outgoing mail

Does Nod 32 scan outgoing mail ? I'm trying Nod32, and i was wondering if it can scan my outgoing mails ( i use outlook express).

2° question: in "object to diagnose" i,n the set up, do i have to check "run time packers" and "archive" ? What is it ?

Thanks.

 

Hi,
NOD32 don't scan the outgoing mail, only the inbound.
Runtime packers: if you turn on it feature, NOD will scan in run time packers like UPX, etc. (I recommend turn on it option).
Archive: NOD will scan inside compressed file like .zip, .rar (WinZip, WinRAR).
Best Regards.

 

what's the option to turn that on.

It can become usefull

 

What is the option to turn what on that might be useful? The IMON component of NOD scans incoming mail by default unless you disable IMON in its setup panel. Archive and runtime packer scanning can be activated as noted in the NOD on demand scanner.

 

This is where you can tick scan runtime packers and archives (in the scanning component of Nod).

Cheers

 

regarding IMON....

what extra option could have on?

 

IMON Setup

Cheers


- Restructured image to fix thread width - LWM

 

If you have AMON enabled (and it should be enabled all the time), it won't allow you to attach infected attachments when composing an email message.

 

Marcos, doesn't allow attaching infected files when this does a script virus or worm or something else AMON, too?

thx

bye

iNsuRRecTioN

 

Someone told me for understanding problems ;-)

sorry, my english is bad (german one)

I mean, is AMON able to stop/don't allow attaching an infected file to an email and send it to someone or many people (how the virus, script, worm or something else is written), when this passed/is done over/with a virus, script, worm or something else that the user doesn't noticed!

I ask that, because IMON don't scan outgoing email and so AMON have to stop/don't allow such things/operations!

bye

iNsuRRecTioN

 

Hi Insurrection,

yes, AMON is supposed to intercept any malicious script code in htm/html or other files that might be potentially dangerous as you attach the file to an email message.

 

This is the reason why I don't think it is really necessary for NOD32 to check outgoing emails. If you attempt to send an email with an infected attachment, AMON should take care of it.

 

Buddel, yes thats true, but because of showing other people that you are using NOD32V2 and they can ensure that the email is clean.

That's the point and indirect marketing for NOD32V2, I think thats great and annoy nobody!

It's simple cool, when you see a message at the bottom of the mail, that this mail is scanned by NOD32V2 and is clean!

Okey, so long, maybe in the feature, there is be an option in IMON ;-)

greetz

iNsuRRecTioN

EDIT: but I think, when there is an option to append to all emails an notification, it sounds for the users, that outgoing email is included! The same is for archive handling..but there will be another thread

 

Well, it may be a nice feature which could be added to NOD32 some time in future. For the time being, however, I do think Eset should focus all their attention on the things that are more important. Lots of things are still to be done.

 

Personally, I think it would be an extrememly _useless_ feature.

The "This email is certified virus free" message that another AV appends to outgoing emails certainly annoys plenty of people, for various reasons including:

1) Anyone searching the web or usenet for information about that software, or just on the keyword "virus" will get thousands of useless hits on totally unrelated messages, simply because they contain that phrase.

2) How can a message be declared totally virus free with 100% certainty? It can only be declared that no virus has been detected by the scanning software, which is not the same thing at all.

3) Do you trust emails containing such messages to the extent that you wouldn't bother to check them for viruses on receipt, no matter where they originate. If so, then surely the inbound scan is redundant? If not, then what is the point of appending such a message in the first place?

 

Phil_S, "This email is certified virus free", I never say that.

1)usenet? its only for emails, my emails not on usenet..
2)totally 100% virus free? never say that. Its just useful information.
3)For people with webmail and for people with no email scanner!

And I think the same like Buddel, more importent things such as "archive handling" have to implement first and please soon!

So long.

iNsuRRecTioN

 

Said by Marcos:
>If you have AMON enabled (and it should be enabled all the time), it won't allow you to attach infected attachments when composing an email message

Huh Of course, AMON will let you send an infected attachment without password protecting it! I used do it a lot. I was working with Road Runner ISP when their virus scanner was not detecting some viruses and I was helping them. I sent an infected attachment just now to myself at another email address. Not a peep out of AMON. I wouldn't want AMON to try and stop me...that would mean I would have to password protect when sending to users whose ISP's don't scan for viruses and thus no password protection is needed with them. I don't send infected attachments to someone who hasn't requested the sample so I am sending only to those who have asked and are expecting an infected attachment.

