IMON + EMON on zip files

Discussion in 'NOD32 version 2 Forum' started by stevenestrada, Jul 10, 2006.

Thread Status:
Not open for further replies.
  1. stevenestrada

    stevenestrada Registered Member

    Joined:
    Apr 13, 2004
    Posts:
    43
    IMON status = 0s for everything.
    EMON status = 0s for everything.

    IMON setup -> HTTP -> enable http checking and automatically detect http on other portrs are both checked. Ports 80 entered in the box.

    IMON setup -> POP3 -> Enable IMON email checking is also cnecked with port 110 in that box.

    Archive action = prompt.

    I can download an unencrypted zip file from the internet, have it created on my windows workstation, attach it to an email, mail it to myself, download it with POP3 mail program, which creates it again the mail attachment directory.

    AMON alerts when file accessed from the zip, but neither EMON nor IMON block files from being CREATED. Shouldn't they?

    Broswer = internet explorer, mail = Eudora, zip= winzip
    No proxy.

    http://www.eicar.org/download/eicar_com.zip
     
  2. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    For a start EMON is out of the equation because while EMON itself is application independent, currently only Outlook supports the Extended MAPInterface...
     
  3. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    By chance, is your email account with gMail?
     
  4. stevenestrada

    stevenestrada Registered Member

    Joined:
    Apr 13, 2004
    Posts:
    43
    >> For a start EMON is out of the equation because while EMON itself is application independent, currently only Outlook supports the Extended MAPInterface... <<

    I think EMON stopped working - and still doesn't work with Eudora - when threat sense was introduced last year to NOD32/Windows. It worked great before that.

    Downloaded virus infected zip with IE6 + firefox.
    Non a peep from IMON.
     
  5. ASpace

    ASpace Guest


    Make sure IMON is working when you open NOD32 Control Center and IMON's icon is blue . Click on this and does it working now ?
     
  6. ASpace

    ASpace Guest

    You should see something like that :
     

    Attached Files:

  7. stevenestrada

    stevenestrada Registered Member

    Joined:
    Apr 13, 2004
    Posts:
    43
    >> Make sure IMON is working when you open NOD32 Control Center and IMON's icon is blue. <<

    It's never been turned off.

    >> Click on this and does it working now ? <<

    The link is to a test that passes.

    Problem is looking at/downloading a infected .zip from any browser or mail client (I dont use Outlook) - gets no AV action.
     
  8. pykko

    pykko Registered Member

    Joined:
    Apr 27, 2005
    Posts:
    2,236
    Location:
    Romania...and walking to heaven
    well, it depends what is the extension of the file inside the archive. sometimes if the archive is bigger and inside there is an unsupported extension IMON doesn't prompt.

    Is your IMON set as Blackspear suggested in his topic: https://www.wilderssecurity.com/showthread.php?t=37509 ?
     
  9. ASpace

    ASpace Guest

    Make sure the files you download with IMON are decripted.

    I would suggest you reinstall NOD32 so that you'll turn everything to default and the problem should be gone .The procedure is simple and fast.

    Download the latest version of NOD32 for your Operating system.If you have Single license , then download the Standart version
    http://www.eset.com/download/registered_software.php

    Save it on your Desktop,for example .

    Goto Control Panel -> Add/Remove Programs and uninstall NOD32

    Restart

    Goto C:\Program files and manually delete the folder ESET

    Install your NOD32 using the installer which you downloaded.Install it with typical settings

    When you reboot , make sure you have stable internet connection and make sure NOD32 (nodkrn.exe) is allowed from your firewall to connect to internet.
    Update NOD32 (Control Center-> Update -> Update now)

    Now , try the test with Eicar
    http://www.eset.com/eicar.com
    http://www.eicar.org/download/eicar_com.zip

    Configure your NOD32 as shown here


    Good luck !:thumb:
     
Thread Status:
Not open for further replies.