Outlook 2007 Exchange 6.0.308 to 6.0.314

Discussion in 'ESET NOD32 Antivirus' started by MongrelCat, Mar 20, 2013.

Thread Status:
Not open for further replies.
  1. MongrelCat

    MongrelCat Registered Member

    Joined:
    Aug 17, 2010
    Posts:
    24
    Location:
    South Carolina
    Has anyone observed any issues with Outlook 2007 using exchange server with the 6.0.308 to 6.0.314 update? I am intermittently losing the exchange connection and from time to time observing significant slowdowns in data retrieval. It could be an issue with the corporate exchange server, but it would be highly coincidental the upgrade from 6.0.308 to 6.0.314. Thanks.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Does disabling any of the following make a difference?
    - HIPS (followed by a computer restart)
    - integration with MS Outlook
    - POP3 or IMAP checking
     
  3. MongrelCat

    MongrelCat Registered Member

    Joined:
    Aug 17, 2010
    Posts:
    24
    Location:
    South Carolina
    I tried each of these. Disabling POP3 checking is the only one that seems to get things back to normal.
     
  4. er34

    er34 Guest

    Marcos ,

    I still do not understand why 3rd party vendors like ESET try to perform email scanning on the end user machines.

    I know it is probably a good marketing strategy to advertise in front of the non-savvy end users that you scan and "protect" their emails but other than that there is no reason:

    1. Small 3rd party vendors like ESET with less people and less developers seems to always have troubles coding something that will work 100% with MS technologies. This causes only troubles and at the end this ruins your business reputation. When you can do something - do what you are best at, don't do what you obviously cannot.

    2. End users (most of them) use web-based free mails and if they decided to use their POP3/IMAP functions, they do not need additional scanning on the end side because the mail provider already has virus scanning on server side and additional rules to prevent malware. Do not tell me you do not know that Google, Microsoft, Yahoo, etc perform such scanning on server side and have anti-exe rules, anti-password protected archive rules, etc...

    3. Even if we imagine that the mail provider does not perform any filtering (SPAM/MALWARE/ETC.), when the mail arrives in the end user mail box, a malware can only infect/spread/perform malicious actions by social engineering - if the stupid user starts the attachment, clicks a link , etc - then the on-access scanner will pop-up for sure or the web scanner.

    4. Anti-SPAM filtering is performed by the majority of mail providers.
    • End users use web-based mails with excellent anti-spam technologies (Google, Microsoft...)
    • Business users use email applicances (mail gateways) and do not need end user spam filtering from AV vendor.
    • Email clients (popular ones such as Windows Live Mail, Outlook, Thunderbird, etc) do have built-in SPAM filters and trust me they work better than most 3rd party vendors (including ESET's one).

    Next time you have a meeting, propose your bosses to release an update to all clients to automatically and by default disable mail client integration and pop/imap/smtp scanning. In addition to the above many reasons - you might include and mention that Microsoft's own antimalware products do not integrate into mail client software and do not perform anti-spam filterting on client side. The same applies for Symantec and McAfee business solutions. And they all have no problems like these in this thread. I am really getting annoyed at ESET company to see so many posts here at Wilders about mail client problems and ESET software when the solution is so simple. And you make these problems on your own. [And these constant HIPS problems posts and HIPS problems you created artificially with v5 - why? HIPS module is still useless in NOD/ESS]

    I am writing this because I am just trying to help you - this is constructive critism. :thumb:
     
    Last edited by a moderator: Mar 24, 2013
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    1, I guess that majority of users (including corporate users) do not use free mail services.
    2, even if an AV is used on a mail server for scanning emails for threats, this will not ensure that 100% of malware will be intercepted.
    3, it is not true that real-time protection would 100% detect and block a threat if email protection was disabled. Email protection can use stronger heuristic approach when compared to real-time protection plus it also scans inside archives. It's similar with web protection; it protects users against many more new born threats as it also uses different techniques than other protection modules.

    To sum it up, disabling email protection would significantly affect the safety and might cause users to run threats received by email.
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Would it be possible to log the POP3 communication using Wireshark and supply me with the pcap log for analysis?
     
  7. er34

    er34 Guest

    Yes, that is why they have mail gateway devices, mail servers, etc that perform the scanning and applies the rules Additionally, they follow rules and they have good mail client software that blocks whatever is necessary.

    That is just a speculation. Give me an example of a malware sample that the Exhchange scanner or other mail gateway scanner cannot detect.
    Additionally, if we accept your speculation for true, let's not forget the other parts of the layered approach (the end user and its protections, for example).

    Another speculation. Yes, it is wrong that real-time protection will 100% detect and block a threat if email protection was disabled but also it is wrong that real-time protection would 100% detect and block a threat if email protection on local machine is enabled. Having local email protection does not 100% guarantee better email protection.

    I am also not talking about scanning only - I also talk about rules - and rules are more important - rules such as not sending/receiving PE files, not accepting password-protected archives, etc. These rules are in place on all/most mail providers and definitely in all enterprises.
    Rules + serverside scanning makes local end-user side email scanning useless.


    Do you say that this email protection technologies that use stronger heuristics than the real-time file protection module cannot or are not already implemented in the Mail server/gateway scanning technologies? Do you say that modern email client systems cannot block PE files from being executed ?

    Speculation. Give example of such a threat that:
    - 1 - will bypass the major free mail vendors such as Google/Yahoo/MS
    - 2 - will bypass the company's mail gateway scanner
    - 3 - will bypass the company's mail server/gateway email rules
    - 4 - will bypass end user AVs definitions
    - 5 - will bypass end user's mail client protection (Thunderbird, MS Outlook, etc.)
    - 6 - will bypass end user's other protections that might be there such as HIPS, firewall, behaviour blocker, reputation , other restrictions.

    I am not aware of such a sample that is so strong that cannot be stopped by any of the above 6 and that requires ESET Mail scanner (POP3/IMAP) and integration.

    Tell me, Marcos, why Microsoft/Symantec/McAfee do not have mail scanner or have it but is disabled by default. Tell me, please tell me.
     
Thread Status:
Not open for further replies.