eMule and NOD32

Discussion in 'NOD32 version 2 Forum' started by HURST, Jul 21, 2007.

Thread Status:
Not open for further replies.
  1. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Hi there

    I know, this topic has already been discussed, I have even read some of the threads, but I'd like to know if I understand things right.

    I installed NOD32 just 2 days ago, and I knew that NOD32 has no direct scanning of p2p clients, so I decided to do some testing. I downloaded several potentially dangerous files (warez and keygens) to see how NOD32 deals with them. Before someone preaches about piracy, I'd like to state that it was merely for testing purposes. It's all going to be deleted once I finish testing NOD32.
    To be sure, I also downloaded the EICAR test file, which was available in eMule.

    I should say I was very unlucky (or lucky to some people), because until now, the 3 files which completed downloading where clean, according to an on-demand scan. I plan to scan them later with KAV on-line scanner just to be sure.

    The EICAR file however, was detected once the download finished. So if I get this straight, NOD32 doesn't scan the transfer, like my former AV did (BitDefender10 and before that Avast!), but AMON detects the virus once the file is created at the end of the download. Am I right? If this is so, does it mean that my laptop is well protected, but I could unwillingly help spread an infection while sharing the incomplete file?

    Bye
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    AMON scans the files once created, accessed, or opened. IMON is responsible for internet downloads but only http and pop3.

    O and btw, not every crack and keygen is necessarily malware. So NOD32 could be correct when it says theyre clean.
     
  3. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Yeah, I know cracks and keygens are not necessarily malware, but lets face it, the probability they're infected is very high. Thats why I said I was unlucky so far...
    Murphy's law never fails: if someone want to download some warez from eMule, the sure as hell will get infected, but when you want the file to contain a virus for testin you AV, it is clean....
     
  4. ASpace

    ASpace Guest

    Hi !

    Check them instead of guessing . Load them on VirusTotal and if they are detected by more than the half , send these files to Eset's Lab samples[at]eset.com
     
  5. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Great page. Bookmarked immediately!

    I have a question regarding to compressed files (zip or rar or other) and eMule.
    Are these scanned by AMON once they are created when the download finishes like "regular" files are? Or is it necessary to perform an on-demand scan on these files?

    Thanks
     
  6. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    You have to scan them on-demand.
     
  7. ASpace

    ASpace Guest

    No , you don't have to . :p

    Although AMON does not scan archives on-created , they cannot post a security risk unless extracted so you may wish but you don't have to
     
Thread Status:
Not open for further replies.