Need help, about AMON and IMON

Discussion in 'NOD32 version 2 Forum' started by fzxbeetle, May 30, 2005.

Thread Status:
Not open for further replies.
  1. fzxbeetle

    fzxbeetle Registered Member

    Joined:
    May 14, 2005
    Posts:
    42
    Hello,
    Just do a test in eicar test website.
    What happen then?
    This is the result:(with default setting,2.5.19)
    IMON and AMON enable:
    alarm except SSL and zip file. :eek:

    Imon off and Amon enable:
    only alarm non-zip file o_O

    What is wrong with My nod32?
    well, I don't worry when imon tell nothing, but why when the zip-file create in my hdd amon is silent?

    I never exlude any file in my setting? what is wrong?Can anyone help me?
    the website is http://www.eicar.com/anti_virus_test_file.htm

    Thank you all
    FZXBEETLE
     
  2. zashita

    zashita Registered Member

    Joined:
    May 17, 2005
    Posts:
    309
    Hello fzxbeetle,

    Nothing is wrong

    IMON cannot check SSL encrypted files, they are encrypted :). It is AMON which check them, when they are written to your HD.
    And as AMON don't check compressed files, you can't be prompted for any .zip files with eicar virus inside.

    Regards
     
  3. fzxbeetle

    fzxbeetle Registered Member

    Joined:
    May 14, 2005
    Posts:
    42
    Thank you for your reply
    I think you are right about the ssl issue. But I can't believe that AMON CAN NOT check zip file. I think nod32 can scan zip file otherwise I won't use it anymore. :oops:

    Regards
     
  4. fzxbeetle

    fzxbeetle Registered Member

    Joined:
    May 14, 2005
    Posts:
    42
    That is one example of AMON check zip file
    Regards
     

    Attached Files:

  5. zashita

    zashita Registered Member

    Joined:
    May 17, 2005
    Posts:
    309
    Nod32 can scan zip files, only AMON doesn't scan then. IMON scan zip fine, as you seen in your tests.

    About your exemple, this file was created by another application (greenbrowser.exe) and as I remember, it is not a real zip file, but a file with .zip extention. It is not the same. And AMON catch it fine.
    AMON don't scan archives for performence reasons. But it scan self extracting archives files which are more dangerous, and files with .zip extention too.
    I guess you don't want your computer 'stop working' while you are moving a 600 MB zip file, because Nod32 extract and scan all files before.
    Archives files are scanned by AMON when you unpack them, so you are still well protected.

    Regards
     
  6. fzxbeetle

    fzxbeetle Registered Member

    Joined:
    May 14, 2005
    Posts:
    42
    :D I can not confirm that file's format, May be you are right

    Well, I really love nod32. I think i am safe now.

    Thanks

    Regards
    fzxbeetle
     
  7. zashita

    zashita Registered Member

    Joined:
    May 17, 2005
    Posts:
    309
    Welcome
    My pleasure
     
  8. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    Shouldn't AMON have the option to detect within archives (with the same size limit option as IMON, or even have it so only archive "writes" below a size limit are scanned)? If IMON thinks as much to detect inside archives, shouldn't AMON have the same capability to cover what IMON can't scan? I use Outlook Web Access, which uses SSL. Sure I am not in danger unless I uncompress malware. But wouldn't it technically be less security than if I used normal webmail?
     
Thread Status:
Not open for further replies.