OK, here's some bugs for v2, Beta-2: 1. During installation (from scratch), I elected not to install NMS. NMS was still installed. 2. Disabling NMS via Control Centre is still not persistent. Next time machine is rebooted, NMS is enabled. 3. (Serious) NOD32 command-line scanner fails to detect eicar test virus when launched by my mail server. The server launches nod32.exe in a hidden window with the following command-line params: /all /clean /delete /log+ /quit+ <file> where <file> is the filename (which always has a .tmp extension). I have verified the file *does* contain the eicar test virus, and that nod32.exe is actually called. The on-demand scanner log shows that the scan has taken place, the correct command-line was executed, and that *no* infections were found. Beta-1 worked correctly, but Beta-2 definitely does not. FYI, if I run a manual scan on the .tmp file (by selecting NOD32 from the Explorer context menu), nod32 correctly detects the eicar virus.
Further investigation on the missed eicar problem reveals that: The NOD32 v2 Beta-2 scanner simply fails to find infiltrations in *any* file with a .tmp extension! This is also the case when running the scanner via the Explorer context menu (I was mistaken in my first posting about this, where I claimed this did work). If I change the file extension to something else (say, .eml), the scanner finds the infiltrations.
Steve, Go to setup and either check the option to scan all files or add the ".tmp" extension to the types scanned and give it another go. It works as it should on my system. I think temp file extensions are excluded by default because the are not executable. Please try that and let us know your findings. Thanks, Phil
Sorry, Phil, but I did forget to mention in my post that I had in fact tried that. By default, I opt to scan all files. I also tried scanning a list of extensions, with .TMP added, with the same result. OK, it's an unearthly hour of the night here, so I'll revisit this again after some shut-eye. I'll let you know if there's any change.
Please do because that *is* a little strange. I tried it every way I could think of and NOD still flagged it. I even emailed it to myself and I had to disable IMON to even get the email. Next, I let IMON handle the mail and told IMON to delete the "infection" and this was at the bottom of the note: <quote> A T T A C H E D F I L E S I N L I N E D I S P L A Y Attached text follows, filename: att0.txt __________ NOD32 1.360 (20030212) Notification __________ Warning, NOD32 Antivirus System has found the following infiltrations in the message: Eicar.tmp - Eicar test file - deleted http://www.nod32.com </quote> Notice I had changed the extension before sending the email. There is NO way you can miss the warning when it pops up. Phil
Agree with (1) and (2) at top of thread, I don't want NMS installed or active but it still does it. Fedorov.
OK, it seems to be working fine this morning (except that no alerts are generated when eicar is detected) - eicar is removed, and NOD's warning is added to the incoming message. I am still concerned somewhat, though, that NOD32 is somewhat flakey in this respect. In my tests last night - of which there were 19 in all, with a number of reboots - NOD32 consistently failed to detect eicar. I will keep a close eye on things, to see if the problem reappears. I would like to compare its behaviour with version 1.0, but unfortunately the /delete command-line switch in version 1.0 does not work at all.