Hi, Has anyone been following this thread at the Becky forums? http://www.morelerbe.com/ubb/ultimatebb.php?ubb=get_topic;f=39;t=000334 Does not sound like a good situation for those of us who use both Becky and NOD32. I have seen no reply from Eset as of yet. Logan
Hi, Not a big issue : as far as a virus is compressed, it cannot be activated. Nod32 would catch it at uncompressing. AFM I find pointless to scan archived files. Anyway, any AV or AT fails detecting virus/trojans/worms if the compressing rate is strong enough http://smilies.sofrayt.com/1/r/biggrincurtain.gif
My understanding of the situation is that it is a problem for users of those two programs, but NOD32 WILL catch the virus before it's run -- it just might give the false impression of you not having a virus at all before the file is run. In my opinion, though it is a problem, it's not a deadly one...
As far as I know, the upcoming new version will tackle this issue. Indeed it's not a "deadly issue" right now. JacK, DrWeb never missed a strongly compressed virus/worm in archived files . But that's just a side note! regards, paul
Hey, Thanks for the info. Glad to see they will (I hope) be addressing the issue with the upcoming version. Logan
Hi Paul, I look for a links with sample (harmless) of different rates of compression and shall post it here Dct Web like the other AV misses on a certain amount of compression Cheers, JacK
JacK, Nice! I will not argue that possibility; in reality, I've never encountered such an example regards, paul
As for the Becky's part, here is Carty's response: "For the security consideration, viruses are never activated when they are MIME encapsulated. Suppose that if a virus file are decoded on retrieval. Some viruses might be new and virus scanner could not detect them. IMO, it is far more dangerous because the file is stored in executable form, which means you can execute it from everywhere (including LAN). It is just a click away. If they are undecoded, you will need a decode tool when you want to execute it outside of Becky!. It will diminish the potential risk of unknown viruses being executed. Some people may feel unconfortable that undecoded viruses sit in your hard disk. But for that matter, all I can say is that virus scanning is not my job, their job"
Hi Paul Could take some time : I don't have it anymore and wrote to R.Garcia to have it. I tried on lots of AV/AT last year just to compare but as I find pointless scanning the archives as the malwares in those are harmless (and I have a lot of archived virus too) As soon I get it, I forward the link. CU JacK
JacK, No prob; patience is a virtue In essence: agreed. On the other hand: quite some email clients do create separate databases (if only for importing possibilities) in archived form. Thus, even after deleting an infected file, it could easily be around in the archived database(s). Personally, I'm not fond of that idea. grin..I know your have Thanks in advance! regards, paul
Hi Paul Here for your patience : http://www.attac.net/ So sorry : in French : Testez votre anti-virus Enjoy http://www.les-smileys.inforum-city.com/diables/blueScreen_D.gif JacK