Winsock Question

Discussion in 'NOD32 version 2 Forum' started by Shaker, Jan 12, 2005.

Thread Status:
Not open for further replies.
  1. Shaker

    Shaker Registered Member

    Joined:
    Aug 12, 2004
    Posts:
    153
    Location:
    Norther California
    I once read a post here from a person who used to use NOD and doesn't anymore, that they didn't like an AV that scanned e-mail at the winsock level. I can't remember their reasoning, it's been a while. Being somewhat of a noobie to NOD32, can someone explain what the advantage, or the disadvantage if there is one, of scanning e-mail at the winsock level compaired to the way most AVs scan e-mail.
     
    Last edited by a moderator: Jan 12, 2005
  2. Atangel

    Atangel Registered Member

    Joined:
    Aug 29, 2004
    Posts:
    53
    At the Wisock-level, the AV scanner has access to all communication, including Web. A Pop-scanner proxy will just scan e-mail.

    Not so much an answer about the Winsock level, but more of what purpose does a mail scanner play (cause I think people worry about them TOO much. Mine's enabled, mind you :) ).... any mail or internet scanner is really a "nice to have" not a "need to have," more like an early warning system. The resident should catch it as well since that's its job and it is working off the same engine, heuristics, whatever.... The main idea is to keep the nasties on the other side of the fence form your system, to keep them from ever getting to you. Conversely, if the resident engine or heuristic or whatever doesn't recognize the nasty, neither will your scanners! So things like encrypted mail or other encrypted communications can't be scanned (after all, the whole purpose is to keep from being able to read the message and its contents), but the resident porttion of the AV will still protect you after it is decrypted.
     
  3. Shaker

    Shaker Registered Member

    Joined:
    Aug 12, 2004
    Posts:
    153
    Location:
    Norther California
    Thank you for the explanation Atangle.
     
Thread Status:
Not open for further replies.