Hows does NOD32 treat email attachments?

Discussion in 'NOD32 version 2 Forum' started by enduser999, Oct 21, 2005.

Thread Status:
Not open for further replies.
  1. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    How does NOD32 treat attachments in emails? Are the attachments not scanned until they are opened or are the attachments automatically scanned when the mail is downloaded?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you receive email through POP3, IMON will check all emails (if you do not use the default port 110, you'll need to specify it in the IMON setup).

    However, if you use MS Outlook, it will first download email and then pass it to EMON via MAPI for checking. So EMON will check any email regardless of the protocol used.
     
  3. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Hmm. I had a friend submit two suspicious files that NOD32 said the archived was damaged to Virustotal and 5 or 6 of the scanners indicated a variant of MyTob in the files. They were contained in an email that tried to get the receiver to open the attachment saying that the mail was undeliverable when the user never even sent the "original" to begin with.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    NOD32 has detected all Mytob variants heuristically without needing to update so I really doubt NOD32 wouldn't catch this one if it was actually functional.
     
  5. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
    Well there is no way my friend will chance opening the attachment. Guess there is no point in sending these files into NOD since they are supposedly inert and NOD never fixed a false positive with another file which he sent into NOD at least 2 months ago.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Where did you actually send the file to? Because I'm not aware that we've received a false positive that is yet to be fixed. Please submit that file to samples@eset.com
     
  7. enduser999

    enduser999 Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    418
    Location:
    The Peg
Thread Status:
Not open for further replies.