NOD32 is still no.1?

Discussion in 'other anti-virus software' started by fatpizzaman, Apr 13, 2002.

Thread Status:
Not open for further replies.
  1. fatpizzaman

    fatpizzaman Registered Member

    Joined:
    Feb 27, 2002
    Posts:
    52
    So, is NOD32 still the no.1 antivirus scanner?
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi fatpizzaman,

    Any reason for asking?

    regards.

    paul
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
  4. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    I never even considered NOD32 Antivirus to be No.1. It's a good utility but certainly it's not no.1

    Technodrome
     
  5. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    In the meantime, I've sent an email to support@nod32.com , requesting the new pop3scan.exe with instructions on how to replace the old one.

    I'll be sure to let everyone know how it goes and how long it takes to get a response. Pete
     
  6. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Funny, i don't have any of these temp files !
    Oh yeah that's right, i have learned a long time ago to regularly clean my temp file folder. Besides, i'm using Internet Sweeper ! ;)
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Bravo, MTM!

    Let's fix third party software with more third-party software! lol!

    Everyone already knows they can remove the temp files created, Mick, the point is - why are they getting created to start with?

    If it were a M$ glitch, I could understand it - but since NOD's offering a 'fix' , then that wouldn't seem to be the case (it's also supposed to not occur anymore when the 'environment' update occurs).

    But thank you for that valuable input! Pete
     
  8. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Guys,

    Not 10 minutes ago Nod32's Pop3 scanner detected Hybris in an email attachment.

    I ran Nod32>clean, but the file wasn't found.

    I then saved the file somewhere, and subsequently was alerted by Amon that it was infected.  I clicked 'delete', afterwards I ran Nod32, and no infection was detected.

    Fine, you would say.

    I then ran NAV, which however alerted me to the fact that C:\Windows\Temp\Nod328335.TMP (or something like that)  was still infected.

    So what's the deal?

    Once the infected temp file's created, am I still at risk because of it?

    Do I need to clean out my Temp directory after a virus has been removed by Nod32, or it will still be active??


    Do I need to run 2 virusscanners all the time?? o_O
     
  9. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    OK,  I answered one question myself:  I added *.tmp to the extensions to be scanned by Nod32 and Amon.

    One wonders why this extension isn't included by default, given this program's apparent idiosyncrasies.

    [edit] I just answered my first stOOOpid question as well:

    As the infected attachment has been renamed to *.tmp, it's no problem anymore, I guess.

    I will now emigrate to Tierra del Fuego, and change my name... :-/ :D [/edit]

    Is NAV overdoing it when it still identifies the file as being infected after it has been 'converted' to a temp file?
     
  10. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Hi, Tony!

    I hear what you're saying, but having selectable scanning of extensions serves a good purpose for those who don't want all extensions scanned (although I really can't imagine why everyone wouldn't want all extensions scanned - if I'm going to scan, I'm going to
    scan! ). Pete
     
  11. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    I understand, but what I'm wondering is why NAV identifies the temp file created by NOD32's pop scanner as infected after the file has been deleted by AMON.

    I'm puzzled.
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Even though the code's in text in the temp file (or at least I think it is - I don't have one to play with here) , NAV is probably still picking up on its' presence.

    Tried checking Symantecs' KnowledgeBase? Pete
     
  13. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Not yet, Pete.

    It would be nice if Eset would be able to come up with a new POP3 scanner that doesn't create the files in the first place, though.
     
  14. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Are The nod temp files annoying ?  Definitely !
    Do they pose a security risk ? No !
    ESET has acknowledged that the problem exist, but not a vital one to warrant issuing a new version in a rush.  They said the fix  will be included in the upcoming version.
    As for Nav, this is to be considered a false positive the same as code red was in Spyblocker's log file.
    Should the temp file be emptied ?  Yes, regularly, regardless of Nod !
     
  15. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Hi Mickey,


    Thanks!

