NOD32 unable to find 'EICAR' test virus

Discussion in 'NOD32 version 2 Forum' started by DenisG, Apr 17, 2004.

Thread Status:
Not open for further replies.
  1. DenisG

    DenisG Registered Member

    Joined:
    Apr 17, 2004
    Posts:
    2
    Having recently been bitten with McAffee's new ASAP product on a multi-site licence in that I found that viruses (the eicar test) were only found at the basic level and gave no protection when 'virus' in zip files.

    Fortunately this was recognised by NAI's local representatives as an issue and they accepted that product was unsuitable and cancelled license with full refund.

    I am now on a "fast track" evaluation of other AV softwares and NOD32 is showing the same characteristics as explained above. In fact probably its detection is even less trustworthy.

    From the eicar.org website I tried to download the 4 options of 'eicar' and only the original 'eicar.com' was detected by NOD32. The 'text' file version opened in notepad and the zipped and double zipped downloaded successfully or in this case most unsatisfactory.

    Checking settings and changing a few and repeating tests have shown no improvement.

    Does anyone know ifthis is just a local (being myself) issue or have I missed something during install and setup.

    I know that NOD32 did, as did McAffee ASAP, successfully found the virus during extraction from the 'zipped' files, but this is only of a token effort, as had the zipped file been placed on any storage media floppy's, CD's etc. then there is always a possibility that that media could be used on another unprotected machine. This is specifically the case, in my instance, where within the company only certain PC's have internet download capabilities (for security purposes) and quite often downloaded files are distributed both internally and externally.

    Thanks in advance.

    Best Regards,
    DenisG
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Denis,

    This has been subject of discussion many times. Have a look at this thread as an example.

    regards.

    paul
     
  3. DenisG

    DenisG Registered Member

    Joined:
    Apr 17, 2004
    Posts:
    2
    Paul,

    Thanks for your quick reply. I do understand the direction from where the replies are pointing me too etc.

    I totally agree that a 'packed' virus is on no danger till it is unpacked but the argument is several levels deep, in that I have no control on what an employee has as AV software on their home system, if they are taking any work home with them etc.

    The second problem I have, is that some install softwares require that AV softwares be 'shutdown' for the duration on install. Whoops !! Too late if packed install contains virus etc.

    I know there are always ways and means around such issues, but in business time is money, and it is nice to be able to accomplish certain tasks seamlessly. One can't always assume that the user / operator is computer literate and has understanding of how thinks should work.


    As with previous AV's that we have used, at least the choice was mine as to what and how the san took effect. Whilst NOD32 seems to be acceptable to me in many ways. This issue certainly has me thinking twice about the package. That risk, however small, may not be worth the NOD32 solution, when I consider 45 in-house PCs, nearly 100 operators and no control over approx 12 users with permissions to take home data etc.

    Thanks,

    Best Regards,
    DenisG
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,739
    Location:
    Texas
    Have you talked with Eset about your concerns?
    I believe there is a number you can call listed on most sites.

    Prudent to remember that no security program can protect against careless and risky behaviour by users.
     
  5. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
Thread Status:
Not open for further replies.