NOD32 Anti-Virus Filter

Nightma12
Posts: 7
Joined: Sat Apr 08, 2006 7:17 pm

NOD32 Anti-Virus Filter

Postby Nightma12 » Sat Apr 08, 2006 9:35 pm

im unable to get NOD32 anti-virus to work with Mail Enable Enterprise Edition :(

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters]
"Processing Order"="MEAVNOD,MEAVFPI,MEAVGRI,MEAVMAC,MEAVNAV,MEAVNOR,MEAVPAN,MEAVSOP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVNOD]
"Status"=dword:00000000
"Antivirus Notification Message"="<<- Attachment was removed because it appears to contain a virus ->>"
"Antivirus Scratch Directory"="C:\\Program Files\\Mail Enable\\Scratch"
"Antivirus Parameters"="\"[AGENT]\" \"[FILENAME]\" /scanmbr- /scanboot- /all /delete /quit+"
"Antivirus Agent"="C:\NOD32"
"Provider DLL"="MEAVGEN.DLL"
"Program Name"="NOD32"
"Program Info"="NOD32 Antivirus software has been developed by Eset Software since 1992. Eset today is a privately held software development and research company with offices in San Diego, USA, London, UK, Prague, CZ and Bratislava, SK."
"Exit Code Enabled"=dword:00000000
"Exit Codes Error Inclusive"=dword:00000001
"Exit Codes"="3"


this is the code for the registry key i ran, yet it dousnt even show up in the List of anti-virus venders :?

how wouldi get this working?

pqxl
Posts: 48
Joined: Mon May 15, 2006 12:01 pm

Postby pqxl » Wed May 17, 2006 9:48 am

OK, here it is, tested and confirmed to work with 2.04 (at least with the Pro version)

1. Merge this modified reg key (copy to a file nod32.reg, right click and select merge or just double click it).



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters]
"Processing Order"="MEAVFPI,MEAVGRI,MEAVMAC,MEAVNAV,MEAVNOR,MEAVPAN,MEAVSOP,MEAVNOD"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVNOD]
"Status"=dword:00000001
"Antivirus Notification Message"="<<- Attachment was removed because it appears to contain a virus ->>"
"Antivirus Scratch Directory"="C:\\Program Files\\Mail Enable\\Scratch"
"Antivirus Parameters"="\"[AGENT]\" \"[FILENAME]\" /scanmbr- /scanboot- /scanmem- /arch+ /all /quit+"
"Provider DLL"="MEAVGEN.DLL"
"Program Name"="NOD32"
"Program Info"="NOD32 Antivirus software has been developed by Eset Software since 1992. Eset today is a privately held software development and research company with offices in San Diego, USA, London, UK, Prague, CZ and Bratislava, SK."
"Exit Code Enabled"=dword:00000001
"Exit Codes Error Inclusive"=dword:00000000
"Exit Codes"="0"
"Type"=dword:00000001
"Antivirus Agent"="C:\\Program Files\\ESET\\nod32.exe"
"Send Return Notification"=dword:00000000
"Notification Address"=""
"Message Handling"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVNOD\Default]
"Antivirus Parameters"="\"[AGENT]\" \"[FILENAME]\" /scanmbr- /scanboot- /scanmem- /arch+ /all /quit+"
"Exit Code Enabled"=dword:00000001
"Exit Codes Error Inclusive"=dword:00000000
"Exit Codes"="0"
"Antivirus Agent"="C:\\Program Files\\ESET\\NOD32.EXE"





2. Go to Mail Enable > Mail Enable Management > Servers > localhost > Filters, double click the MailEnable Antivirus filter and enable the NOD32 entry, test the configuration.

3. Go to Mail Enable > Mail Enable Management > Servers > localhost > MTA, right click it and select Stop, right click it and select Start

4. Go to Mail Enable > Mail Enable Management > Messaging Manager > Filters, right click and create a new filter, double click the new filter, select "When the message contains a virus", add the action "Delete message", close the filter and make sure its enabled.

5. Go to www.eicar.org and get the eicar test virus, send it to an email account on your system. Read the logs on the Mail Enable > Mail Enable Management > Servers > localhost > Filters > Antivirus to make sure it was catched.

Thats all, really simple and intuitive isn't it, lol

MartynK
Posts: 1322
Joined: Sat Dec 28, 2002 1:12 am
Location: Hong Kong

Postby MartynK » Thu May 18, 2006 6:14 am

Have you tested it against the emails from http://www.webmail.us/testvirus ?

I would like to know how it goes ?

pqxl
Posts: 48
Joined: Mon May 15, 2006 12:01 pm

Postby pqxl » Thu May 18, 2006 7:02 am

No, like I said in the text, I tested it with the actual test virus from www.eicar.org this is the site to visit and they warn about trusting other websites that say they provide the test virus.

http://www.eicar.org/anti_virus_test_file.htm IS the page to get the test virus from, not any other sites.

MartynK
Posts: 1322
Joined: Sat Dec 28, 2002 1:12 am
Location: Hong Kong

Postby MartynK » Thu May 18, 2006 9:13 am

Yep, fine, but like I said you need to test with the likes of the site I said as they send a copy of the eicar virus in multiple ways.

I have tested it against a number of AV scanners and some miss quite a few of the tests. If I send just the eicar virus, any scanner will pick it up. But there are a number of ways in email to mask a virus. This web site attempts to test your config against all of these types.

pqxl
Posts: 48
Joined: Mon May 15, 2006 12:01 pm

Postby pqxl » Thu May 18, 2006 9:23 am

Well, use it or don't use it.

