NOD32 Exchange Version

Hi I'm a new member, thought I would post a little note here, I work as a Sys Admin for a School in my country, we use NOD32 here and I have to say I'm very disappointed with ESET, the reason ?? well appears the Exchange version of NOD32 doesn't appear to strip viruses from E-Mails and then when the local client on the PC is running and up todate it allows an e-mail attachment (infected with the MyDoom virus for example) to be saved to the HDD, and even un-zipped, maybe I'm missing some thing but I would have thought the attempt to save the attachment should have fired the AV up surely ?? anyway I have take to using Avast av on my laptop, and we'll be changing our School AV to another one, not sure which just yet....

 

Hello,
it's essential to know what version of the virus signature database was installed at the time, as you say, Mydoom slipped through NOD32 for Exchange. Since NOD32 f. Ex. doesn't support scanning archives, it is necessary to update to v. 1.610 which detects its zip file without a need to unpack it first. What rules do you have defined in NOD32 f. Ex. setup?

Provided you have NOD32 updated at least to v. 1.609, AMON must detect the worm. If it is packed in zip, AMON will detect it as soon as it's been exctracted from the archive. However, if you have NOD32 2.0 installed, IMON (the POP3 mail scanner) will intercept it and allow you to perform an action against the attachment.

The only ways how the particular machine could have gotten infected are:
1. AMON was disabled at the time the user ran an infected attachment.
2. NOD32 was not up to date at the time the user ran an infected attachment.