outgoing mail

Discussion in 'NOD32 version 2 Forum' started by alkanida, Nov 30, 2003.

Thread Status:
Not open for further replies.
  1. alkanida

    alkanida Guest

    Does Nod 32 scan outgoing mail ? I'm trying Nod32, and i was wondering if it can scan my outgoing mails ( i use outlook express).

    2° question: in "object to diagnose" i,n the set up, do i have to check "run time packers" and "archive" ? What is it ?

    Thanks.
     
  2. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    NOD32 don't scan the outgoing mail, only the inbound.
    Runtime packers: if you turn on it feature, NOD will scan in run time packers like UPX, etc. (I recommend turn on it option).
    Archive: NOD will scan inside compressed file like .zip, .rar (WinZip, WinRAR).
    Best Regards.
     
  3. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    what's the option to turn that on.

    It can become usefull
     
  4. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    What is the option to turn what on that might be useful? The IMON component of NOD scans incoming mail by default unless you disable IMON in its setup panel. Archive and runtime packer scanning can be activated as noted in the NOD on demand scanner.
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    This is where you can tick scan runtime packers and archives (in the scanning component of Nod).

    Cheers :D
     

    Attached Files:

  6. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    regarding IMON....

    what extra option could have on?
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    IMON Setup

    Cheers :D


    - Restructured image to fix thread width - LWM
     

    Attached Files:

  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you have AMON enabled (and it should be enabled all the time), it won't allow you to attach infected attachments when composing an email message.
     
  9. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Marcos, doesn't allow attaching infected files when this does a script virus or worm or something else AMON, too? o_O

    thx

    bye

    iNsuRRecTioN
     
  10. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Someone told me for understanding problems ;-)

    sorry, my english is bad (german one) :D

    I mean, is AMON able to stop/don't allow attaching an infected file to an email and send it to someone or many people (how the virus, script, worm or something else is written), when this passed/is done over/with a virus, script, worm or something else that the user doesn't noticed!

    I ask that, because IMON don't scan outgoing email and so AMON have to stop/don't allow such things/operations!

    bye

    iNsuRRecTioN
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hi Insurrection,

    yes, AMON is supposed to intercept any malicious script code in htm/html or other files that might be potentially dangerous as you attach the file to an email message.
     
  12. Buddel

    Buddel Guest

    This is the reason why I don't think it is really necessary for NOD32 to check outgoing emails. If you attempt to send an email with an infected attachment, AMON should take care of it.
     
  13. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Buddel, yes thats true, but because of showing other people that you are using NOD32V2 and they can ensure that the email is clean.

    That's the point and indirect marketing for NOD32V2, I think thats great and annoy nobody!

    It's simple cool, when you see a message at the bottom of the mail, that this mail is scanned by NOD32V2 and is clean!

    Okey, so long, maybe in the feature, there is be an option in IMON ;-)

    greetz

    iNsuRRecTioN

    EDIT: but I think, when there is an option to append to all emails an notification, it sounds for the users, that outgoing email is included! The same is for archive handling..but there will be another thread :p
     
  14. Buddel

    Buddel Guest

    Well, it may be a nice feature which could be added to NOD32 some time in future. For the time being, however, I do think Eset should focus all their attention on the things that are more important. Lots of things are still to be done.
     
  15. Phil_S

    Phil_S Registered Member

    Joined:
    Nov 13, 2003
    Posts:
    152
    Location:
    UK
    Personally, I think it would be an extrememly _useless_ feature.

    The "This email is certified virus free" message that another AV appends to outgoing emails certainly annoys plenty of people, for various reasons including:

    1) Anyone searching the web or usenet for information about that software, or just on the keyword "virus" will get thousands of useless hits on totally unrelated messages, simply because they contain that phrase.

    2) How can a message be declared totally virus free with 100% certainty? It can only be declared that no virus has been detected by the scanning software, which is not the same thing at all.

    3) Do you trust emails containing such messages to the extent that you wouldn't bother to check them for viruses on receipt, no matter where they originate. If so, then surely the inbound scan is redundant? If not, then what is the point of appending such a message in the first place?
     
  16. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Phil_S, "This email is certified virus free", I never say that.

    1)usenet? its only for emails, my emails not on usenet..
    2)totally 100% virus free? never say that. Its just useful information.
    3)For people with webmail and for people with no email scanner!

    And I think the same like Buddel, more importent things such as "archive handling" have to implement first and please soon! :D

    So long.

    iNsuRRecTioN
     
  17. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Said by Marcos:
    >If you have AMON enabled (and it should be enabled all the time), it won't allow you to attach infected attachments when composing an email message

    Huho_O Of course, AMON will let you send an infected attachment without password protecting it! I used do it a lot. I was working with Road Runner ISP when their virus scanner was not detecting some viruses and I was helping them. I sent an infected attachment just now to myself at another email address. Not a peep out of AMON. I wouldn't want AMON to try and stop me...that would mean I would have to password protect when sending to users whose ISP's don't scan for viruses and thus no password protection is needed with them. I don't send infected attachments to someone who hasn't requested the sample so I am sending only to those who have asked and are expecting an infected attachment.

