IMON question

Discussion in 'NOD32 version 2 Forum' started by cupez80, Dec 3, 2006.

Thread Status:
Not open for further replies.
  1. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    i test IMON by downloading eicar test file from nod32sse.com (i use IDM integration with firefox 2) and imon let it downloaded ??!! when i check nod32 log it said that virus detected and connection terminated. o_O ive set idm to higher efficiency. imon work well if i dont use idm.
     
  2. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    FF 2.0 Bypasses Imon

    Just tried the Eicar download from nod32sse and using FireFox 2.0 the file downloaded without any interaction from Nod32 2.7.23. Has FF changed in some way IE7 the d/l gets terminated but not in FF. Anyone else confirm or is it just my settings ?
     
  3. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    Re: FF 2.0 Bypasses Imon

    it seems that idm cause it. i change with another download manager and work fine now.
     
  4. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    Re: FF 2.0 Bypasses Imon

    I'm just using standard FF 2 with download manager tweak and no matter what settings I use it still gets past Nod32 o_O
     
  5. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    I am running FF 2.0.0.1 with NOD32 2.70.23. I tested the Eicar file and NOD32 caught it and reported file in Threat Log. What download manager tweak are you using?
     
  6. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
  7. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    I installed the extension and restarted FF. NOD32 still had no problem with the Eicar virus.
     
  8. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    I've double checked my settings and uninstalled the extension, NOD still lets me download the eicar test file. :eek: and nothing in the threat log :(
     
  9. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    605
    Location:
    Surabaya Indonesia
    have you set your client compatibility setting in NOD32 http scanner(IMON) ? set to high efficiency
     
  10. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    Tried that made no difference. o_O Also tried running FF in safe mode with all extensions disabled and re-installing both FF and Nod32 and it still bypasses nod32 and lets me download. I tried the test files from eicar.com and they were blocked - all of them, just not the test file on nod32sse.com. IE7 blocks ok just FF that doesn't.
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    This is what I get using higher compatibility settings in NOD using Firefox.
     

    Attached Files:

  12. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    Hi Ron thats what I get on the eircar site but the test file on nod32sse.com totally bypasses Nod32, I'm worried that someone will exploit this weakness.
     
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Banger696,

    Thanks for the link. I still get a warning using typical settings in NOD on the Eicar file at the nod32sse.com site using Firefox. It does state it is downloading a harmless file. Not sure where it went but I can't find it. (I did terminate the download) And, because NOD knows this file is "malware", it will go nowhere.
     

    Attached Files:

  14. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    Hi RonJor I don't get that warning with the nod32 site for some reason despite re-installing Nod32 using BS settings and Firefox 2. I used to get that warning before I updated to FF 2 but now I don't. I have no option to terminate the download but with IE7 I get the warning Dialog. :gack:
     
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Not sure what's going on Banger696. You could try Firefox in the (Firefox) safe mode located on your start menu and see if that makes a difference. That would eliminate any extension interference.
    Barring that, you could try using the default settings in NOD.
     
  16. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    I think you have fixed it Ron. Safe mode in FF didn't help but resetting Imon to the default settings seems to have fixed it.

    I still don't get the warning dialog but Imon seems to clean the Zip file of the infection and quarantine it now and download the empty multiple zip files. Imon says infections detected 1 and cleaned 1 thats good enough for me cheers Ron. :)

    Edit: I spoke to soon. It's not repeatable it still downloads the zip file with eicar.com in tact. I think the cleaned file was from the eicar.com site that I tested before. I'm really stuck now - help!
     
    Last edited: Dec 21, 2006
  17. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    A couple of things:

    Is Port 80 included in the IMON->Setup->HTTP protocol?
    Did you try FF with the default theme?
    What other extensions do you have installed?
     
  18. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    Yes port 80 is included and I tried in FF safe mode with all extensions and themes disabled - still the same behaviour. Any more ideas ?
     
  19. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
    You sure IMON is set to scan archives?
     
  20. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Works fine with Opera, but what do you mean by 'Not sure where it went but I can't find it.' Surely when the download is terminated, as you did, that's it, no download of the malicious file(s). o_O
     
  21. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    That's correct Ocky. Nothing was downloaded.
     
  22. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Thanks ronjor, and Merry Christmas.
     
  23. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
    Yes, like I say if I download the file in IE7 Nod32 blocks it with a warning window offering me the option to terminate it. This is what I get with IE7. FF just happily downloads the file.
     

    Attached Files:

    • ie7.JPG
      ie7.JPG
      File size:
      84.9 KB
      Views:
      3
  24. Brian N

    Brian N Registered Member

    Joined:
    Jul 7, 2005
    Posts:
    2,148
    Location:
    Denmark
  25. Banger696

    Banger696 Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    274
Thread Status:
Not open for further replies.