This is a list of things that need to be done to make NOD32 work, it was derived from an old reg file posted by mailenable for another version back in 2004 and then modified by me with the help from the mailenable support (Ian M).

Since I made this work in our server several other viruses have been catched, not only the eicar test virus, so it certainly works.

Like I said, use it or don't use it, this for people that do want NOD32 to work with Mail Enable.

MartynK
Posts: 1322
Joined: Sat Dec 28, 2002 1:12 am
Location: Hong Kong

Postby MartynK » Fri May 19, 2006 9:04 am

Maybe I missed this here, what version of NOD did you test this on, server or workstation ?

pqxl
Posts: 48
Joined: Mon May 15, 2006 12:01 pm

Postby pqxl » Fri May 19, 2006 3:36 pm

The "desktop" version.

There is no server version of NOD32, there is a desktop and a enterprise version.

The only difference between them is that the Enterprise version has remote administration.

NOD32 antivirus system information
Virus signature database version: 1.1548 (20060519)
Dated: Friday, May 19, 2006
Virus signature database build: 7298

Information on other scanner support parts
Advanced heuristics module version: 1.028 (20060324)
Advanced heuristics module build: 1107
Internet filter version: 1.002 (20040708)
Internet filter build: 1013
Archive support module version: 1.044 (20060424)
Archive support module build version: 1155

Information about installed components
NOD32 For Windows NT/2000/XP/2003 - Base
Version: 2.50.45
NOD32 For Windows NT/2000/XP/2003 - Internet support
Version: 2.50.45
NOD32 for Windows NT/2000/XP/2003 - Standard component
Version: 2.50.45

Operating system information
Platform: Windows 2003
Version: 5.2.3790 Service Pack 1
Version of common control components: 5.82.3790
RAM: 2048 MB
Processor: Intel(R) Xeon(TM) CPU 2.66GHz (2666 MHz)


juliandormon
Posts: 19
Joined: Fri May 13, 2005 10:00 pm

Can you tell me how to add the registy file more precisely

Postby juliandormon » Fri Aug 17, 2007 5:27 pm

Hi pqxl,
You said to 1. Merge this modified reg key (copy to a file nod32.reg, right click and select merge or just double click it).

Can you be more specific. I have no idea how to add registry settings.

Much appreciated!

juliandormon
Posts: 19
Joined: Fri May 13, 2005 10:00 pm

Figured it out

Postby juliandormon » Fri Aug 17, 2007 6:23 pm

Hi pqxl,
Nevermind. I figured it out.

Just copy all that text to a file and save it as suggested.
Then rightmouse click it and select merge. It's that easy!

D Warner
Posts: 1
Joined: Tue Apr 03, 2018 12:10 pm

Re:

Postby D Warner » Tue Apr 03, 2018 12:19 pm

pqxl wrote:OK, here it is, tested and confirmed to work with 2.04 (at least with the Pro version)

1. Merge this modified reg key (copy to a file nod32.reg, right click and select merge or just double click it).



Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters]
"Processing Order"="MEAVFPI,MEAVGRI,MEAVMAC,MEAVNAV,MEAVNOR,MEAVPAN,MEAVSOP,MEAVNOD"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVNOD]
"Status"=dword:00000001
"Antivirus Notification Message"="<<- Attachment was removed because it appears to contain a virus ->>"
"Antivirus Scratch Directory"="C:\\Program Files\\Mail Enable\\Scratch"
"Antivirus Parameters"="\"[AGENT]\" \"[FILENAME]\" /scanmbr- /scanboot- /scanmem- /arch+ /all /quit+"
"Provider DLL"="MEAVGEN.DLL"
"Program Name"="NOD32"
"Program Info"="NOD32 Antivirus software has been developed by Eset Software since 1992. Eset today is a privately held software development and research company with offices in San Diego, USA, London, UK, Prague, CZ and Bratislava, SK."
"Exit Code Enabled"=dword:00000001
"Exit Codes Error Inclusive"=dword:00000000
"Exit Codes"="0"
"Type"=dword:00000001
"Antivirus Agent"="C:\\Program Files\\ESET\\nod32.exe"
"Send Return Notification"=dword:00000000
"Notification Address"=""
"Message Handling"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVNOD\Default]
"Antivirus Parameters"="\"[AGENT]\" \"[FILENAME]\" /scanmbr- /scanboot- /scanmem- /arch+ /all /quit+"
"Exit Code Enabled"=dword:00000001
"Exit Codes Error Inclusive"=dword:00000000
"Exit Codes"="0"
"Antivirus Agent"="C:\\Program Files\\ESET\\NOD32.EXE"





2. Go to Mail Enable > Mail Enable Management > Servers > localhost > Filters, double click the MailEnable Antivirus filter and enable the NOD32 entry, test the configuration.

3. Go to Mail Enable > Mail Enable Management > Servers > localhost > MTA, right click it and select Stop, right click it and select Start

4. Go to Mail Enable > Mail Enable Management > Messaging Manager > Filters, right click and create a new filter, double click the new filter, select "When the message contains a virus", add the action "Delete message", close the filter and make sure its enabled.

5. Go to http://www.eicar.org and get the eicar test virus, send it to an email account on your system. Read the logs on the Mail Enable > Mail Enable Management > Servers > localhost > Filters > Antivirus to make sure it was catched.

Thats all, really simple and intuitive isn't it, lol


I had the same issue and was unable to get ESET NOD32 anti-virus to work with Mail Enable Enterprise Edition but know after following the above procedure it is all set once again. Source: https://www.criticthoughts.com/security/eset-review/

Who is online

Users browsing this forum: Google [Bot] and 1 guest