Serious bug In NOD32! Corrupted e-mail attachments

Discussion in 'NOD32 Early v2 Beta' started by faffy, Jan 7, 2003.

Thread Status:
Not open for further replies.
  1. faffy

    faffy Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    23
    Hi!
    I need you to pay attention while I explain to you this bug. Let me tell you how I discovered it. Our mailserver has been changed in the last month. Recently, I have noticed that some of my received e-mails contained corrupted attachements, documents, picures, zip files. Not all attachements were corrupted but let's say about 70% of them. It was very strange since I have not experienced this before. I set out to perform an experiment.
    I sent an e-mail to myself that contained 7 randomly chosen jpg pictures. 6 out of the 7 pictures arrived correctly, but one of them was corrupt. Then i only sent the only picture that got corrupted to myself and it got corrupted again and always at the same place. (With images it is easy to see how they got corrupted because piture viewer programs draw it until the error, so you can see where the corruption is.)
    After this I checked the mail on the mail server through a web client, and saw that the attachements on the mail server are not corrupted. So there must be something between the server and the mail client where it got bad. I suspected my mail client first (The BAT). But I could show the same problem with other clients too (Eudora, Outlook Express).

    After this I sent the picture to another e-mail address of mine. To my surprise all the pictures or any other attachemnts got through correctly. Non of them were corrupted. This e-mail address uses another mail server.

    After this I contacted my postmaster on the mail server and complained that something must be wrong with the server setup because my attachements got bad. I sent him (and myself) a file that I knew that would be corrupted to show him what I meant. When I received this picture it was corrupted on my machine but he said that he received it perfectly.

    After this I uninstalled the NOD32 beta and all my attachements got ok. No corruption at all.

    So to summarize it.
    I used NOD32 Beta to scan my emails. On one mail server 70% of my attachements got corrupted. Not all files, but the ones that got corrupted would be corrupted every time with 100% reproducibility at the same place in the file.

    It only happens with one particular mail server, which is a Sun ONE Messaging Server, Calendar Server och Directory Server.

    It did not happen on another server (i don't know what they use at swipnet).

    The corruption was completely e-mail client independent, and the files on the mailservers were not corrupted.

    After uninstalling Nod32 Beta, everything got back to normal.

    I tested this on two different PCs, and I received the same results.

    I hope this explanation was clear, and someone can tell me how NOD32 can corrupt e-mail attachements. Has anyone experienced the same bug?

    Faffy
     
  2. I had email scanning problems with the beta too.. IMON would simply crash Outlook Express every time an infected email arrived. Soooo..

    I told Miro from ESET, they are aware of it.. I assume and hope that when Ver 2 is released for public, the IMON and email scanning problems will be resolved. I average 3 infected emails a day. I already looked at other av's for backup or replacement. However, nothing out there comes close to the 20 Plus passes that NOD32 has from Virus Bulletin.. That plus the fast scanning speed and compact size... So... I wait.. and have gone back to good ole regular NOD for now...

    Anyway, I hope the beta gets public soon!
    :cool:
     
  3. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,876
    Location:
    New England
    Hi faffy,

    Someone from the Eset team should be by soon reviewing all the beta related issues and seeing that they get addressed.

    A couple questions: Just to be clear, you are saying that NOD32 was running on the client PC(s) that were pulling the email down from the different mail servers. (So, NOD32 was not running on any of your mail servers, correct?) Also, had you previously been running the current production release of NOD32 on the PC clients, or was the new beta your first use of NOD32. (Basically, I'm asking if the previous version of NOD32 has worked / is working in this setup, and this is solely a beta release problem?)

    Thanks,
    LowWaterMark
     
  4. faffy

    faffy Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    23
    NOD32 was running on the mail clients. I don't know what e-mail protection was running on the mails servers. I know this: On the mailserver that I recieved corrupted e-mails from runs virus protection, because if I try to send the eicar virus to myself it catches it and I receive an automatic warning from the postmaster. On the other mailserver where I get my messages intact, no virus portection is running.

    I used previous versions of NOD and I did not have problem with it.

    The interesting bit is that the corruption happens only withone mail server and not the other, so there must be between the NOD and the mail server that causes this problem.


    Faffy
     
  5. faffy

    faffy Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    23
    Is there anyone who could reproduce my problem?
     
  6. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hey faffy,

    I sent you the changed imon.dll. Hope it gets better :)

    jan
     
  7. faffy

    faffy Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    23
    I tried the dll file. Unfortunately, it did not help.

    Faffy
     
  8. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi faffy,

    OK - I'll send you something else.

    rgds, :)

    jan
     
  9. faffy

    faffy Registered Member

    Joined:
    Jan 7, 2003
    Posts:
    23
    I just want everybody to know that ESET took up the challenge and looked into my problem and found a solution for me in a very short time.

    Thank you very much Jan!

    I am a very satisfied customer :D

    Faffy
     
  10. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi faffy,

    I'm glad it works now - thanks go not just to me, but to the whole ESET Team - let's look to the other things that need to be fixed.. ;)

    Thanks, faffy :)

    jan
     
Thread Status:
Not open for further replies.