Nod32 Xmon not picking up any viruses?

Discussion in 'Other ESET Home Products' started by ethos, Aug 26, 2008.

Thread Status:
Not open for further replies.
  1. ethos

    ethos Registered Member

    Joined:
    Aug 26, 2008
    Posts:
    30
    Hi guys,

    We run exchange 2003 and surfcontrol with Nod32 xmon for virus protection.

    Lately the viruses have been getting through to the workstation and the "infected" count in nod32 xmon is "0".

    Surfcontroler uses port 25 and exchange is not on 26, although this shouldn't cause a problem.

    Any ideas? It seems to of happened since the server rebooted itself a few weeks ago :ninja:

    Thanks
     
  2. ethos

    ethos Registered Member

    Joined:
    Aug 26, 2008
    Posts:
    30
    Because surfcontrol is on port 25.... and then forwards onto port 26 (exchange)... should I have "Scan transported messages" ticked?

    It isn't at present.
     
  3. jasonblake7

    jasonblake7 Registered Member

    Joined:
    Aug 19, 2008
    Posts:
    70
    test a mail from outlook to yourself containing the eicar test virus as an attachment. See what happens. Make sure you disable any local anti virus software on the PC b4 adding the attachment.

    http://www.eicar.org/anti_virus_test_file.htm
     
  4. ethos

    ethos Registered Member

    Joined:
    Aug 26, 2008
    Posts:
    30
    Thanks mate, i'll give this a go tomorrow :)
     
  5. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    Thanks from me as well. I'd forgotten to test everything after configuring our email archiving software. Everything is working fine. :)
     
  6. ethos

    ethos Registered Member

    Joined:
    Aug 26, 2008
    Posts:
    30
    Good test, disabled AV on my machine. Set a test email with one of the .zip files from that website via outlook (internal) and outlook at home (external).

    Both delivered fine to my outlook inbox :(

    When I turned my AV back on it picked them up straight away. Good test that, hadn't thought to do it.

    So yea, nod32 on the exchange server (xmon) ain't doing much! Any ideas?
     
  7. ethos

    ethos Registered Member

    Joined:
    Aug 26, 2008
    Posts:
    30
    Any ideas chaps? Has confused me :)
     
  8. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    I'd love to be able to help but I honestly have no idea. Sorry. I've never had an issue with XMON. It catches a lot of viruses.

    I had one email recently where the Outlook engine caught it and I was surprised XMON missed it but there was a good explanation. I recently turned off background scanning so the store isn't rescanned when new virus definitions arrive. The virus was so new, it was delivered before it was in the definitions but opened by the user after it was in the definitions. Two hours earlier and my user would have been infected. A little bit of user training was the outcome. Why do people insist on opening anything that arrives in their inbox? :blink:
     
  9. ethos

    ethos Registered Member

    Joined:
    Aug 26, 2008
    Posts:
    30
    Thanks for the reply, hmm. Might have to ring ESET on this then and hope I don't get the two incompetent technicians I had last time....

    :)

    Purhaps I will try ticking "potentially dangerous applications" and see if that picks it up.
     
  10. mickhardy

    mickhardy Registered Member

    Joined:
    May 16, 2005
    Posts:
    140
    Location:
    Australia
    Eicar should be picked up with basic settings.
     
  11. jasonblake7

    jasonblake7 Registered Member

    Joined:
    Aug 19, 2008
    Posts:
    70
    Have you got NOD32 antivurus software installed on the same server to ? IF so you should not with the nod exchange software as there maybe some conflict.

    have you checked to see if you have the nod32 for exchange is showing in the list of installed licenses ?
     
  12. ethos

    ethos Registered Member

    Joined:
    Aug 26, 2008
    Posts:
    30
    Nod32 is installed on the server with the XMON addon, I can't see how it's not recommend to run both as they are the meant to run alongside? Also XMON just monitors exchange were as the rest protects the server...

    You mention licenses, I put some new licenses in the other day (2009) but i haven't removed the OLD licenses yet. Although I can't see this being too much of an issue?
     
  13. ethos

    ethos Registered Member

    Joined:
    Aug 26, 2008
    Posts:
    30
    For reference I've updated to the latest version and restarted the exchange server, it is now picking up email viruses :thumb:
     
Thread Status:
Not open for further replies.