NOD32

Discussion in 'other anti-virus software' started by Logan5, Jul 1, 2002.

Thread Status:
Not open for further replies.
  1. Logan5

    Logan5 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    129
    Location:
    The Dark Side Of The Moon
    Hi,

    Has anyone been following this thread at the Becky forums?

    http://www.morelerbe.com/ubb/ultimatebb.php?ubb=get_topic;f=39;t=000334

    Does not sound like a good situation for those of us who use both Becky and NOD32.

    I have seen no reply from Eset as of yet.

    Logan
     
    Logan5, Jul 1, 2002
    #1
  2. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi,

    Not a big issue : as far as a virus is compressed, it cannot be activated. Nod32 would catch it at uncompressing.

    AFM I find pointless to scan archived files. Anyway, any AV or AT fails detecting virus/trojans/worms if the compressing rate is strong enough :)

    http://smilies.sofrayt.com/1/r/biggrincurtain.gif
     
    JacK, Jul 1, 2002
    #2
  3. adaMada

    adaMada Guest

    My understanding of the situation is that it is a problem for users of those two programs, but NOD32 WILL catch the virus before it's run -- it just might give the false impression of you not having a virus at all before the file is run. In my opinion, though it is a problem, it's not a deadly one...
     
    adaMada, Jul 1, 2002
    #3
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    As far as I know, the upcoming new version will tackle this issue. Indeed it's not a "deadly issue" right now.


    JacK,

    DrWeb never missed a strongly compressed virus/worm in archived files ;). But that's just a side note!

    regards,

    paul
     
    Paul Wilders, Jul 2, 2002
    #4
  5. Logan5

    Logan5 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    129
    Location:
    The Dark Side Of The Moon
    Hey,

    Thanks for the info.

    Glad to see they will (I hope) be addressing the issue with the upcoming version.

    Logan
     
    Logan5, Jul 2, 2002
    #5
  6. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    My pleasure, Logan ;).

    regards,

    paul
     
    Paul Wilders, Jul 2, 2002
    #6
  7. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Paul,

    I look for a links with sample (harmless) of different rates of compression and shall post it here :)

    Dct Web like the other AV misses on a certain amount of compression

    Cheers, ;)

    JacK
     
    JacK, Jul 2, 2002
    #7
  8. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    JacK,

    Nice!

    I will not argue that possibility; in reality, I've never encountered such an example ;)

    regards,

    paul
     
    Paul Wilders, Jul 2, 2002
    #8
  9. MickeyTheMan

    MickeyTheMan Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    1,017
    As for the Becky's part, here is Carty's response:
    "For the security consideration, viruses are never activated when they are MIME encapsulated.
    Suppose that if a virus file are decoded on retrieval. Some viruses might be new and virus scanner could not detect them.
    IMO, it is far more dangerous because the file is stored in executable form, which means you can execute it from everywhere (including LAN). It is just a click away.
    If they are undecoded, you will need a decode tool when you want to execute it outside of Becky!. It will diminish the potential risk of unknown viruses being executed.

    Some people may feel unconfortable that undecoded viruses sit in your hard disk. But for that matter, all I can say is that virus scanning is not my job, their job"
     
    MickeyTheMan, Jul 2, 2002
    #9
  10. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Paul ;)

    Could take some time : I don't have it anymore and wrote to R.Garcia to have it.

    I tried on lots of AV/AT last year just to compare but as I find pointless scanning the archives as the malwares in those are harmless (and I have a lot of archived virus too:))

    As soon I get it, I forward the link.

    CU ;)

    JacK
     
    JacK, Jul 2, 2002
    #10
  11. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,475
    Location:
    The Netherlands
    JacK,

    No prob; patience is a virtue ;)

    In essence: agreed. On the other hand: quite some email clients do create separate databases (if only for importing possibilities) in archived form. Thus, even after deleting an infected file, it could easily be around in the archived database(s). Personally, I'm not fond of that idea.

    grin..I know your have :cool:

    Thanks in advance!

    regards,

    paul
     
    Paul Wilders, Jul 2, 2002
    #11
  12. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hi Paul ;)

    Here for your patience : http://www.attac.net/

    So sorry : in French : Testez votre anti-virus

    Enjoy ;)

    http://www.les-smileys.inforum-city.com/diables/blueScreen_D.gif

    JacK
     
    JacK, Jul 4, 2002
    #12
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...