IMON/EMON apparantly not working

Greetings,

I have the latest downloads of NOD32 V2 and latest virus database installed.

I have a Win2K (SP3) PC running MS Outlook 2000 in Corporate mode talking to an MS Exchange server.

AMON seems to be running fine, and is scanning files.

However, I am not seeing anything scanned by IMON or EMON - the status windows show nothing has been scanned.

Now my understanding is that in this case it is EMON that should actually be scanning my emails as Outlook-Exchange protocol is MAPI not POP3. So I guess I shouldn't see any email scans in IMON anyway, although from reading the help files I should see scans for other incoming network traffic ?

Any ideas why my email is not being scanned ?

Regards.

PitBull.

 

Hi Pitbull,

Could you follow the instructions Paolo Monti posted here: http://www.wilderssecurity.com/showthread.php?t=11047;start=msg71884#msg71884
to check if your email is being scanned?

Regards,

Pieter

 

Pieter,

I tried the instructions, but unfortunately our corporate mail gateway has NAV installed and that prevented the eicar test from reaching me.

Could you please confirm that in an Outlook/Exchange environment, EMON rather than IMON should be scanning my emails ? or did I misunderstand the help test.

Regardless of that, both IMON and EMON show nothing being scanned. My belief is that my email is not being scanned. Unless the cause can be addressed I will have to uninstall NOD32.

BTW I know AMON works as that detected a number of infestations of the LovGate.B worm on one of our open (now closed) shared drives last week.

Regards.

PitBull.

 

HI Pitbull,

If your outlook is set to only connect to the Exchange server using the Outlook Exchange service then you would not benefit from the IMON component. If you have an Internet Email setting in your Outlook Services applet then you would benefit from both EMON and IMON.

You can double check this in Outlook by going to

Tools -> Services

and looking there in the Services tab

HTH,

Dan

 

Dan,

I am not using internet mail in my outlook setup and am talking MAPI to the Exchange server, so according to you I only need EMON.

However, according to the help files IMON scans all inbound network traffic (at the winsock level) although it's primary role is to monitor incoming emails. So - do I need IMON as well, or is the help file wrong (and needs fixing). Is there somebody in support who knows the true answer ?

All of which is irrelevant to my problem in that my emails do not seem to be being scanned by NOD32 V2 - a rather critical flaw in my view !!!

Does anybody else have NOD32 V2 working with Outlook 2000 and an Exchange server, and are you seeing the IMON or EMON counters incrementing or not For the record I'm on Win2K SP3.

Regards.

PitBull.

 

I'm just curious, but why do you want IMON and EMON anyhow? It's not a "critical flaw" if your emails aren't being scanned. You better believe AMON will stop you if you try to unzip an infected file or NOD32 on demand scanner will stop you when you scan an infected attachment before opening. You don't need IMON and EMON.. All you need is AMON and the NOD32 on demand scanner.

I don't have IMON installed. Amon will alert when I unzip an infected email attachment. I've been testing RoadRunner's av scanner so a number of emails have been sent to me that have infected attachments (they have been getting by the RR scanner) and Amon performs perfectly. So does NOD32 on demand scanner when I save an attachment and then scan it. It performs even better now that I have the advanced heuristics set up so I can scan the file from Explorer. IMON and EMON are redundant and are unnecessary. They are there mostly because users think they need them not because they are necessary.

 

Hi Mele20,

I'm sorry but I completely disagree. IMO, the IMON component is one of the best selling points of NOD! Both IMON and EMON add extra layers of protection at different levels so they are redundant in that regard but to say they are unnecessary is rather like saying an AV product is unnecessary. Yes you can "get along" without IMON and EMON but rather in the same way you can "get along" without an AV product. Their use is "unnecessary" in the same way but all are highly advised. [ Though I am unsure on the need for IMON in an Exchange only environment (i.e. one not using POP3 or IMAP); I hope to get some clarification on this from the folks at ESET ]

Regards,

Dan

 

>Yes you can "get along" without IMON and EMON but rather in the same way you can "get along" without an AV product

Huh? There is no comparison! AMON is the resident scanner. You don't need anything else! Period. All you need is a resident scanner or even just an on demand scanner which will stop you from executing an infected file. One of the av that I own told me that a large number of their clients do not use the POP3 mail scanner. They may even fix the 2004 version so that it will be like NOD32 where you don't have to install the POP3 scanner at all. Same with the third av I own. Eset would not have made IMON an optional install if it was as necessary as you say it is.

You wouldn't like my ISP, RoadRunner, because they won't let us use any POP3 scanner which changes the mail address such as NAV 2001 did and PC-Cillin 2003 does. I had AOL for two years as my ISP and there is NO av that could scan AOL mail except using the resident scanner. I didn't get any viruses. Had a few email viruses that were caught ...by the resident scanner.

The major reason I have NOD32 in the first place is that Eset doesn't junk it up with all sorts of garbage like many av vendors do. Many of the people I know only use a resident scanner and some only use an on demand scanner. Others do like the redundancy of a POP3 scanner. It is all personal preference and there isn't any right or wrong approach here. That is one thing makes NOD32 nice ...if you don't want a POP3 scanner you don't need to install it. NOD32 version one was the same.

 

Hi Pitbull,

have you checked in the Outlook's Tools->Services, if there is an entry "NOD Mail Scanner"?

Thx.,

jan