    What makes you say AMON stops this? Do you have to have IMON enabled in order for AMON to stop you? I never use IMON as it is redundant and unnecessary.
     
  18. anders

    anders Eset Staff Account

    Joined:
    Oct 25, 2002
    Posts:
    410
    If you have AMON set to scan on Open, and try to attach for example "eicar.com", AMON will block it, since it will be scanned when your e-mail client opens it in order to attach it to the mail.

    IMON is using the advanced heuristics, which isn't (yet?) available in AMON. At the moment, IMON is better than AMON at detecting new/unknown malware.

    Best regards,
    Anders
     
  19. driftalong

    driftalong Registered Member

    Joined:
    Dec 16, 2003
    Posts:
    15
    Maybe those who want a message appended to their mail can make their signature something like: 'Outgoing mail verified as virus free by yadayadayada'
    Thats what I do with NAV. It scans mail both ways, but doesn't append a message.
     
  20. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    Hi,
    I think that is true that scan outgoing message aren't important if AMON intercept the viruses, but AMON detect less than IMON, because AMON don't use the Advanced Heuristic and don't scan into .zip, .rar files, so it's important that IMON scan outgoing mail, or that AMON will able to use the Advanced Heuristic and scan into .zip and .rar files, etc.
    Best Regards.
    PS: Obviously it's not the most important feature that NOD would include in the near future.
     
  21. NewNOD

    NewNOD Guest

    I have no strong opinion one way or another about appending messages to outgoing emails, but I tend toward the "it's an advertising gimmick for the AV company" philosophy.

    I do have a comment about people in this thread (and others) saying something is redundent or not needed or otherwise useless because some other component handles the situation. This argument has been used as to why NOD can scan zipped files but can do nothing about it when a virus is detected because (everybody chime in) AMON WILL CATCH IT WHEN IT'S EXTRACTED. These same people will generally brag about their layered defenses and some will boldy display, along with their posts, that they have a such & such PC, protected by this, that and the other software (trojan detectors, registry change detectors, worm detectors, spyware detectors, etc., etc. as well as NOD...and I guarantee that some of these apps have intersecting functionality). Why doesn't this same philosophy...that redundency and layering are good...apply to the internal workings of NOD and its capabilities. To not use this philosophy implies that all possibilities are known and that you are in control.

    Take this scenario regarding IMON scanning outgoing mail:

    1. Say you receive an email on 12/20/2004 at 2:00PM and it has an attachment
    2. The email is apparently from a friend...IMON inbound doesn't catch anything, and upon opening, AMON stays quiet
    3. You close the email after having a good laugh over the joke in the attachment and close the email client
    4. Over night, NOD32's signatures are updated to now include a new threat; as it turns out the new threat was in the email attachment
    5. On 12/21/2003, the next day, you decide to forward the email to another friend

    Two possible conclusions here depending on whether outgoing mail is scanned:

    6. You infect others when you send the mail if outgoing mail is not scanned;

    OR

    6. The mail is stopped during the outgoing scan and you are immediately alerted to the possibility of other infection without having to wait for the next scheduled full system scan to find out.

    All kinds of arguments about how this could never happen to "me" even if my AV doesn't scan outgoing mail could be presented (such as I don't open attchments...in such cases the whole point of scanning mail in or out is moot), but the argument shouldn't simply be that it's not needed "ever". Even if you don't buy my scenario, the point is that stuff happens...you just don't know when, where or how sometimes.
     
  22. NewNOD

    NewNOD Guest

    I meant "12/20/2003"...

    Sorry. :)
     
  23. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    I'm agree with you.
    I think that add comments type this message was checked..... to the e-mails that you send to others is a useless feature, however the outgoing scan is important.
    However I'm not agree with your scenario, because if you receive a file that IMON and AMON don't detect, but at the next update release, NOD detect it, in the moment that you try to append the file to the message, AMON will alert you of the Virus/Trojan, etc. without a outgoing e-mail scanner.
     
  24. NewNOD

    NewNOD Guest

    Nope. Please note that nothing was attached / appended by the user. In the scenario, the mail was opened, attachment viewed, mail closed, then the SAME mail was later FORWARDED. The attachment was already attached to the original mail. No further messing with the file was required.

    Thanks.
     
  25. sir_carew

    sir_carew Registered Member

    Joined:
    Sep 2, 2003
    Posts:
    884
    Location:
    Santiago, Chile
    mmm, yes, it's true.
    The solutions is that IMON scan the outgoing mail (obviously) or that AMON scan inside mail databases file.
     
Thread Status:
Not open for further replies.