Nod32 (paid version) and Kerio Mailserver?

hi everyone just thought i'd post this this deals with his question about kerio mailserver and nod32 this might help answer his question maybe not lol

http://support.kerio.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=54


SnOoP

 

Ah ha!

Thanks for the link, SnOoP. If nothing else, this may help somebody else down the road.

 

Thanks also for the link.

The many times I've looked at that page(actually not that page) today and yesterday to re-read the instructions, that is the first time I've noticed that post at the bottom. It does certainly clarify things - BUT

IMHO it would be good service if that were also mentioned both on this page which is for the product that the OP was wanting to use and here if further licence explanation is required for step 6 - then in all cases also elsewhere, either at the top of the documents discussing which version you need to download probably, otherwise somewhere notable where it cannot be easily missed.

Cheers

 

Hello,

The trial version of NOD32 is just that--a version of the software which potential customers can try free-of-charge in order to determine if the software package meets their needs. At the end of the trial, if the customer wanted to purchase the software, they could then contact ESET's sales team to find out the cost of a license, learn about companion products, possibly have their evaluation period extended if they were still researching the purchase and so forth.

I think what happened here was that it wasn't clear that the home user license for NOD32 didn't include a license for a version to run on a mail server. Is that correct?

I will speak to our sales and marketing departments to see if there is some way this information can be presented in clear fashion on our web site.

Regards,

Aryeh Goretsky

 

I made the mistake of buying a normal licence because of lacking information on my dealers website.
I had the trial running, which worked with kerio. So I decided to buy a licence for this good av scanner. I visited the eset website, clicked on the "Purchase" button at the top and have been redirected to the website of my local dealer "http://www.valueline.com.ph/". On their website is nothing like "Purchase" or "Buy" etc. so I contacted them via email that I want to licence my nod32. They emailed me the amount I had to pay, what I did immediately and a moment later I got via email my registration information. So I downloaded from a link in the email the commercial version, uninstalled the trial etc., installed the commercial, registered it and was surprised that it did not work anymore with kerio.
If on the website would be something written that I would need a "special" license, I would be informed, but there is anyhow nothing on the local eset dealers website. Just try to checkout this website and try to find any purchase option... so HOW could I know? everytime I click on the purchase button on esets website, I am always formwared to this site.

All would not be a problem if nod32 would be able to scan the stored email messages from the kerio store folder, but it cant. I sent the eicar testfile via email to my email server and it was stored in the store folder and forwarded to my client computer without recognized by nod32. The format of kerio's email messages are ordinary .eml emails, can be open directly via outlook express from the store folder, so why does nod32 not scan them, even the folder is NOT excluded from scanning? If the virus is in a zip attached, nod32 cant scan them (the eicar test), if the virus is as com attached, it catch them (eicar.com attached to email).

 

During setup you would have excluded the mail folder to avoid possible conflicts

Cheers

 

No, the folder is NOT excluded, nod32 catch it if it is not in a zip attached to the email, but soon the virus is attached to an email as zip, its not recognized.

 

This is true - AMON checks archives when they are unpacked.

Cheers

 

I manually scan the file, it recognize it as eicar test file.
If I try to save the zip from the email, it is also recognized, without extracting it.
So my conclusion is, that nod32 does not scan mime encoded zip files (eml files), but other mime encoded files. But why does it recognize eicar if I manually scan the eml file? Why can amon not do the same, at the moment the file is created? Do I miss anything? I just dont understand it clearly.

 

I should have said 'This is true - AMON checks archives when they are unpacked or when a file is created.'
Sorry, my mistake
I believe you are correct about AMON and MIME encoded zip, but this is the normal purpose for IMON/EMON with POP3 and EMAPI respectively (IMON should by default be disabled on a server)

Cheers

 

I opened the eml with Thunderbird and could save the zip to harddisk without nod32 scanned it. Is this correct? I dont think.
What is the difference between downloading a zip which is scanned and saving a zip? Does it mean that IMON is doing a little bit more work than AMON, because IMON will recognize it immediately but AMON not.

 

A lot of AV's will scan packed software on access only (not when saved) to save system resources. That's why full system scans are recommended

 

Definately

There are some differences between AMON and IMON's scanning function.

Yes, I too can download the archive and save it if I don't use IMON, but on extraction by AMON or during an on-demand scan it is detected.

Cheers

 

Thats correct. What I wanted to say it that it would be great if amon would scan the file if the zip is saved/created. Not only if I open it. This would prevent that you can SAVE a virus on your computer. I know, amon scan it soon I try to extract something from the zip...
Is it because amon would need too much time to scan zip files on creation? It scans exe at creation point, so why not zip too? Maybe its correct, it would use too much resources/would take too long if the zip is big...

 

That's pretty much it.
Imagine a large archive - even a small delay while it is unpacked and checked would be no good. This does not defeat the protection against execution as you already realise.

Cheers

 

Understand that, but why is IMON scanning after receiving a file? It also take sometimes endless after a download (if I download 500MB zip foe example) before I can open the file. IMON could also ignore it, becasue it would be scanned if I try to extract/open the file, right?

 

It's more to do with potentially interrupting execution of an application than interrupting the user. Many applications operate on archives regularly during normal operation. Denying them access while the archive is checked could result in severe compatability issues whereas for IMON to finish checking a large download before you can open it does not cause a crash. In fact even where an application is trying to open the downloaded file this is not normally any issue either since (and without going into great detail) IMON correctly notifies of the pending status.

Cheers

 

Hello,

I understand someone from ESET's sales department has been in touch with you to discuss the issue.

I've also asked our sales and marketing departments if there is anything we can do to make licensing information more prominent on our web site and in our sales and marketing collateral, although in the case of resellers it is ultimately up to them to determine what they put on their web sites.

Regards,

Aryeh Goretsky