Nod32 v2 and MailWasher

Discussion in 'NOD32 version 2 Forum' started by Charles, Jul 7, 2003.

Thread Status:
Not open for further replies.
  1. Charles

    Charles Registered Member

    Joined:
    Jun 3, 2003
    Posts:
    19
    Location:
    Tar Heel Country
    As DEE just stated, I hesitated to jump into a
    thread that is 'generally' in tune with my experiendes, but is not germane to the OS versions.
    Anyway, here goes, and if a new thread should be started, just let me know.

    Using W98se, OE 6 and IE 6, I'd been depending on
    NOD v.1 which I fell in love with, so it was with some trepidation that I attempted the upgrade, but with the help and encouragement from the forum, I was gratified to get the installation completed with a minimum of problems..

    Now to the Crux of the matter:: I'd been using
    'Mail Washer' as a buffer between the ISP and my
    HDD and was really satisfied with the setup, but
    now, I'm unable to get MW to work at all..For some
    unknown reason(to me)a
    connection is denied and herein is the mystery.
    I've done the suggestion of trying the "Repair" button and the WinSock download...Still NO JOY !

    Manually deleting 50 to 80 spam messages is real
    pain and I need MW or some other program in it's
    stead....Any and All advice is Welcomed..


    charles in Dixie
     
  2. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,016
    Which version of MW are you using.
    Been using it on 98SE and win2k with nod1 and now nod2 with no problems
    Nod should not interfere with MW as it only intervenes when you actually read them with your emailer (becky,etc)
     
  3. geekboy2000

    geekboy2000 Registered Member

    Joined:
    Jul 7, 2003
    Posts:
    7
    I'm a fan of:

    K9, POPFile, SpamPal, amd SpamWeed, . All are proxy type apps (process the mail retrieval between your ISP and mail client), and all work well. The first three are free. K9 and POPFile are both Bayesian (statistical analysis) type apps, and are very similar. Both work very well. SpamPal provides for DNSBL lookups, and supports RegEx and Bayesian plugins (and others). SpamWeed differs in that it doesn't *tag* the mail for filtering in your mail client, but instead quarantines spam in a separate viewing window outside the mail client. It too used Bayesian analysis. With any of them, it's necessary to run them on a port other than 110, to avoid conflicts with NOD32 v2. For example, I have K9 running on port 1110, and my mail client configured to check for mail on port 1110 with the following format:

    server: localhost
    login: mail.server!110!username

    Of course, the login would be *your* actual username and mail server. More details for configuration are available on any of the author's sites.

    Those apps are at:

    K9:
    http://keir.net/k9.html

    POPFile:
    http://popfile.sourceforge.net/old_index.html

    SpamPal:
    http://www.spampal.org/

    SpamWeed:
    http://www.spamweed.com/
     
  4. microwiz3

    microwiz3 Registered Member

    Joined:
    Sep 25, 2002
    Posts:
    6
    Location:
    Goshen, IN
    I also use MailWasher (Pro 1.31) along with Nod32 V2. No problems here.
    Switched over from V1 somewhere in the middle of the "beta thing".

    When you installed V2 did you change the settings in MailWasher? Under V1 the POP3 scanner required you to enter "localhost" but under V2 this is not necessary. You just set up MW under the "Servers" section to use the regular mail server as in my case "pop.sbcglobal.yahoo.com". These settings are found under TOOLS/ACCOUNTS/PROPERTIES, then incoming mail.

    You probably will need to make this change in your mail client also.

    The IMON module in V2 checks everything coming in off of the internet where before we had the Pop3 Scanner which sat between your mail server and your mail client. Hence the need for "localhost".

    Hope this is of some help. Enjoy Version 2!!
     
  5. Charles

    Charles Registered Member

    Joined:
    Jun 3, 2003
    Posts:
    19
    Location:
    Tar Heel Country
    I've been off th'net for nearly 12 hours and will
    attempt to answer each in turn;

    Mickey: I was using MWPro l.31 - have uninstalled it, and downloaded the common v. 2.x (?)..It gives
    the same results as before. MW and I are doing some correspondence and I'll keep y'all informed.

    geekboy: I'll certainly investigate your offerings if MW is unable to help cure my ills.
    I'm one of those confuzer users for whom the
    "Dummy" books are written. I don't fully understand what you've written but will attack it
    tomorrow as it's getting to be sack time.

    Microwiz3: Refer to above comments of my expertise.
    I'll dissect your post later and return to make
    comments on the results. NO! I did not make any
    changes to MW after (during)NOD v.2 installation.
    The reason is that I wouldn't know just what to
    do for (with) it.

    I really do appreciate all of the help Y'all have
    offered and this is being quite a learning experience. Expect a SitRep later.
    charles in Dixie
     
  6. Charles

    Charles Registered Member

    Joined:
    Jun 3, 2003
    Posts:
    19
    Location:
    Tar Heel Country
    This thread is beginning to grow a beard as it's
    getting to be quite old !

    This is the situation report that was promised.

    Well, I've investigated several programs and dnlded
    three (3) have uninstalled all as they were not
    clear enough for me to make the required changes.
    I now am using "iHateSpam" by Sunbelt...It works
    very well with NOD32, but I'm having difficulty using it with a IMAP mail client...Anyway, NOD32,
    which IS my favorite AV, is working with iHateSpam.
    Will address the IMAP problem and start a new thread if it seems to be of benefit to the list.

    charles inDixie
     
  7. Cameron

    Cameron Registered Member

    Joined:
    Jul 2, 2003
    Posts:
    11
    Location:
    Australia
    Hi,

    I'm using nod32 v2 and mailwasher..

    as Mailwasher is only recieving the mail as txt i'm finding that IMon isn't scanning them..
    IMon is only scanning the msgs I pickup through outlook (after i've given them the anti-spam scan)

    so this brings up 3 questions to me.
    1. should IMon be scanning them
    2. is it even possible to get infected through mailwasher
    3. If its scanning on others ppl's systems why isn't it doing it on mine...
     
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    1) txt. files are totally harmless; don't even bother ;)
    2) personally, I'm not that familiar with mailwasher; the answer to your question can only be answered by the developpers.
    3) in case you refer to mailwasher: that's a question to be answered for the mailwasher developpers as well ;)

    regards.

    paul
     
  9. Cameron

    Cameron Registered Member

    Joined:
    Jul 2, 2003
    Posts:
    11
    Location:
    Australia
    Upon close examination using "netstat -a" I've noticed that mailwasher doesn't use port 110

    Its using an i8ncremental port (1 per server etc) that its scanning from.. starting at port 345? where ? is from 0 - 9 it may even go higher depending on whether the prevous uses of ports have been closed by the time I scan next

    so now then how can i get IMON to scan for those ports
     
  10. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    The mail retrieved in MailWasher will "always" be on port 110. You are probably looking at the local port?

    Anyways, MailWasher is probably using the POP3-command "TOP" to retrieve "most" of the mail, instead of the command "RETR" to retrieve the whole mail. Not sure if IMON will scan data retrieved using "TOP".

    I don't think there are any known remote exploits for MailWasher, and it's rather unlikely that there are any exploitable bugs in it. Then again, even though it's not likely, it's not impossible that such bugs exists. ;P

    I think there's nothing "wrong" with your setup.

    Best regards,
    Anders
     
Thread Status:
Not open for further replies.