McAfee VS 8.0i and Outlook Express

Discussion in 'other anti-virus software' started by nod32_9, Dec 8, 2004.

Thread Status:
Not open for further replies.
  1. nod32_9

    nod32_9 Guest

    Will VS 8.0i (enterprise) support Outlook Express if the Outlook scan engine is NOT selected during the initial installation? If not, then is it possible to install the Outlook engine without reloading 8.0i?

    Finally, is it possible to configure the program to check for update every 4 hours?

    thanks
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    8.0i is made to scan outlook not outlook express, but it will scan all e-mail on access regardless of where it comes from.

    bigc
     
  3. nod32_9

    nod32_9 Guest

    That's what I figured. VS8.0i won't detect eicar upon download. However, it will capture eicar if an attempt was made to open the file.

    Thanks for the confirmation.
     
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Mine detects eicar on download in pop3 useing thunderbird mail client.
     
  5. nod32_9

    nod32_9 Guest

    Then it should do the same with OE. On-access scanned turned ON to scan all files (read and write) including zip format. Am I missing something? Note that I'm testing a double zipped eicar file.
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I don't know, you might look at my screen shot
     

    Attached Files:

  7. nod32_9

    nod32_9 Guest

    I believe this option only applies to Outlook, and not OE. Would be curious if VS would detect a double zipped eicar file with the email scanner option turned OFF.
     
  8. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    With the settings in the SS and useing thunderbird with pop3 through cableone it has never failed to catch eicar as long as cableones virusscanner doesn't catch it first
     
  9. nod32_9

    nod32_9 Guest

    SS?

    I may reload with the Outlook email module and retest. This test bed does not include the Outlook scanner. I'm assuming that you're using the default install when loading VS 8.0i?
     
  10. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I use the full default install. That is what the site license pays for so I use it all
     
  11. nod32_9

    nod32_9 Guest

    ok...with try it this weekend. What is SS?
     
  12. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    screen shot
     
  13. nod32_9

    nod32_9 Guest

    Thanks. I didn't install the non-essential submenus when loading VS8.0i.
     
  14. liang_mike

    liang_mike Registered Member

    Joined:
    Mar 12, 2004
    Posts:
    91
    Location:
    Canada
    This is weird. VirusScan Enterprise should not support POP3
     
    Last edited: Dec 9, 2004
  15. nod32_9

    nod32_9 Guest

    I suspect the credit goes to the full-time VS 8.0i scanner.
     
  16. dirtcheap

    dirtcheap Registered Member

    Joined:
    Dec 4, 2004
    Posts:
    10
    you have to install lates patch. it call patch 9 right now
     
  17. nod32_9

    nod32_9 Guest

  18. Diver

    Diver Guest

    That Mcafee enterprise AV does not scan pop3 does not seem strange to me at all. Most enterprise email is done using Notes or Outlook, not pop3 with virus scanning going on at the mail server/hub level. OE is a real piece of junk, IMO. An email client integrated into a browser integrated into an OS with everything waiting for an exploit. OE does not even spell check unless you have MS office installed.
     
  19. nod32_9

    nod32_9 Guest

    Yes, VS8.0i DOES NOT scan POP3. Clean installed 8.0i (default config) to a virgin WXP Pro SP1 partition. Went into 8.0i and enabled EVERYTHING. Updated and rebooted system. Still does not detect zipped EICAR with OE.

    VS 8.0i will detect Eicar if I copy the "infected" email anywhere on the PC or attempt to open the zipped data. This makes sense, since VS8.0i is designed to interface with Outlook.

    I may try Thunderbird, although I don't believe it will change the detection pattern of VS8.0i.

    My biggest gripe about VS8.0i is the long delay in shutdown.
     
  20. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    When I click the get mail now button in thunderbird to download from ip server it will detect eicar if it is in one of the e-mails that comes down to thunderbird before I try to open the mail. It might not support pop3 but it seems to work well enough for me.
     
  21. nod32_9

    nod32_9 Guest

    Is Eicar zipped? Can you test with OE? Gotta try TBird to satisfy my curiosity.

    I can't blame the FW cause it is OFF. No other non-windows application to conflict with VS8.0i.
     
  22. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I deleted OE off of my comp. Never use it. I have tried it zipped but unless it is double zipped my IP spam and antivirus will catch it and all I get is a message that it was intercepted and quarantined and If I want to view it it includes a link to their quarantine. I have detected eicar and it alerted on a trojan once, I don't remember the name of it though.
     
  23. nod32_9

    nod32_9 Guest

    Okay, I have the scoop! VS8.0i should scan all data written to the HD with ON ACCESS MODE ENABLED. But it cannot scan incoming OE email unless you click on the email AND attempt to open the Eicar file. Guess OE is FUNKY. Copying the unopened but infected email to any part of the HD will also trigger a virus alert.

    VS8.0i sees TBird as just another application. VS8.0i goes off as soon as TBird writes the infected file to the HD (completion of download). So, Bigc is correct! VS8.0i will scan all POP3 mails downloaded with TBird. I suspect it will also inspect IMAP. Will try an IMAP account in the next few days.
     
  24. liang_mike

    liang_mike Registered Member

    Joined:
    Mar 12, 2004
    Posts:
    91
    Location:
    Canada
    Nice find. Is it possible that OE encrypts the mails before write them to disk? So that VSE can not scan OE mails.
     
  25. nod32_9

    nod32_9 Guest

    Could be by design to force users to install Outlook.
     
Loading...
Thread Status:
Not open for further replies.