NOD32 3.0 messing up Adobe CS3 applications (false positives)

Discussion in 'ESET NOD32 Antivirus' started by dscrap, May 22, 2008.

Thread Status:
Not open for further replies.
  1. DJ BIS

    DJ BIS Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    50
    What?

    So you are telling me that NOD32 just happened to pick that exact file to show on the log file, for whatever reason, at the exact time I found that all my email was gone?

    Please explain exactly what you mean...

    If NOD32 is reporting that the file could NOT be opened it must be because at least it TRIED to open it. Sure, it did not succeed in OPENING the .msf file, but because of this action it must of corrupted the file, thus the file turning into a 2KB unusable file!


    I checked myself:

    At the time this occurred there were 2 objects that interacted with the .msf file from Thunderbird, one being me as I used Thunderbird normally, and the other being NOD32 scanning for viruses in the NOD32 program folder.

    I know I did not CTRL+ALL and then press the DELETE button. I made sure I didn't by checking the Trash folder and by looking at all my other folders for potentially moved messages.

    So If I did not delete these emails, and by chance I see a NOD32 log (within seconds after I realize what just happened) that tells me that NOD32 tried to scan the file but could not... This I am quite sure is what caused some catastrophic fault within the file or Thunderbird.

    Do I make myself understood?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,431
    The on-demand scanner opens files only for reading. If a threat is found, a file is open for writing. In such case, you'd see that NOD32 has detected a threat either in the on-demand scanner log or threat log. In read-only mode NOD32 cannot tamper with files.
     
  3. DJ BIS

    DJ BIS Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    50
    Thanks for the quick response, I understand that, but again, we know the file was accessed , I know it was not opened for READING, much less for writing anything, but it was accessed in a way that caused corruption and this triggered the problem.

    My concern is that I don't feel NOD32 can be trusted in a situation such as mine where a file is open by the user or other program and say for example a scheduled SCAN happens to touch this file that is "in use", potentially rendering it unusable or corrupt.

    ESET developers should definitely be notified of this problem as no user should have to risk this happening to them! Your help is appreciated, in either your advice for recovering the data or at least helping me make this known to the powers that be.

    If anybody else has some say in this matter please give us your input, specially if you use Thunderbird.

    I am afraid of loading V3 now and not sure what to think of V2.7... o_O
     
  4. AdvancedSetup

    AdvancedSetup Security Expert

    Joined:
    May 8, 2008
    Posts:
    135
    Location:
    USA
    Well someone else reported this on another site


    Son of a... :mad:

    I'd never heard of ESET before so decided to check it out via their online scanning tool. It found 56 threats, all email attachments in my "Eudora 2004" attachments directory. (Yes, I have most of my emails -- since 1996!).

    Then the freakin' thing found Phishing.gen in my 2007 inbox archive file and PROCEEDED TO DELETE ALL MY 2007 INBOX!!! :mad: Granted, the entire archive is a single .mbx file, but STILL! Hopefully I have a backup somewhere. whistle

    Edit: Nope! No backup :/

    Seems like a thorough program, though....
     
  5. spunka

    spunka Registered Member

    Joined:
    May 24, 2008
    Posts:
    10
    Well, it seems too thorough. We may as well switch off our PCs and not save anything if NOD32 is going to delete it anyway.
     
  6. AdvancedSetup

    AdvancedSetup Security Expert

    Joined:
    May 8, 2008
    Posts:
    135
    Location:
    USA
    Marcos,

    Is there any update on this from ESET ?
     
  7. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    What kind of update are you waiting for?
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,431
    The problem with false positives was fixed within a few hours since it was first discovered.
     
  9. AdvancedSetup

    AdvancedSetup Security Expert

    Joined:
    May 8, 2008
    Posts:
    135
    Location:
    USA
    Well the person claiming that NOD32 deleted their mailbox did an online scan AFTER that date so that sure seems like an issue to me. I had another user that dumped NOD32 for Kaspersky because it flagged his mail as well but he didn't allow the removal.