What makes you say AMON stops this? Do you have to have IMON enabled in order for AMON to stop you? I never use IMON as it is redundant and unnecessary.

 

If you have AMON set to scan on Open, and try to attach for example "eicar.com", AMON will block it, since it will be scanned when your e-mail client opens it in order to attach it to the mail.

IMON is using the advanced heuristics, which isn't (yet?) available in AMON. At the moment, IMON is better than AMON at detecting new/unknown malware.

Best regards,
Anders

 

Maybe those who want a message appended to their mail can make their signature something like: 'Outgoing mail verified as virus free by yadayadayada'
Thats what I do with NAV. It scans mail both ways, but doesn't append a message.

 

Hi,
I think that is true that scan outgoing message aren't important if AMON intercept the viruses, but AMON detect less than IMON, because AMON don't use the Advanced Heuristic and don't scan into .zip, .rar files, so it's important that IMON scan outgoing mail, or that AMON will able to use the Advanced Heuristic and scan into .zip and .rar files, etc.
Best Regards.
PS: Obviously it's not the most important feature that NOD would include in the near future.

 

I have no strong opinion one way or another about appending messages to outgoing emails, but I tend toward the "it's an advertising gimmick for the AV company" philosophy.

I do have a comment about people in this thread (and others) saying something is redundent or not needed or otherwise useless because some other component handles the situation. This argument has been used as to why NOD can scan zipped files but can do nothing about it when a virus is detected because (everybody chime in) AMON WILL CATCH IT WHEN IT'S EXTRACTED. These same people will generally brag about their layered defenses and some will boldy display, along with their posts, that they have a such & such PC, protected by this, that and the other software (trojan detectors, registry change detectors, worm detectors, spyware detectors, etc., etc. as well as NOD...and I guarantee that some of these apps have intersecting functionality). Why doesn't this same philosophy...that redundency and layering are good...apply to the internal workings of NOD and its capabilities. To not use this philosophy implies that all possibilities are known and that you are in control.

Take this scenario regarding IMON scanning outgoing mail:

1. Say you receive an email on 12/20/2004 at 2:00PM and it has an attachment
2. The email is apparently from a friend...IMON inbound doesn't catch anything, and upon opening, AMON stays quiet
3. You close the email after having a good laugh over the joke in the attachment and close the email client
4. Over night, NOD32's signatures are updated to now include a new threat; as it turns out the new threat was in the email attachment
5. On 12/21/2003, the next day, you decide to forward the email to another friend

Two possible conclusions here depending on whether outgoing mail is scanned:

6. You infect others when you send the mail if outgoing mail is not scanned;

OR

6. The mail is stopped during the outgoing scan and you are immediately alerted to the possibility of other infection without having to wait for the next scheduled full system scan to find out.

All kinds of arguments about how this could never happen to "me" even if my AV doesn't scan outgoing mail could be presented (such as I don't open attchments...in such cases the whole point of scanning mail in or out is moot), but the argument shouldn't simply be that it's not needed "ever". Even if you don't buy my scenario, the point is that stuff happens...you just don't know when, where or how sometimes.

 

I meant "12/20/2003"...

Sorry.

 

I'm agree with you.
I think that add comments type this message was checked..... to the e-mails that you send to others is a useless feature, however the outgoing scan is important.
However I'm not agree with your scenario, because if you receive a file that IMON and AMON don't detect, but at the next update release, NOD detect it, in the moment that you try to append the file to the message, AMON will alert you of the Virus/Trojan, etc. without a outgoing e-mail scanner.

 

Nope. Please note that nothing was attached / appended by the user. In the scenario, the mail was opened, attachment viewed, mail closed, then the SAME mail was later FORWARDED. The attachment was already attached to the original mail. No further messing with the file was required.

Thanks.

 

mmm, yes, it's true.
The solutions is that IMON scan the outgoing mail (obviously) or that AMON scan inside mail databases file.