Nod32 misses virii that other apps catch :(

Discussion in 'NOD32 version 2 Forum' started by J M, Mar 22, 2004.

Thread Status:
Not open for further replies.
  1. J M

    J M Guest

    I'm part of an online community that decided to do an informal test of anti virus programs to determine for ourselves which was truly the best. Having bought NOD32, I obviously thought it would kick ass.

    Not quite so.

    Out of a package with about 450 various virii, it caught all but 9. Nine that totally went under the radar. Mind you, these are virii that can be downloaded from regular websites by anyone who knows how to use a search engine.

    KAV and PC-Cillin both caught more, as did certain other programs. This is not to start a pissing contest, just merely point out that I'm disappointed that it could miss these virii in the first place.

    Being the semi-good citizen that I am, and wanting the most out of a product I paid for, I decided to mail off the virii in question to the email address listed for this purpose, in the NOD32 documentation. It's supposed to be sample@eset.com.

    15 seconds later, I am greeted by a mailer daemon for www.nod.sk that informs me that the user is unknown. Wonderful! Now what do I do?

    I go here of course, and try to stirr the waters a bit.

    Stirr, stirr.

    Now, will someone tell me what I have to do, to get these virii analyzed and integrated so I can brag about the greatness of this application again?
     
    J M, Mar 22, 2004
    #1
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Without info about test conditions, setup and many more variables it's impossible to comment on a mere statement like this. No offense - but for that reason it's no more then a statement without factual backup.

    See my comment above. Apart from that, KAV or any other AV is not an issue on this NOD32 support forum - NOD32 is.

    I sincerely hope your "test" as mentioned has been done more careful. As is stated on the NOD32 website, submission from samples should go to samples@nod32.com (you've missed the "s" in samples.

    That figures. Using a wrong email address no doubt will result in a "user unknown".

    How about submitting the files using the right email address for starters? Backing up your statement with facts would be nice as well.

    Without any substantial and factual backup, it's indeed no more then that: stirring up the waters. Facts and proof please.

    I just did put you on the commonly known right track.

    regards.

    paul
     
    Paul Wilders, Mar 22, 2004
    #2
  3. J M

    J M Guest

    Ok, no reason to get hostile towards me.

    It's pretty straight forward running a passive scan on a number of pure virus files. I dont really care whether you would want anyone to wear a lab coat or not, the fact is that NOD32 did not catch them all. I also stated I did not want a pissing contest - it was MERELY to illustrate that apparently these are not completely new virii.

    Btw, any number of variables should -not- matter in the detection of a virus threat. Or are you implying that NOD32 only works when you spoon feed it? That would be a real shame. It certainly was not my reason for buying it.

    Now, as for the email address. I used the link provided in your documentation. It's not my fault if that one is not correct. For your convenience, check "nod32.chm" and read where it says "If NOD32 Finds a Virus". It CLEARLY states to use sample@eset.com - so please do not imply I am sloppy, when CLEARLY you guys messed that one up.

    I *will* send to the correct address now. Dont you worry about a thing, and then please respond here, as to your findings, will you be so kind?

    Who knows, maybe it's all due to incompetence on our behalf, but then again, maybe it is not.
     
    J M, Mar 22, 2004
    #3
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    I would like to mention that we have already seen a lot of "samples" detected by other AV as viri which were actually a nonfunctional garbage. We would need to analyse the samples in order to say why they were not detected by NOD32.

    As to the address for submitting suspicious files, the following ones work: samples@eset.com, samples@nod32.com, samples@eset.sk
     
    Marcos, Mar 22, 2004
    #4
  5. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    I'm not. I am opposed to making statements without any factual backup.

    ...and this kind of statement is exactly 'what Í'm talking about: no factual backup in any way.

    Neither am I. That said: acussations like yours are serious ones, and shouldn't be made without providing proof.

    No offense intended - but as it is, these are merely words for the moment.

    Many have perfomed their private tests - under the wrong conditions. Testing is in essence for the pro's, and for good reasons.

    Please provide the full URL. www.nod32.chm comes up with a 404. The main Eset webiste is www.nod32.com
    btw.

    Thanks for doing so.

    regards.

    paul
     
    Paul Wilders, Mar 22, 2004
    #5
  6. J M

    J M Guest

    The "nod32.chm" is not a webpage, it's a simple windows help file, installed together with your application, and it resides in the NOD32 program directory, side by side with the NOD32 executable.

    I sent off the virii in a zip archive a short while back. It would be helpful if you could confirm receipt either here, or by reply to my mailaddress.
     
    J M, Mar 22, 2004
    #6
  7. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Apologies are in order: there's a typo in the help file indeed as for the email address for submitting samples.

    This one is addressed to Eset I assume.

    regards.

    paul
     
    Paul Wilders, Mar 22, 2004
    #7
  8. J M

    J M Guest

    Apology accepted :D

    And yes, I sent the zip archive to samples@eset.com

    I'm just concerned my ISP might have killed it, if they have virus scanners on their outgoing mail. If so, I will pack more thoroughly or encrypt the file, to get around the scanner.
     
    J M, Mar 22, 2004
    #8
  9. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Thanks ;)

    Right.

    Perhaps an encrypted .RAR file would do the trick in that case.

    regards.

    paul
     
    Paul Wilders, Mar 22, 2004
    #9
  10. J M

    J M Guest

    I encrypted it in a rar archive. I included the password in the mail, but just in case, here it is again: danger
     
    J M, Mar 22, 2004
    #10
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    I'll take it, you will be informed by your ISP in case they actually killed it?

    regards.

    paul
     
    Paul Wilders, Mar 22, 2004
    #11
  12. J M

    J M Guest

    The first time I got the mail returned, due to the wrong address, it also included information about virulent strings - apparently attached by my ISP. The next time I sent it off, I didnt get any notifications, but I'd rather be on the safe side.


    Just curious, are you the one, or are you in contact with whomever, who checks the mail at samples@eset.com ?
     
    J M, Mar 22, 2004
    #12
  13. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Good choice ;)


    I'm the owner of this board, providing Eset their Official Support forums. Samples go directly to Eset; we have no deal with that one. That said: of course we are in constant contact with Eset concerning all sorts of issues in case there's need for that.

    regards.

    paul




     
    Paul Wilders, Mar 22, 2004
    #13
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,760
    Location:
    Texas
    We appreciate you making these forums availible.
    We learn a lot about Nod on this forum.
    You have to have a thick hide to put up with some of the people that post here. :D
     
    ronjor, Mar 22, 2004
    #14
  15. J M

    J M Guest

    I have received answer from NOD32 developers, and everything seems to be in order.
    As it turns out, several of the files were simulations and even dummys.

    Thus my primary objective has been reached, getting the record straight on why NOD32 seemed to fail. Which, as it turns out, happily it did not.

    So, I apologize for my brashness :)

    You can lock or delete this thread at your leisure. Maybe you should leave it up as an example to others who come with intentions such as mine.

    Sincerely,

    J M
     
    J M, Mar 22, 2004
    #15
  16. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    Hi J M,

    Thanks for reporting ;)

    All's well that ends well - Let's leave this one behind us and move on ;).

    Thread closed.

    regards.

    paul
     
    Paul Wilders, Mar 22, 2004
    #16
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...