Problems w/ scanning from context menu??

Discussion in 'NOD32 version 2 Forum' started by radicalb21, Jun 15, 2003.

Thread Status:
Not open for further replies.
  1. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Has anyone heard anything about when this feature will be available? It's been a couple of weeks. I have noticed some engine updates but this hasn't resolved the issue. Thanks again.
     
  2. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi radical,

    sorry for the delay. More info here.

    >Has anyone heard anything about when this feature will be available? It's been a couple of weeks. I have noticed some engine updates but this hasn't resolved the issue. Thanks again.

    We try to implement it asap - anyway - we have some more important fixes to implement now.

    Thanks, :)

    jan
     
  3. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Ok. thanks for the update Jan. I appreciate your help.
     
  4. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I fail to see what the hullaballo is all about here. Why would you expect NOD to give you options such as rename, etc. when this is a zipped file? It is harmless as such. Plus, who would save it zipped like that? You would unzip and when you did then AMON would catch it and give you all the options. I wouldn't scan it zipped in the first place as it doesn't matter if it is infected or not when it is zipped.

    I think this is a big uproar over nothing. NOD acts correctly in this instance IMO. No option other than leaving (and quarantining) should be available for a zipped file. Most of us would want to just leave it anyhow. Of course quarantining isn't really quarantining.

    What is important and needs fixing is the fact that quarantine doesn't work like it does in other av and there is nothing in the help file to explain this. In all other av I have used, quarantine means MOVE the file not COPY the file as NOD does. Now this is important because most will be confused because it isn't moved. How anyone could be confused by the lack of actions available for a zipped file which is harmless until unzipped when Amon will stop it, makes no sense to me.
     
  5. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Any idea when this feature will be added to a program update or incorporated into the program? Also is it possible to have AMON scan within compressed file formats such as .zip, .rar, .ace just to name a few. I would appreciate any and help that could be given by both moderators, members, or administrators. Thanks again.
     
  6. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hey radical,

    > was wondering when the feature would be added for dealing with eicar from a .zip, .rar, .ace form of compression.

    Well, to write the truth:

    there is a plan to implement it. Now there are more people that need help with more important things - e.g. some software conflicts, etc. When we'll fix these things, the compression issue follows.

    >Also would it be capable for Amon to scan inside of compressed files rather then extract the file for Amon to detect it.

    Explanation:

    The reason for AMON not detecting the archives is that we don't see any real important reason for that. We want to offer the default settings as an effective coincidence between detection, performance of the system and the scanners and other factors. The new packed malware is detected (as I wrote above). if anybody wants to scan archives - it can be done with the on-demand scanner.

    Thanks,

    jan
     
  7. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Are there any updates on when this feature will be added to deal with either deleteing or replacing the file with a clean version of that file when dealing with .zip, .rar, .ace, or .arj . It has been a couple of months now. I would appreciate a response from an ESET Moderator.
     
  8. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi radical,

    sorry - there are still more important things to do - being pretty busy.

    Thanks for the understanding.

    jan
     
  9. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    I agree with you. This MiMail.C is spreading across networks in a .zip file format. I got one today in a .rar file format. I've been asking for this feature ever since NOD32V2 was released. The feature was available in NOD32V2B5 where in the beta version NOD32 you only could delete the whole archive, not just a particular file. In the near future we plan
    to incorporate support for performing actions on files within archive so
    it will be possible to replace an infected file with its clean copy. I have been told the following by ESET Moderators:

    "We try to implement it asap - anyway - we have some more important fixes to implement now." This posted on August 8, 2003.

    "Well, to write the truth:

    there is a plan to implement it. Now there are more people that need help with more important things - e.g. some software conflicts, etc. When we'll fix these things, the compression issue follows." This was written on August 28, 2003.

    "Sorry - there are still more important things to do - being pretty busy."
    This was on October 23, 2003.


    I started this thread back on June 15, 2003 and it is now November 3, 2003. This issue has yet to be resolved and it is almost been six months now. I would hope after this latest threat it would move this feature to the foreground of things to be implemented asap. Iwould appreciate a response from an ESET Moderator. Thanks again for the help again in advance.
     