    I've been suggesting NOD32 for a while now so I want to ensure there is no current issue as it doesn't look good to suggest using NOD32 for cleanup / removal and possible purchase if the first time a user uses it they get stuff deleted that is not infected.

    I'm hoping that it is fixed and was just a fluke.

    Thanks
     
  10. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    As said several times in this thread yes the problem is fixed now (actually a long time ago) and yes you could call it a fluke....it's not like it's a nod32 feature to release such updates once a month. With software there can always be bugs and some could be serious, but if you are looking for a guarantee this could never happen again i'm sure eset or any other company would never give such a guarantee. No one can say for sure that bugs cannot happen. I'm sure eset do whatever they can to prevent this from happening again since a lot of such problems will probably run them out of business. Eset is not the first company to release a update that cause problems for some users.

    I been using nod32 for a long time and never had any such issues with the updates before and during the time i used nod32 i probably got more then 2000 updates. This update caused minor issues for me since i saw a popup that said a file where infected and i clicked leave, excluded the file and reported the issue. Shortly after a new update that fixed the problem where released and i removed the exclusion. If you where using a trial and affected by this problem i guess that might give you the impression you cannot trust this software, but this is not how nod32 normally behave.
     
    Last edited: Jun 1, 2008
  11. DJ BIS

    DJ BIS Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    50

    I would like to say that NOD32 for the most part has served me well for a year+ now. Apart from my mailbox corruption and the signature update that wrecked Adobe products, etc, I have not had other major problems.

    My only complaint is that there is no phone support for NON-corporate accounts. So that leaves the small business users in the cold when problems arrive.

    FYI.
     
  12. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,431
    Strange, we in Slovakia provide phone support even to trial users for free.
     
  13. AdvancedSetup

    AdvancedSetup Security Expert

    Joined:
    May 8, 2008
    Posts:
    135
    Location:
    USA
    Well if you read the thread I think you will find that I'm the one that did stick up for NOD32. However I think you will also see that they never did admit that there was anything wrong with NOD32 with regards to deleting the e-mail. Only thing they admitted was that there was a FP for CS3, thus I asked again about the mail issue as there are at least 3 known instances of an issue. It may or may not have been related to this FP for CS3

    I know it's fixed for the CS3 issue, and I've not seen anyone post about it recently though on any other forum about the mail so I'm assuming that it is fixed whether they admit there was an issue or not.

    Thanks for the feedback though.
     
  14. DJ BIS

    DJ BIS Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    50
    I looked and could not find it, if you would like please link me to the page where its listed.

    I am in the US, not Slovakia.
     
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    78,673
    Location:
    Texas
    Last edited: Jun 2, 2008
  16. DJ BIS

    DJ BIS Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    50
  17. DJ BIS

    DJ BIS Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    50
    Here's the official feedback regarding my Inbox corruption problem on the day of the update that messed up Adobe products...

    Here's the official feedback from ESET:

    ~Private correspondence removed. Please explain the response in your own words. - Ron~

    So I should expect that this could happen to other open files?

    Niiiiice. :thumbd:
     
    Last edited by a moderator: Jun 3, 2008
  18. GAN

    GAN Registered Member

    Joined:
    Mar 3, 2007
    Posts:
    355
    According to the rules of this forum you should not post private emails here in the public.

    Gan
     
  19. DJ BIS

    DJ BIS Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    50
    Ah OK. Sorry.

    NOD32 Tech support basically said that open files can be affected when NOD32 scans them.


    If a scheduled scan is automatically launched and my email program happens to be open while I am away from the computer, then I might lose my data.

    No biggie right?

    Does not make me feel good about many other files that could be open and being used by other apps and processes...
     
  20. wiak

    wiak Registered Member

    Joined:
    Sep 10, 2006
    Posts:
    107
    http://www.grc.com/sn/SN-132.htm

     
  21. SYS 64738

    SYS 64738 Registered Member

    Joined:
    Apr 29, 2006
    Posts:
    130
    Just found this thread. Despite i don't have problems since i don't own Adobe's CS3 stuff, i'm just wondering: How dare they to write something to the MBR?? :thumbd: :thumbd:

    http://www.adobe.com/products/activation/
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.