Messages not checked

Discussion in 'NOD32 version 2 Forum' started by Khane, Oct 20, 2005.

Thread Status:
Not open for further replies.
  1. Khane

    Khane Registered Member

    Joined:
    Oct 20, 2005
    Posts:
    12
    Hello

    I am trying the trial version of NOD32 and everything seemed to works smoothly but then I received at different times 4 emails that did not have the "This message was checked by NOD32 anti virus system" message. o_O
    Why did not NOD32 checked these messages. Is not NOD32 supposed to check all incoming messages ? Maybe something wrong in my settings ? I work with Thunderbird.


    Thanks in advance
     
    Last edited: Oct 20, 2005
  2. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Hi Khane and welcome to Wilders!! 1: Did you check out Blackspears settings Here https://www.wilderssecurity.com/showthread.php?t=37509? 2:With ThunderBird you will not get the message only with MS Outlook and MS Outlook Express!! Not to fret because your E-mails are always Checked with IMON during the download of your Messages so you are very safe!!


    HTH,

    Cheers,
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
    NOD will show the "checked by" message in Thunderbird if you use pop3 for your email.
     

    Attached Files:

  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    That's funny Ron it's does not on my machine I could never make it show it!! Oh well!!

    Cheers,
     
  5. jayt

    jayt Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    345
    Location:
    PA - USA
    Yep, it shows on mine also. I use Thunderbird as default email client.

    Hey Tonto, what did you do with kemosabe? :)
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    IMON checks email and adds tag messages regardless of the mail client use, provided the email is received through POP3 on port 110. However, with certain html emails with incorrect html formattings it's possible that a tag message would not be appended though the email would be checked for viruses. It's not a good practice to rely on signatures as there are worms that contain faked certification messages telling they are clean. Check the IMON / EMON status window when receiving email to make sure email is actually checked.
     
  7. Khane

    Khane Registered Member

    Joined:
    Oct 20, 2005
    Posts:
    12
    Thanks for helping :)
     
  8. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Marcos,

    I just noticed that some emails do not have the tag. My config is as per Blackspears and I receive emails pop3 on port 110. I guess that leaves me with your explanation about some incorrect html coding. You then recommend to Check the IMON / EMON status window when receiving email to make sure email is actually checked
    Stupid question but how do I do that after the fact? Amon is not relevant to me as I use Opera and The Bat but if I now open NOD to check Imon, I see this forum being scanned. Is there any way to go back to see a log of recent scans?
     
  9. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    It could be that they are HTML emails with a wrong formatting. I'd resend such an email to myself and check if the number of scanned emails actually rises in the IMON's status window.
     
  10. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Interesting and a bit confusingo_O
    I resend the email to a second account of mine (same domain) using the same email program and this time not only could I see the number of scanned files jump but also see the tag on the email.
    The original email did not have the tag and when I had previously send the email to myself at a different domain using Opera, I also did not get the tag but Opera added an alert Warning: While decoding this file Opera encountered errors. Just weird that it does not confuse NOD each time as my last test was successful.
     
  11. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Is there a way for you to view the source of the e-mail message? In Opera, you can go to View --> Source (or hit Ctrl+F3) for the webpages... I am guessing it may be the same for the e-mail messages.

    It could be that the tag is being added in the source, but it is not showing up when you view it with the browser because it is a malformed message. This could also be related to the Warning: While decoding this file Opera encountered errors alert.
     
  12. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    You are probably right as the tag does appear in the source text in Opera. What I can't tell though is when the tag was appended. Should I not have two tags in there now? The first one when I received the email as the original and then a second tag when I received my forwarded message?
    I can see only one tag.

    PS. I am just curious to understand, not worried about this email as obviously it was clean.
     
  13. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Ummmmm, good question. I do not know the answer to that one. Is the any way you can dig up the original e-mail, or look through the "Sent" folder from when you forwarded it?
     
  14. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Yes to both but how does that help me?
    The original email arrived in The Bat and does not show the tag. I then forwarded the email to Opera and had the encoding error but with the source showing one tag.
    As all of this happened within approx one hour, the tag date does not help as it could relate to either email receipt:doubt:
     
  15. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    If you can view the text source of the message in The Bat! (either the original one you received, or the one in the Sent folder), you can see if the tag is hidden in there.
    • If the tag is not in The Bat!, then the question is, why did it not it not show up in The Bat!?
    • If the tag is in The Bat!, then the question is, why did it not show up in Opera?
    :blink:
     
  16. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Seems the Tag is / was only appended in Opera.
    Looking at the source codes I can see it clearly in the message received in Opera, but neither in the original message in the Bat nor in the sent message from the Bat.
    I notice however that the way the code is being shown is quite different in the two programs - unfortunately I am too much a layman to really understand the differences. In opera the attachments (pics) were all shown like this:

    </body></html>
    </html:body>
    </omf:rfc822 id='1137721784'>
    </omf:div>
    <omf:div class='document'>
    <html:img src="attachment:/5/bpc.jpg"/>

    whereas in the Bat they are shown like this:
    Content-Type: image/jpeg;
    name="bpc.jpg"
    Content-Transfer-Encoding: base64
    Content-ID: <004001c61cc3$06a2f0a0$a9edfea9@Frank>

    /9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAARgAA/+4ADkFkb2JlAGTAAAAAAf/b
    AIQABAMDAwMDBAMDBAYEAwQGBwUEBAUHCAYGBwYGCAoICQkJCQgKCgwMDAwMCgwMDQ0MDBERERER
    FBQUFBQUFBQUFAEEBQUIBwgPCgoPFA4ODhQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQU
    FBQUFBQUFBQUFBQUFBQUFBQU/8AAEQgBXgFaAwERAAIRAQMRAf/EAK4AAQABBAMBAAAAAAAAAAAA
    AAAGBAUHCAIDCQEBAQACAwEBAAAAAAAAAAAAAAABAgMEBQYHEAABAwMCAwUGAwUEBggHAQABAgME
    ABEFEgYhMQdBUSITCGFxgZGhFDJCI7FSYnIVwYKSorIzQ2M0CfDR4cKDk1QWU3PDJGQlF0URAQAC
    </omf:div>
    <omf:div class='document'>
    <html:img src="attachment:/6/LF01-box.jpg"/>
    </omf:div>
    <omf:div class='document'>
    <html:img src="attachment:/7/bp200.jpg"/>
    </omf:div>

    Anyway, seems Bat-related. However, I do get the tag normally in other emails received in the Bat - might have to ask some clever people in their forum if they have an explantion.
     
  17. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Heh, I can't figure it out, either.
     
Thread Status:
Not open for further replies.