  10. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Thanks for everyones support about this issue. I would appreciate a response from any of the ESET Moderators in this forum as well as any other forum moderator or administrator. I believe this feature is now needed to be added asap. This is in response to the recent threat from MiMail.C being compressed in a .zip file format and going accross networks. Thanks again in advance.
     
  11. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi,

    as you probably know, NOD32 scans inside zips, it just doesn't clean/delete malware inside them - that is detected by AMON upon extraction of the compressed file. We want to add this feature for your convenience, but there are really bigger priorities now. It can take a bit longer time.

    NOD32 detects and deletes various versions of Mimail.

    Thanks for your understanding and patience :)

    jan
     
  12. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    As I said earlier, I don't see, even after reading all these posts since my earlier one, what all the hullaballo is about. The worm is harmless until extracted whereupon Amon will kill it. I think there are a lot more pressing matters for Eset to deal with than this. I personally don't care if what you are asking for is ever provided.

    I, for instance, would far rather see Eset provide a simple way to get NO32 to scan weekly from the Windows scheduler and place a report on my desktop for perusal the next morning. I can't get this to work and I don't think I'll use NOD32 on my new XP Pro box because of this problem. Or I would also far prefer that Eset make it simple for us to make Rescue disks instead of the convoluted method that we now have. I need those disks for my W98SE box. There are all sorts of things that need attention more than a harmless zipped file with a worm in it. I have a several of those on my box and I sure don't get bent out of shape over something so minor.
     
  13. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I second this, great suggestion :D

    Cheers :D
     
  14. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Yet another month goes by and this problem still hasn't been fixed. I tired of different people from ESET saying there are more important things they need to take care of at the moment. Aren't I as a customer important as I have bought their product. The people at ESET keep saying to me in emails and forum posts that the changes to correct this problem are coming and to be patient. Once or twice saying this is ok but this has gone on now for more then six months and they keep saying the same things just using different words so it doesn't look like your sample form reply. I was told when working in retail that the customer is always right.
     
  15. Kevin

    Kevin Registered Member

    Joined:
    Oct 31, 2002
    Posts:
    28
    Radicalb21,
    Let me start this reply by saying I'm no expert on NOD. Though I sympathize with you and it would be a nice feature, I can see why it is delayed.
    I use the following work around until the feature can be implemented. Run the full active scan with heuristics, deep, and all types of packages set to be scanned. Run the scan. When the malware is found, double click on the entry in the NOD scanned files box. It will tell you exactly which malware is in the email and which email message it is in. Simply delete the particular email and you're done. Calling up the email doesn't increase your risk because Amon will stop it from activating.
    Hope this helps.
     
  16. NewNOD

    NewNOD Guest

    Radicalb21 wrote:
    I'm with you all the way. If things actually got fixed or customer recommendations were acted upon, I could understand the call by many to be patient and allow ESET to "prioritize". However, when nothing changes over so long a period, the "priority" argument becomes just another excuse. I won't go into detail here, as it's all been said before, but plenty of things (even minor things that could be fixed with a snap) go undone. What did we actually get from the latest update (those that were able to download it / install it) that represents anything that has been reqested or pointed out by people on this forum? Most software companies that charge $40 US for software and then additional fees for updates do whole version revamps in the time it takes ESET to fix a short list of items. I have to say that the Kernel32 errors went away for me, but based on the list of the "official" update changes, I would say that that fix was a side effect of something else that was done to the IMON module (and even if it was deliberately in response to our requests for a fix, it still took 6 months...unacceptable either way). If ESET normally responded with speed and effectiveness, I could not bring myself to say that; however, experience shows that they have there own unidentified agenda completely separate and exclusive of the comments made here. (Expect usual flames from the usual folks).

    I'm beginning to believe that ESET is snipped - offending is not allowed

    Mele20 wrote:
    While I totally disagree that you are better able to identify what's important than is Radicalb21, I have the same displeasure as you regarding the issue of placing a scan report on your desktop after scheduled scans. I wrote a VBScript that does that very thing (partial description block follows)...

