NOD32 v2 troubles (Win9x)

Discussion in 'NOD32 version 2 Forum' started by timo888, Jun 13, 2003.

Thread Status:
Not open for further replies.
  1. timo888

    timo888 Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    5
    After using NOD32 for almost a year without problems, I upgraded yesterday to v2. Installation went smoothly, I rebooted, and the new splash screen came up. I went into the console and scheduled nightly signature-file update and checked the IMON settings. So far so good.

    But then I could not open one of my mailboxes in Eudora 5.2 (paid version without ads). The mailbox had a lot of messages in it, BTW. Others mailboxes I could open, but the messages displayed as HTML not as rendered text. After uninstalling NOD32, these problems went away, yet when I reinstalled NOD32 v2 last night these problems did NOT reappear. Mysterious.

    HOWEVER, I can send myself the EICAR.COM test file (downloaded from ESET yesterday before I upgraded, with AMON v1 turned off) and NOD32 blithely lets it in! :eek:

    And I can copy the EICAR.COM test file from a network share onto my hard drive, and NOD32 lets it in. Yet if I try to download the test file from the Eset website, NOD32 flashes a big red warning message. I don't understand this behavior.
     
  2. Sisko

    Sisko Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    42
    I am not using Eudora but may I give you some things to check.

    Is eudora downloading from port 110 ?
    Is Imon configured on port 110 ?
    Did you try to do a repair network configuration in IMON -> Setup ?

    Hope it will help you


    Sisko
     
  3. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi timo,

    >HOWEVER, I can send myself the EICAR.COM test file (downloaded from ESET yesterday before I upgraded, with AMON v1 turned off) and NOD32 blithely lets it in!

    If you have used v1 - just AMON is blocking the incoming malware - so it would be normal when disabled. In v2 IMON is doing this job (for e-mail) too.

    >And I can copy the EICAR.COM test file from a network share onto my hard drive, and NOD32 lets it in.

    AMON catches the EICAR.COM when trying to copy it from a network share on my side. I hope you have the correct AMON settings - at least the "Network" scanning checked.

    Rgds.,

    jan
     
  4. timo888

    timo888 Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    5
    Thanks for the help.

    IMON is on 110, as is Eudora. AMON is checking Diskette, Local, and Network on open, execute, create, and name.

    Under v1, AMON would catch malware attachments as Eudora attempted to write them to her attachments directory; I would expect no less from v2, even if IMON were configured incorrectly, which it does not seem to be.

    I did tell IMON to repair the network, then I rebooted, before testing with EICAR. As far as v2 is concerned EICAR is a welcome guest, except when I try to download it directly from the Eset site.

    Timo
     
  5. timo888

    timo888 Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    5
    Here's a picture of the NOD32 console.
     

    Attached Files:

  6. timo888

    timo888 Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    5
    And here's a screencap of an email in Eudora that contained EICAR.COM as an attachment. It is called EICAR2.COM because Eudora adds a numeric suffix to the attachment if an attachment of the same name already exists. As you can see, IMON scanned the incoming email.
     

    Attached Files:

  7. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi timo,

    we need to give it a check - I sent you a PM.

    Thx., :)

    jan
     
  8. timo888

    timo888 Registered Member

    Joined:
    Jun 13, 2003
    Posts:
    5
    Since NOD32 was able to detect the EICAR.COM file when I attempted to download it, but not when I tried to email it to myself, I had the bright idea :rolleyes: that perhaps my local EICAR file itself had become corrupted and was not being recognized.

    So, I went to a different PC where NOD is not installed and downloaded EICAR to it and then sent it to myself via webmail. This time IMON caught it!
     
  9. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi,

    > I had the bright idea that perhaps my local EICAR file itself had become corrupted and was not being recognized.

    This is possible - we had such cases. Hope it's OK now.

    Thks., :)

    jan
     
Thread Status:
Not open for further replies.