Jem

Can't get the email notifications to work - 2 other laptops in the house, both set up to send emails to me form 'Warning' verbosity level up. I've used Eicar on both machines over an hour ago, and repeated. Still nothing.... This worked with NOD32 AV 6 (now on 7). Thanks.

OK. Thanks. I've re-installed everything from scratch in the meantime - completely clean install for good measure.

Marcos, I'm interested in any feedback, including the hash comparison. Any update? I can see that this trojan has hopefully been cornered as I had another one today under a different name, but NOD32 caught it (zipped) as it came into my Inbox. So in answer to your original question "Has ESET ever detected malware in incoming email?" - clearly that does work, even with an IMAPS account. I have the Oultook plugin installed (as I always have) and SSL scanning is OFF (as per the default setting). Still a bit bothered about the Live Grid thing that you thought should have worked but according to VirusTotal, ESET are one of the few vendors detecting this one even now. Thanks.

Your second point about 100% protection is well understood and accepted. I'm questioning it as you originally seemed to think that Live Grid should have caught it based on the blacklist timing and when I received the e-mail. Also, the 'name' (Win32/TrojanDownloader.Small.AAB) is certainly what NOD32 is seeing now when I email it to myself here. With the hash comparison, do you have the file I submitted or would you like me to submit it again / email it somewhere?

No, that isn't what Marcos said. He said that Live Grid reputation is not applied to a manual scan at the time I did it.....(I now quote): "However, it should have been detected and blocked upon receipt provided that you had LiveGrid enabled." ...which, as I said in the next post, I did. From that I must assume that Live Grid (if up to date) will warn of a problem regardless of the state of the virus database used by a manual scan. I cannot email it to myself using IMAPS as my email host is now trapping it at the server (so they are obviously now up to date). Good old British Telecom however is letting it through. So I sent and received it via my BT POP email account and NOD32 deleted it on receipt. At the moment, based on my interpretation of the way NOD32 works I am still assuming that Live Grid was either: 1) Not functioning as intended - for whatever reason. 2) Not up to date - at least for users in the UK. If ESET would like to respond fully, I am more than happy to carry out more tests. In the meantime it was a disappointing experience.

1) Yes, it has - on one occasion. 2) Outlook 2010 3) SSL scanning is enabled by me. And in any case the NOD32 plugin is installed in Outlook and always has been. 4) That's not the point though is it? You're telling me that LiveGrid should have picked this up - which it didn't

Live Grid is enabled and always has been. I use secure IMAP email and consequently have SSL protocol scanning on for email and the web - other than that all settings at default. So, I'd like more feedback as to why this didn't get picked up - I did not receive any warnings whatsoever.

9.00 AM CET is 8.00 AM UK TIME (Until the clocks go back on Sunday morning). I posted here at 10.54 AM (11.54 CET), a few minutes after receiving the email. My second post above is 11.41 AM (12.41 CET), immediately after checking for a signature update - there was no update and the file remained undetected. This concerns me greatly as ESET clearly have an issue pushing updates out in a timely fashion - certainly in the UK. If MWB detected it early so should NOD32, particularly as it had already been blacklisted.

NOD32 Antivirus 7. Signature: 8963. That's the last update - just checked.

I have no idea what Trojan.Zbot is but it arrived this morning by email, undetected by NOD32 7, but detected when saved and scanned manually with Malwarebytes. A manual scan with NOD32 declared it clean. It's a zipped executable attached to an email from 'no-reply@hmrc.gov.uk' with the subject: 'You have received new messages from HMRC'. I've submitted for analysis and used NOD32 to quarantine. But be warned... I admit to being concerned that NOD32 is not catching this type of threat. It's the second time in as many weeks. I submitted the last one for analysis but had no feedback, although I provided my email address.

To be honest Marcos, I don't understand what's happening here. I can't actually send the email as 1&1 Internet stop the mail at the server and I get an 'Undeliverable' mail back. If I leave the mail in Sent items with the eicar test file attached and rescan the folder, NOD32 finds it, deletes the attachment and adds the warning to the mail body. The mail itself remains in Sent Items, the infected items folder 'lights up' indicating 1 mail in the folder but there's nothing visible in Outlook or the server itself. I'm happy that NOD32 is doing it's job but I don't understand what's happening with / to the mail. I did turn on SSL scanning as the incoming mail server is SSL, port 993. Not even sure now if I needed to do that or if it's made any difference at all. As far as I could see, NOD32 was seeing an infection anyway even with SSL scanning turned off.

I'm using 8858 and it was detected. Only issue is that I was expecting the email to be moved to Infected Items as per the default settings. The Infected Items folder has synchronised with the IMAP server.

Hi, Running a trial of NOD32 AV on Win 7 Pro x64. Caught a fake amazon email this morning with an infected zip file attached but failed to move the email to Infected Items. I'm running Outlook 2010. Anything I should check / configure? Thanks.