    I do clean my temps out on a daily basis.
    I have a convenient little batch file for that, which I access via a desktop shortcut.

    However, the fact that NAV alerted me to this so called infected file,  after Nod32 zapped it was a little disconcerting to me.

    However, you have managed to reassure me now.  :D
     
  16. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Hi Tony, I'm not a big Norton fan by any stretch of the imagination, but in this case I would say it's a good call by Norton.
    AV's look for signatures. When NOD renamed the extension, it did not change the Code in the file. Norton, for some reason is scanning tmp files, so it picked up the code (virus signature) and warned you. I would not call that a false positive.
    I have NOD32, and have always considered it a very good AV. I think this little quirk should be fixed soon, but don't think it's panic time.
    Always good to have a backup AV and AT to do manual scans with. Nobody catches everything,
     
  17. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    I've always used NAV, and I don't really have the strong feelings that many others here appear to feel whenever the word Norton pops up.. ;)

    I recently switched to NOD32 mainly because of problems with NAV 2002's email scan, and because I do believe NOD32 is among the finest you can get.

    I will keep NAV updated, and use it as an on demand scanner.

    2 things:

    I saw a post at the NOD32 board at Becky's where one Phil was sent the new and improved POP3scan module just by asking for it.He now has no more temp files being created

    I wonder why as yet it hasn't been made available to everyone generally.

    Second,  As my  NOD32 just caught its first virus I have one question:

    When the POP3 module alerts you to the presence of a virus in an attachment, it isn't able to destroy or repair it itself, right?

    Does it convert the virus in the extension to a temp file straight away to be detected and destroyed by a NOD32 scan, and does that mean that the attachment is rendered harmless as a result?

    This isn't clear, and as you can't just rightclick an attachment and have it scanned, I'm wondering how exactly to go about it.
     
  18. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Hi Tony,

    As Mickey has stated, since it does not have first priority (not being a dangerous flaw), Eset is concentrating on the upcoming new build.

    Right.

    It does.

    regards.

    paul
     
  19. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Thank you, Paul!

    Nod32 should be so informative... :-/

    Thanks a lot for enlightening me on this subject.


    Cheers,
     
  20. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    My pleasure, Tony.

    In case of matters concerning security software like NOD32 in this case: whenever you encounter a problem, feel free to drop me an email. We do have frequent contact with many software vendors - could speed up things.

    regards.

    paul
     
  21. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Got  the 'fix' for the Temp email folders problem - Paul, you want me to send it to you and let you put it up for d/l? Probably won't be too much of a bandwidth drain. Pete
     
  22. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Great, Pete!  :D

    Can I have one, pleaaaase?  :D
     
  23. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Tony - You have mail. The copy I sent you is for the English version of Win9x. Instructions follow:

    "1. make sure you are using english version of nod32. if not so, please contact us for appropriate language version of the pop3scan.exe file
    2. quit pop3 scanner
    3. overwrite the old pop3scan.exe with the attached one. it is located where you installed nod32 (typically c:\program files\eset)
    4. start pop3 scanner" Enjoy! Pete
     
  24. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    For others who're not sure of the way to go about getting it direct from eSet, do this:

    Go to: http://www.nod32.com/support/support.htm

    Click on the country in the list that's closest to you or which uses the language of your choice. This will bring you to the 'Technical Support Request' page, which you'll then have to fill out (fill it out and follow all instructions exactly - it's really not that hard).

    When you're done, click 'Submit'.

    That's it. You'll have it in your email before you know it. Pete
     
  25. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Pete,

    Thanks a Mil!

    I do have the English version, but I already replaced mine before seeing this post.

    I did it slightly differently:
    I didn't overwrite the old one,  but closed it down and removed it.
    Then put the new one in and rebooted.
    It started working right away and didn't even need to be configured.

    I owe you one!

    Thanks again,

    Tony
     
Loading...
Thread Status:
Not open for further replies.