NOD32 2.7 unable to scan The Bat e-mail files?

Discussion in 'NOD32 version 2 Forum' started by Code 2, Jan 26, 2007.

Thread Status:
Not open for further replies.
  1. Code 2

    Code 2 Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    2
    I use The Bat! e-mail client on a Windows XP SP2 system. The messages.tbb file contains -- among hundreds of other e-mails -- an e-mail with the EICAR test virus as an attachment. When I scan the file with the NOD32 version 2.7 on-demand scanner, it finds no virus. However, when I save the individual e-mail as an .eml file on the desktop, the on-demand scanner is able to spot the test virus.

    It is as if NOD32 cannot scan inside the messages.tbb file. I have enabled scan archives, runtime packers, e-mail files and all other options in the NOD32 On-Demand (Manual) Scanner Control Center Profile.

    Incidentally, BitDefender anti-virus and others are able to spot the test virus inside the messages.tbb file.

    Can any other Bat! users confirm this problem? Any solutions?
     
  2. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi and welcome to Wilders forums :)
    As far as I know, NOD32 doesn't support The Bat! database files.
    However, any malware will be detected by AMON and you'll be secure. Moreover, if you're using a POP3 account without SSL, IMON will detected the threats as soon as you check your accounts. In few words, it's unnecesary to check inside The Bat! database files.


     
  3. Code 2

    Code 2 Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    2
    Thanks S.C.

    Yes, I understand that IMON scans incoming messages and AMON scans subsequent handling of the attachments.

    However, because IMON does not scan outgoing messages, it is possible for me to receive an infected e-mail which NOD32 does not yet recognize (as happened to me recently with the Fuclip.A worm), it sits undiscovered in my Inbox despite several NOD32 on-demand scans and then I unwittingly forward
    it to, and infect, an unsuspecting recipient. This is a pretty serious weakness considering e-mail is the likeliest source of viruses.
     
  4. Avatar2000

    Avatar2000 Registered Member

    Joined:
    Oct 21, 2006
    Posts:
    19
    Hi Code 2
    That's right, but not for 100%. You can add aditonal plugin that will allow NOD32 to check outgoing mail.
    You can download it from here: http://www.thebatworld.de/modules/download/index.php?op=viewlinkdetails&lid=220&ttitle=Nod32_Version_2_-_AntiVirus_Plugin_BETA
     
  5. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    This plugin does not work 100% with the actual TheBat! version. It is very old and very slow.
    By the way, NOD32 checks very well incoming messages for common POP3/IMAP accounts. So a plugin is not nececary. Secured connections are obviously not scanned.
    Scanning outgoing messages is in my opinion needless as AMON catches virus infected files which you want to attache to the email.

    By the way, never use the Phrase ' This email is scanned by NOD32.....' in outgoing messages. In case the receiver gets a virus and damage is done you can face legal issues.
     
  6. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    I think you're wrong. All people know that no AV detect 100% of malware. Also, message said that the message was checked by NOD32, not that the message is 100% virus free. That's very different.
     
Thread Status:
Not open for further replies.