NOD32 Exchange Version

Discussion in 'NOD32 version 2 Forum' started by linux_obo, Jan 28, 2004.

Thread Status:
Not open for further replies.
  1. linux_obo

    linux_obo Registered Member

    Joined:
    Jan 28, 2004
    Posts:
    1
    Location:
    Hamilton New Zealand
    Hi I'm a new member, thought I would post a little note here, I work as a Sys Admin for a School in my country, we use NOD32 here and I have to say I'm very disappointed with ESET, the reason ?? well appears the Exchange version of NOD32 doesn't appear to strip viruses from E-Mails and then when the local client on the PC is running and up todate it allows an e-mail attachment (infected with the MyDoom virus for example) to be saved to the HDD, and even un-zipped, maybe I'm missing some thing but I would have thought the attempt to save the attachment should have fired the AV up surely ?? anyway I have take to using Avast av on my laptop, and we'll be changing our School AV to another one, not sure which just yet....
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Linux_obo,

    Welcome ;) - I've splitted your post as you've might noticed.

    Did you contact support@eset.com about this issue?

    regards.

    paul
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hello,
    it's essential to know what version of the virus signature database was installed at the time, as you say, Mydoom slipped through NOD32 for Exchange. Since NOD32 f. Ex. doesn't support scanning archives, it is necessary to update to v. 1.610 which detects its zip file without a need to unpack it first. What rules do you have defined in NOD32 f. Ex. setup?

    Provided you have NOD32 updated at least to v. 1.609, AMON must detect the worm. If it is packed in zip, AMON will detect it as soon as it's been exctracted from the archive. However, if you have NOD32 2.0 installed, IMON (the POP3 mail scanner) will intercept it and allow you to perform an action against the attachment.

    The only ways how the particular machine could have gotten infected are:
    1. AMON was disabled at the time the user ran an infected attachment.
    2. NOD32 was not up to date at the time the user ran an infected attachment.
     
Thread Status:
Not open for further replies.