    ' NOD32 Script NewNOD 16Dec03
    '
    ' -------------- Description Block -------------------------------------
    '
    ' Title: NOD32 Scheduled Scan Notification / Summary Script...
    '
    ' Description: The script runs in the background during NOD32
    ' scheduled scans and:
    ' 1. Tests for changes in NOD32 text LOG files
    ' by examining the Last Modified date of file
    ' 2. Tests for scan duration by comparing scan
    ' duration reported in NOD text LOG with a user
    ' specified duration
    ' 3. If both tests are "True", the script:
    ' - Scans and retrieves summary info from text LOG
    ' - Reports summary info obtained from text LOG
    ' - Prompts for saving summary text to user-specified
    ' file
    ' - Prompts to view complete NOD32 text LOG from
    ' which summary data is obtained
    ' Features: The script has the following functionality:
    ' 1. User-defined constants (see below)
    ' 2. Text LOG scan works with NOD32 set-ups using either
    ' "Append" or "Overwrite" set in NOD32 scan Profiles
    ' (not tested with Word-Wrap, but it should work as the
    ' strings being "copied" from the original NOD32 text
    ' LOG file are not long enough to be wrapped).
    ' 3. Scan works even if you use only one NOD32 LOG file for
    ' all of your NOD32 Profiles. However, if you were to launch
    ' more than one scheduled scan, and both scans would meet
    ' the script's test criteria for reporting, only the first
    ' completed scan would get reported; the script would then
    ' terminate itself, leaving the second scan to finish up
    ' without being reported
    ' 4. The script does not alter in any way normal functioning
    ' of NOD32. It simply reads text LOG files created by NOD32
    ' to get it's information.
    ' 5. (Optional) Icon displayed in tray using the an external *.ocx
    '
    'Usage: Schedule the script to be launched with each scheduled NOD32
    ' scan. The script will run until:
    ' - LOG file changes AND scan duration criteria are met OR
    ' - Until TimeOut specified by user
    ' - (Optional) OR until terminated via right-click 'Close'
    ' Menu Item in Tray Icon

    ....More description snipped
     
  17. Buddel

    Buddel Guest

    radicalb21, I agree with each and every word you say. I'm also tired of being told to be patient. Eset's customers may be patient for some time, but they won't be patient for ever. Let's hope things will soon change for the better.
     
  18. NewNOD

    NewNOD Guest

    I wrote (but got snipped by a moderator:
    I don't really see how what was snipped is any more or less offensive than anything else I wrote (or than Radicalb21 wrote or Buddel wrote or...).

    For those who did not see the original post before it was edited, no foul language was used. I simply stated my view of ESET's organization via comparison to a recently released, critically acclaimed movie.
     
  19. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    NewNod,

    Well, I did.

    Indeed no foul language was used. The wording from your comparison nevertheless rather offensive and denigrating. No need for that over on this board.

    regards.

    paul
     
  20. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Radical,

    >Yet another month goes by and this problem still hasn't been fixed.

    Amon cathes the infection upon extraction - so I wouldn't call this a problem - I would call it feature. We need to solve problems first, then the features.

    Thks.,

    jan
     
  21. Kevin

    Kevin Registered Member

    Joined:
    Oct 31, 2002
    Posts:
    28
    To the Eset folks,
    I'm still rather new at NOD but I have a couple of suggestions that could be implemented rather easily that I believe will reduce some of the comments made here.
    Part of the problem appears to be that information is not getting to the right folks at the right time. I have the following suggestions:

    1. Add a page to the main web site for problems that Eset/clients have encountered and Eset's fix or the current status of the problem/estimated repair date. The forum is helpful (Thanks to all :D) but it's too hard to find out what is really going on with many issues, especially if the user is new. In addition, we have no idea if Eset is aware of the problem in the first place because there is no sense of feedback from Eset unless it is an issue the individual with the problem submitted.

    2. Add a wish list page to the main site of submitted ideas/feature additions/changes. This is also done on the forum but is scattered under multiple topics and tends to be submitted multiple times.

    As to time requirements for item 1, the page would require about 1 hr to put together and debug. Entries could be added quickly by the tech's themselves, (a single line describing the issue would suffice), then a daily review of the outstanding issues. Updates could be added at that time. Using the forum as a guide, there are only about a dozen hot topics on any given day.

