email scanner isn't scanning--I think-help

Discussion in 'ESET NOD32 Antivirus' started by ryker1, Nov 14, 2010.

Thread Status:
Not open for further replies.
  1. ryker1

    ryker1 Registered Member

    Joined:
    Nov 13, 2010
    Posts:
    7
    xp-pro-thunderbird 316-nod 426412 (27days left eval)
    whidbey telecom uses ssl 995 465

    have read a lot of threads

    1st. tbird-nod extension for email scan installed-active on toolbar with options of scanning 1 or all emails again. have tb set to scan all incoming emails and to quarantine.

    2nd, NOD--have checked every setting possible from the threads read-tb is intergraded w/nod check ssl with port numbers entered, etc. and every setting I could recheck to be sure from the threads read. tb.exe shows as client.

    if i send myself an email--there is nothing in the email-nod log-anything anywhere that states the email was scanned. if in tb on the toolbar I select the nod32 icon and select either rescan only that email, or I highlight all email--select nod32 to rescan all email, I get the same, no indication that one or all of the emails have been scanned--nothing anywhere.

    what's left to check and should there be something in the incoming email itself that says it was scanned, in the nod32 log should there be an entry.

    I would really like to get this to work, I like the program so for.
     
  2. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    using SSL ports in Tbird you would NOD SSL protocol filtering enabled, is that what you are mentioning as 2nd? what is the email-nod log you are referring to?

    it would show in the NOD statistics

    14-11-2010 19-49-01.png

    on a side note, just if you are interested, about SMTP SSL port

    14-11-2010 19-54-08.png
     
    Last edited: Nov 14, 2010
  3. ryker1

    ryker1 Registered Member

    Joined:
    Nov 13, 2010
    Posts:
    7
    vtol

    yes I have ssl filtering--lets start over now after reading your post

    OK now I can see under stats-nod32 is doing what it is suppose to--but I don't like what it does at all--can you help with this..

    I reset the stats referred to in your post. I wrote an email to myself in NS7.1--mailed it to me and got it in Thunderbird. When I got the email in TB--NOD32 cleaned out the excel file I attached with it (it's a harmless small spread sheet), I got no notification from nod32 that it did this, (which means if it had been from someone I know-I would not even know it was now gone), then there is no way to retrieve that file--nod32 destroyed it--the advanced menu settings for the program states it is being put in the "infected items" folder--where is the folder at--there is no folder like this anywhere on my comp--so where did nod32 come up with that--why did it not create it---if I select "no action" in the advance menu for action on a email scan --then it would be up to me to scan the file--what would then be the purpose of even having the email scanner enable--I think the file should at least be put in quarantine so I can see what it was--then decide if it should be destroyed--but the quarantine is not an option.

    what am I missing here--no notification from tb or nod32 that something has been ripped out of the email
     
  4. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    as I am not using Tbird my input might be limited... also I never get an infectious file via email for NOD to clean, hence I am not fully aware of the alert sequences

    the infected items folder is supposed to show up in your email software, like inbox/sent/outbox/drafts. it does so in Outlook, what happens in Tbird I am not aware of. however it is not a folder on your hard disk.

    14-11-2010 21-36-02.png

    have a look in Tbird to see whether there is such folder, of course only if the option is set a shown above.

    to get notified about infected email you need to set the option as shown here

    14-11-2010 21-38-30.png

    suffice to say that NOD would only have cleaned malicious or suspicious files, still there is the possibility of a false positive - hard to judge without knowing that file. perhaps it contains some macros or VB code that may have triggered NOD to clean it. eventually it is showing in the detected threats log

    14-11-2010 21-44-07.png

    from NOD help about infected email alerts

    14-11-2010 21-58-20.png

    and check the cleaning level set for emails

    14-11-2010 22-01-30.png
     
    Last edited: Nov 14, 2010
Thread Status:
Not open for further replies.