Nod32 Enterprise & Mailmarshal 2k6 Exchange

Discussion in 'NOD32 version 2 Forum' started by Armstrong_64, Aug 8, 2007.

Thread Status:
Not open for further replies.
  1. Armstrong_64

    Armstrong_64 Registered Member

    Joined:
    Aug 8, 2007
    Posts:
    1
    I have added the following folders to the AMON exclusion list

    e:\Program Files\Marshal\MailMarshal\Quarantine
    e:\Program Files\Marshal\MailMarshal\Unpacking
    e:\Program Files\Marshal\MailMarshal\Queues\Decryption (MailMarshal Secure)
    e:\Program Files\Marshal\MailMarshal\Queues\Incoming
    e:\Program Files\Marshal\MailMarshal\Quarantine

    Also check for unwanted and unsafe applications has been disabled in AMON (IMON has been disabled). However I am still having issues with NOD32 intercepting the test virus file eicar.com which is generated by Mailmarshal as a self test.

    I am also having issues with nod32 locking files within e:\Program Files\Marshal\MailMarshal\Unpacking even after the exclusions have been set. Is there something I am missing here?
     
  2. sparx

    sparx Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    60
    You will not be able to set exclusions to force NOD32 to ignore the virus. The purpose of the exclusion is for software compatibility. When you add the exclusions, make sure you use both the short and long path, i.e. e:\Progra~\Marshal\MailMarshal\
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The same test is done by Kerio MS. Their manual says to disable any resident protection you might have when configuring the AV for use with KMS.
     
  4. vmachine

    vmachine Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    2
    I have a number of sites that I manage, where I have added the long and short paths for the MailMarshal directories, and in spite of this I STILL get the eicar.com test virus being captured occasionally from subfolders in the Unpacking directory. Is NOD32 simply not seeing that the subfolders are supposed to be excluded as well?

    Very frustrating, I would hope something like this was an easy thing to configure!
     
  5. bleetz

    bleetz Registered Member

    Joined:
    Jan 30, 2007
    Posts:
    8
    We currently have this issue on multiple sites, (nod32, exchange, mailmarshal 6.1 & 6.2-current versions)

    Current & old versions of Nod32 (2.7.39, 2.70.17 xmon), with long and short file names set..

    We've also tried adding a file exclusion to the eicar.com file.. it still appears to scan the folders. - What are we doing wrong?

    This wouldn't be so much of an issue if it wasn't for the fact that this tends to cause MailMarshal's services to unload.
     
  6. bleetz

    bleetz Registered Member

    Joined:
    Jan 30, 2007
    Posts:
    8
    *Bump*

    Anyone..

    We have spoken with our local distro for nod32 & our area rep from eset.. Still no resolution....
     
  7. vmachine

    vmachine Registered Member

    Joined:
    Aug 20, 2007
    Posts:
    2
    I have been emailing NOD32 support regarding this issue, and received the following feedback:

    Please disable AMON.

    1. Open the NOD32 Control Center window by clicking on the white and green NOD32 icon in the System Tray.

    2. Click on AMON under Threat Protection Modules. The AMON - File System Monitor window will appear.

    3. In the AMON - File System Monitor window, de-select (uncheck) the File system monitor (AMON) enabled option.

    Once AMON is disabled, the NOD32 icon in the System Tray will turn red.


    I replied to this asking why I would want to disable the realtime scanner, why have NOD32 on the machine at all?!? I got this in reply:

    Unfortunately, the exceptions options within AMON were designed towards software compatibility and not to ignore files that are threats.

    The reason disabling this was suggested was because you said that Mail Marshall used the command-line scanner to scan the files. As such, this is not implementing AMON in any way. This is using the scanner program nod32.exe. Unfortunately, there is no way to add exclusions to an on-demand scan with NOD32 2.7. I apologize for the inconvenience.


    I thought, "Great, that's no help." So I asked if this would be a feature in the next version, or if I could add it as a feature request, and I got this:

    Yes, this is a new feature in NOD32 3.0.

    So, my recommendation is to upgrade to version 3.0 to get a "fix" for this problem!

    Good luck!
    V
     
Thread Status:
Not open for further replies.