Zip Files And NOD32

Discussion in 'NOD32 version 2 Forum' started by Shaker, Apr 18, 2005.

Thread Status:
Not open for further replies.
  1. Shaker

    Shaker Registered Member

    Joined:
    Aug 12, 2004
    Posts:
    153
    Location:
    Norther California
    I'm a NOD32 license holder. I'm running NOD32 2.5 beta on XP home, SP2. When I first installed NOD32 on my machine, I ran the Eicar test and it passed them all. That includes detecting the Zip and Zip2 files before opening. Today I ran the Eicar E-mail test at,

    http://www.aleph-tec.com/eicar/index.php

    When I received the test e-mails, NOD32 popped up with the warnings. It did not detect the Zip files that were sent until I opened them. I know that is no big deal really, because the infected file can't harm you until you open it. What I'm curious about is, why NOD32 detects the Eicar zip files at the Eicar site before they are opened, but doesn't detect the Eicar zip files that are received through e-mail until you open them. I'm pretty sure I have everything set up in NOD pretty tight.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374

    Attached Files:

  3. Happy Bytes

    Happy Bytes Guest

    Oi! Oi! Oi! Oi! Oi! :eek:

    Are you speaking about THESE tests? :ninja:
    If yes, just throw a few bananas against your monitor they should be detected too...

    Seriously now - why should a antivirus detect a eicar testvirus in a password protected zip file? And even with a image file as password...

    8^) HB. :cool:

    PS: Marcos, wtf you are doing here so early? :D --->
    :D Already at work? :eek:
     
  4. Shaker

    Shaker Registered Member

    Joined:
    Aug 12, 2004
    Posts:
    153
    Location:
    Norther California

    I do get the NOD warning when I run the eicar_com.zip test. I was just wondering why I don't get the warning when the eicar.zip file comes to my e-mail inbox. I have to open the zip file before NOD detects it. Like I said, I know there is no harm done until a zip file is opened. I'm just trying to learn something here. :)
     
  5. Shaker

    Shaker Registered Member

    Joined:
    Aug 12, 2004
    Posts:
    153
    Location:
    Norther California
    Peeled or unpeeled. :doubt: ;)








    I'm not worried about the zip file in my e-mail not being detected until opened. I'm just curious why one test detects them as soon as they are loaded on to my computer, and the other, e-mail test, doesn't detect them until they are opened. Does this have to do with how AMON and IMON work?
     
  6. Happy Bytes

    Happy Bytes Guest

    EMON --> Setup --> Scanner --> Detection --> Targets --> Archives enabled?

    And yes, unpeeled makes not so much dirt on your monitor :cool:

    BTW... WHICH eicar zip are you trying to detect via email scan?
     
  7. Shaker

    Shaker Registered Member

    Joined:
    Aug 12, 2004
    Posts:
    153
    Location:
    Norther California

    Yes, Archives are enabled in EMON, but I thought EMON was only for Outlook users. I use Outlook Express.

    The zip files are here..........

    http://www.aleph-tec.com/eicar/index.php

    There are four of them......

    eicarcom2.zip
    eicar_com.zip
    eicarpasswdocr.zip
    eicarpasswd.zip

    No warning from NOD until they are opened.
     
  8. CyberMew

    CyberMew Registered Member

    Joined:
    Apr 17, 2005
    Posts:
    128
    As he already said the zip files were passworded, so as the antivirus have no password to access these files, they can't be open and thus cannot be scanned. Er.. just to let you know.
     
  9. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
Thread Status:
Not open for further replies.