Infected files in Scan Log

Discussion in 'ESET NOD32 Antivirus' started by rnfolsom, May 2, 2009.

Thread Status:
Not open for further replies.
  1. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    I've used Eset's NOD32 v2.x since 2005 (and my scans always were In Depth Analyses, customized to be as thorough as possible while giving me choices about what to do when it discovered an infection), but two days ago I replaced v2.7 by ESET NOD32 Antivirus v4.0.424.0. So I'm just now learning how to use v4.0.

    In NOD32 AV v4.0, I don't know how to discover what Smart Scan actually scans, or what it actually does with infected material, so I'm guessing that it's less thorough than NOD32's v2.7's In Depth Analysis.

    Today I used NOD32 AV v4.0 to do a custom demand scan that included some ancient files on an external (backup) drive. Somewhere in the custom scan setup, I checked not to scan and clean, for two reasons:

    a) I like to know what files were infected, rather than having them cleaned "behind the scenes" by magic, and

    b) I use the Mozilla SeaMonkey browser and email (POP3), in which many email messages are stored in a single file. For example, at the moment my Inbox has about 80 messages, all stored in a single file of about 22mb. (I think, but am not sure, that Mozilla Thunderbird uses that same system.) So I fear that if NOD32 discovers malware in an Inbox message stored within a 22mb file, and can't clean it, NOD32 will simply delete the entire Inbox file.

    NOD32 AV v4.0.424.0 now has a Thunderbird plugin, but not a SeaMonkey plugin (which probably has a smaller user base), to "integrate" Thunderbird into NOD32, but I don't really understand what those plugins do for POP3 email, and in any case I don't think that is the cause of the issues I am raising here. I also don't know if the Thunderbird plugin could be easily modified (or perhaps merely renamed) into a SeaMonkey-Mail plugin.

    Among the ancient files on the external backup disk, NOD32 AV v4 discovered 19 infected messages, in files which the scan log marked by coloring them red. I expected to right-click an infected file and have an option to clean it or quarantine it or delete it. But instead, my only options --- not only for infected files but also for clean files --- were
    Filter records of the same type
    Filter
    Copy
    Copy all (all of what, I know not), and
    Export.

    In this context, I have no idea what "Filter" means. A water filter I can understand. A computer filter is a term that I've never before seen, even though my computing experience goes back to 1983. But I'm an economist, not a computing expert.

    Also, somewhere in the Log file setup, is an optional checkbox for "Smart Filtering." But I have no idea what that phrase means, and by checkng and unchecking it I couldn''t see any effect on the Scan Log.

    Since these infected message files are ancient backups from my wife's computer and she probably will tell me that they are no longer needed, I could use Windows Explorer to delete them. But someday NOD32 might find an infected message in a current mail collection, and I will need to know what to do with it.

    NOD32 v2.x let me separate scanning and cleaning, and to make a choice when a scan (or download) found an infection. Has NOD32 v4.0.x abandoned that possibility, by forcing all scans to also clean infections? If not, then when a scan finds an infection, where and how does one choose to clean, quarantine, or delete it?

    In the User Guide, and also in the Help, I can't find any information about how to deal with infections, other than setting scans to always immediately clean. But I'm notoriously unobservant. And in this case, I don't know what wording to look for.

    I would much appreciate any comments, suggestions, or help about what to do with these infected message files.

    Roger Folsom
     
    Last edited: May 2, 2009
  2. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    This is determined by the cleaning level selected for the on-demand scan.

     
  3. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Thankful:

    > Do not clean. Infected files will not be cleaned automatically. The program will show up a warning window and allow the user to choose an action. <

    That's my problem. I never got a warning window that would allow me to choose an action. Do you have to be staring at the computer to see the window as soon as the scan discovers each file that contains malware? I didn't do that: I had breakfast while the demand scan was running.

    Maybe I selected Do Not Clean at the wrong location? I recall a "slider" that had only three positions --- which I think were your Do Not Clean, Default Level, and Strict Cleaning --- but I also recall a check box that you either checked for cleaning or checked for not cleaning (I don't remember which).

    The warning at the end of your quote is unnerving, because I don't know if NOD32 sees those SeaMonkey large multiple-message files as archives, or as something else. That's why I selected no cleaning, so that I could see the file's location (i.e. its path) which would help me decide what to do with it.

    In that last Warning paragraph, is "standard mode" the Default level on the slider (if I'm remembering that correctly)?

    I'd much appreciate knowing where your quote comes from --- user guide, help, or somewhere else?

    In any case, I gather from your message that once the scan is done, there's no way to use the scan log to deal with infected files.

    Where filters, and Smart filtering, fit into all of this remains a mystery.

    But I very much appreciate your reply. I'll have to study the User Guide and the Help file (invoked by the question mark in the window's upper right corner) more carefully.

    Thanks for the help.

    Roger Folsom
     
  4. Thankful

    Thankful Savings Monitor

    Joined:
    Feb 28, 2005
    Posts:
    3,731
    Location:
    New York City
    Correct. Version 4 does not function the same way as version 2.

    The info comes from help. In the upper right corner of the GUI, select Help->Index->Cleaning.

    To set the cleaning level, enter the advanced setup tree,
    Antivirus and antispyware->On demand computer scan->ThreatSense engine parameter setup->Cleaning.
     
  5. rnfolsom

    rnfolsom Registered Member

    Joined:
    Nov 9, 2005
    Posts:
    247
    Location:
    Monterey, California
    Thankful:

    Thanks for those clarifications.

    Roger Folsom
     
Thread Status:
Not open for further replies.