IMON/EMON apparantly not working

Discussion in 'NOD32 version 2 Forum' started by Pitbull, Jul 28, 2003.

Thread Status:
Not open for further replies.
  1. Pitbull

    Pitbull Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    9
    Location:
    England
    Greetings,

    I have the latest downloads of NOD32 V2 and latest virus database installed.

    I have a Win2K (SP3) PC running MS Outlook 2000 in Corporate mode talking to an MS Exchange server.

    AMON seems to be running fine, and is scanning files.

    However, I am not seeing anything scanned by IMON or EMON - the status windows show nothing has been scanned.

    Now my understanding is that in this case it is EMON that should actually be scanning my emails as Outlook-Exchange protocol is MAPI not POP3. So I guess I shouldn't see any email scans in IMON anyway, although from reading the help files I should see scans for other incoming network traffic ?

    Any ideas why my email is not being scanned ?

    Regards.

    PitBull.
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Pitbull,

    Could you follow the instructions Paolo Monti posted here: http://www.wilderssecurity.com/showthread.php?t=11047;start=msg71884#msg71884
    to check if your email is being scanned?

    Regards,

    Pieter
     
  3. Pitbull

    Pitbull Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    9
    Location:
    England
    Pieter,

    I tried the instructions, but unfortunately our corporate mail gateway has NAV installed and that prevented the eicar test from reaching me.

    Could you please confirm that in an Outlook/Exchange environment, EMON rather than IMON should be scanning my emails ? or did I misunderstand the help test.

    Regardless of that, both IMON and EMON show nothing being scanned. My belief is that my email is not being scanned. Unless the cause can be addressed I will have to uninstall NOD32.

    BTW I know AMON works as that detected a number of infestations of the LovGate.B worm on one of our open (now closed) shared drives last week.

    Regards.

    PitBull.
     
  4. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    HI Pitbull,

    If your outlook is set to only connect to the Exchange server using the Outlook Exchange service then you would not benefit from the IMON component. If you have an Internet Email setting in your Outlook Services applet then you would benefit from both EMON and IMON.

    You can double check this in Outlook by going to

    Tools -> Services

    and looking there in the Services tab

    HTH,

    Dan
     
  5. Pitbull

    Pitbull Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    9
    Location:
    England
    Dan,

    I am not using internet mail in my outlook setup and am talking MAPI to the Exchange server, so according to you I only need EMON.

    However, according to the help files IMON scans all inbound network traffic (at the winsock level) although it's primary role is to monitor incoming emails. So - do I need IMON as well, or is the help file wrong (and needs fixing). Is there somebody in support who knows the true answer ?

    All of which is irrelevant to my problem in that my emails do not seem to be being scanned by NOD32 V2 - a rather critical flaw in my view !!!

    Does anybody else have NOD32 V2 working with Outlook 2000 and an Exchange server, and are you seeing the IMON or EMON counters incrementing or not o_O For the record I'm on Win2K SP3.

    Regards.

    PitBull.
     
  6. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I'm just curious, but why do you want IMON and EMON anyhow? It's not a "critical flaw" if your emails aren't being scanned. You better believe AMON will stop you if you try to unzip an infected file or NOD32 on demand scanner will stop you when you scan an infected attachment before opening. You don't need IMON and EMON.. All you need is AMON and the NOD32 on demand scanner.

    I don't have IMON installed. Amon will alert when I unzip an infected email attachment. I've been testing RoadRunner's av scanner so a number of emails have been sent to me that have infected attachments (they have been getting by the RR scanner) and Amon performs perfectly. So does NOD32 on demand scanner when I save an attachment and then scan it. It performs even better now that I have the advanced heuristics set up so I can scan the file from Explorer. IMON and EMON are redundant and are unnecessary. They are there mostly because users think they need them not because they are necessary.
     
  7. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi Mele20,

    I'm sorry but I completely disagree. IMO, the IMON component is one of the best selling points of NOD! Both IMON and EMON add extra layers of protection at different levels so they are redundant in that regard but to say they are unnecessary is rather like saying an AV product is unnecessary. Yes you can "get along" without IMON and EMON but rather in the same way you can "get along" without an AV product. Their use is "unnecessary" in the same way but all are highly advised. [ Though I am unsure on the need for IMON in an Exchange only environment (i.e. one not using POP3 or IMAP); I hope to get some clarification on this from the folks at ESET :)]

    Regards,

    Dan
     
  8. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    >Yes you can "get along" without IMON and EMON but rather in the same way you can "get along" without an AV product

    Huh? There is no comparison! AMON is the resident scanner. You don't need anything else! Period. All you need is a resident scanner or even just an on demand scanner which will stop you from executing an infected file. One of the av that I own told me that a large number of their clients do not use the POP3 mail scanner. They may even fix the 2004 version so that it will be like NOD32 where you don't have to install the POP3 scanner at all. Same with the third av I own. Eset would not have made IMON an optional install if it was as necessary as you say it is.

    You wouldn't like my ISP, RoadRunner, because they won't let us use any POP3 scanner which changes the mail address such as NAV 2001 did and PC-Cillin 2003 does. I had AOL for two years as my ISP and there is NO av that could scan AOL mail except using the resident scanner. I didn't get any viruses. Had a few email viruses that were caught ...by the resident scanner.

    The major reason I have NOD32 in the first place is that Eset doesn't junk it up with all sorts of garbage like many av vendors do. Many of the people I know only use a resident scanner and some only use an on demand scanner. Others do like the redundancy of a POP3 scanner. It is all personal preference and there isn't any right or wrong approach here. That is one thing makes NOD32 nice ...if you don't want a POP3 scanner you don't need to install it. NOD32 version one was the same.
     
  9. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi Pitbull,

    have you checked in the Outlook's Tools->Services, if there is an entry "NOD Mail Scanner"?

    Thx., :)

    jan
     
Thread Status:
Not open for further replies.