    I'm long winded and I apologize, I'm simply putting in my two cents to try and streamline the process a bit.

    Thanks for your time.

    Kevin
     
  22. Randellx5

    Randellx5 Registered Member

    Joined:
    Oct 11, 2003
    Posts:
    4
    - General Comment -


    Just posting an opinion... no agenda. Have done quite a bit of reading on the forum, first time post. Do contract sys admin in my area, long time Norton user, now using Nod32.

    Every software program has a certain underlying philosophy, along with some bugs and glitches that usually accompany the current implementation of that particular philosophy... hopefully in a positive stage of evolution. It would seem to be a desirable situation that users of that particular program could have a specific effect on the program with various feature recommendations, additions, changes, fixes, etc... and to an extent that is a desirable situation. Unfortunately, although most of us feel our particular recommendations and complaints make obvious sense, a list of such things from the user direction can become a formidable list for program devolopers to deal with... and some of the things on that list will conflict with the program philosophy, as determined by the developers.

    I get the impression a large part of the Nod32 philosophy is lean, quick, effective, and operate from a small footprint. This is a definite part of the reason for my choice of Nod32 rather than Norton recently. My particular preference at this time would be a focus by the developers on obvious bugs and glitches of their fairly recent new version, which I happen to like, and then work on any features and improvements they believe will blend into their program philosophy... someone else may of course have different preferences.

    The Eset folks seem to be more responsive to some of these forum posts than most, good luck with Norton or McAfee, but everything winds up being an issue of time... which is money. Eset has to decide how much time and money they can invest into each area... dealing with the forum, customer responses, program fixes, new program features, more employees, etc. and still accomplish their program goals. They even get to determine the timeline for these various activities.

    Ultimately, the market place decides how succesfully any product philosophy and implementation meets enough user desires to survive and prosper. I can well agree with many of the posts I have read, but I would hate to see the price increase for Nod32... and I would hate to see it attempt to become 'something for everyone', along with the necessary 'bloat' that would accompany that direction. As to suggestions for improvements and features, there's actually no end to that.

    The really wonderful thing about it is... the customer gets to make the choice. If a program doesn't meet your expectations acceptably, the developers won't add the features you want, you don't agree with the philosophy the developers seem to be working with, or ?.... you can simply purchase another product, or perhaps write your own for a custom fit. How users make those choices will ultimately determine the success or failure of that particular program. At this particular time, my realization that I do have that choice led me to choose Nod32 over Norton, after a number of years.

    Your preferences and mileage may of course vary... Randell
     
  23. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    Well here I go again and yet another month has passed and this issue still goes unresolved. I know the ESET Moderators have said this is not a problem and is an additional feature. But come on I have been talking about this since June of '03. I know there have been recent issues with NOD32v2 2.000.8 . I believe most of those problems have been fixed or resolved. I have seen in recent months five or six files in a compressed format i.e. .zip, .rar, .arj, and .ace to name a few that hade viruses in them. If this is the way virus writers are going to keep sending some of those files I believe this feature needs to be added and soon before it is to late. I would appreciate an update on this situation from an ESET Moderator. Any and all help would be appreciated. Thanks again in advance radicalb21.
     
  24. radicalb21

    radicalb21 Registered Member

    Joined:
    Jun 6, 2003
    Posts:
    164
    Location:
    USA
    :mad: It's March of 04' and still this problem persists with the product. In recent weeks and months I have seen other forum members change their opinions about this issue. They now believe as I do that this needs to be implemented as alot more viruses are coming inside of compressed files. I know the moderators from ESET have said this isn't a problem but an additional feature. If it is an additional feature why has it not been implemented yet when numerous people have requested it. This has been an ongoing issue since JUNE 03'. The moderators from ESET have said that once the problems with software conflicts have been resolved they will work on additional features. All kinds of software conflicts will continue to happen there by constantly delaying the implementation of new features. I would appreciate a response from ESET MODERATOR as soon as possible as the last time I posted and was ignored.
     
  25. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi radical,

    sorry for the delays - really busy here. The other AVs, e.g. KAV also doesn't clean a virus inside a compressed file. If a worm would be cleaned in a compressed file - usually just the header remains.

    Thanks for your understanding.

    jan
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.