.

    regards.

    paul
     
  25. Evil Ryu

    Evil Ryu Guest

    This is my first step in the NOD32 world. :D

    Have you noticed that, after a manual scan, you can't do any action to remove the virus inside eicarcom2.zip?
    "Clean" and "Delete" buttons are not selectable.
    Is NOD32 capable to remove virus in archives or I have to open and run the virus?
    It's a strange behaviour, it has detected the virus inside the zip but I can do nothing to remove it. :rolleyes:
     
Thread Status:
Not open for further replies.