B9, NOD32 IMON, and The Bat!

puffmd · Trooper Joined: Mar 20, 2002 Posts: 16 Location: USA

Hello all,

I have the combination of B9, NOD32 IMON, and The Bat!. Now here is the question. Is there a way to configure these so NOD32 Imon only scans my e-mail once. I have everything set to listen on port 110. I have tried several different things but always end up with IMON scanning all e-mails either twice or not at all. I figure there is probably a way to do so with the port settings but I as of yet cannot figure it out.

Any help and/or advice on this would be appreciated.

Regards,
Kent

tosbsas · Trooper Joined: Feb 27, 2003 Posts: 15 Location: Argentina

I did set Imon to port 9110 and The bat too, benign on port 110 - that did the trick

Ruben

puffmd · Trooper Joined: Mar 20, 2002 Posts: 16 Location: USA

Bat = 9110
IMON = 9110
B9 = 110

That does not work for me... The Bat! does not receive the e-mail....

Regards,
Kent

Ikeb · Posted: Sat Apr 03, 2004 12:47 am Post subject:

If you can change the port# on each of these products, understand what you're doing and you can set them as you wish. The key to setting this up is to keep in mind that you're setting up a connection from the client to the first proxy, a second connection to the next in line, then another connection from the second proxy to the third, and finally from the third to the server.

Each connection between connected proxies MUST share the identical address and port # but each connection MUST have a unique address / port #. Each product vendor sets a "preferred" port # in the documentation but typically something has to change because the default is usually the loopback IP address and port 110. So in this case, if two vendors did that (very common, although note that FireTrust avoided this with B9), you have to change one of the connection's address/port#.

B9 sets up it's connection info via the hosts file, I dunno how the other two are configured. A lot of proxies have the address info for the NEXT connection passed via the uname field in the client account setup. It could happen that the whole connection chain must be passed that way. Note B9 configuration requires the user to add a .B9 extension to the POP server address. Now look in the host file and note that the POP server address.B9 has been assigned an address; something in the range 127.98.9.x, each account being assigned an address sequentially.

It probably gets more complicated when you have several proxies though 'cause they likely require that the proxy be pointed to via the mail client account. In fact, the other proxies may use the host file as well to establish domain name to IP address assignments. BTW, don't assume that all the addresses listed in the hosts file are in use. Some may be placed there and not removed when some product config is changed.

I'm not familiar with the other products and how they are configured but watch for the loopback address and same port# being configured for two of the required connections. That will put a stop to the data flow for sure. Try adding each one at a time and confirm that data is flowing before adding another proxy to the chain as a means of isolating the break in the proxy chain.

Sorry for the book. Hopefully you follow this. If not just post where I lost you.

JimF · Cadet Joined: May 20, 2003 Posts: 6 Location: USA

You can simplify things somewhat by upgrading to NOD32 version 2. The IMON does not use a proxy with an assigned POP port, but rather monitors everything that comes through the Winsock layer as I understand it.

Ikeb · Posted: Sat Apr 03, 2004 11:00 pm Post subject:

Uhh, never considered Winsock being used to chain proxies but seems like a neat concept.

WRT your problem puffmd, perhaps this helps, perhaps not: http://www.mail-archive.com/[email protected]

puffmd · Trooper Joined: Mar 20, 2002 Posts: 16 Location: USA

Hello all,

I am using Nod32 v 2 already. All I can do in IMON is specify a port to listen on, can not use a proxy. With The Bat! I can specify a proxy and a port. And of course B9 sets up its own proxy in the Hosts file and then you use this proxy in The Bat!. You can specify the port in the B9 options.

Here is what seems to happen. POP3 is initiated on port 110 by The Bat! and IMON immediately intercepts and scans for viruses. Then B9 grabs it once IMON is finished and scans it, then releases it to The Bat! on port 110. IMON sees it again, so it grabs it the second time and scans again. This second scan by IMON is redundant since IMON has already scanned the email.

I do not see a way to change this, however I may be overlooking the obvious.

Thanks for all the help that I have received so far.

Regards,
Kent

Ikeb · Posted: Mon Apr 05, 2004 7:45 pm Post subject:

So one question then is - can anyone report success using IMON as well as B9? Is this a known issue Hamish?

puffmd, how did you ascertain that IMON is interceding between TB! and B9 and also between B9 and the server?

BTW, while TB! initiates the connection request, the msg would come in the reverse direction. I.e. the server would pass the msg (via IMON?) to B9, which does it's thing, then passes the msg (via IMON again?) to TB!

tosbsas · Trooper Joined: Feb 27, 2003 Posts: 15 Location: Argentina

I really don't know why this is not working for you.

I am using Becky! Mail + benign + spampal +nod32 and have no problem at all after changing ports in nod - imon + becky! to 9110, leaving it in all of benign in 110

Mails look like they are checked first by b9, than imon and that's it

Can you get us some screens or mail them??

puffmd · Trooper Joined: Mar 20, 2002 Posts: 16 Location: USA

It works the way it is except it is slower as each email gets scanned twice for viruses....

Here is what gets added to the end of each email....

__________ NOD32 1.701 (20040401) Information __________

This message was checked by NOD32 antivirus system.
http://www.nod32.com

----------------------------------------------------
This message has been processed by Firetrust Benign.

__________ NOD32 1.701 (20040401) Information __________

This message was checked by NOD32 antivirus system.
http://www.nod32.com

As you can see, Imon scans, then B9, and the IMON again...

Regards,
Kent

Ikeb · Posted: Mon Apr 05, 2004 7:59 pm Post subject:

I thought you were using version 2.0 ... or is the "NOD32 1.701 ....." something else?

puffmd · Trooper Joined: Mar 20, 2002 Posts: 16 Location: USA

Yes, it is version 2.

The 1.701 refers to the virus signature database version.....

Regards,
Kent

wandrinstar · Posted: Tue Apr 06, 2004 8:35 am Post subject:

Same as mine puffmd, when it works. Very Happy

JimF · Cadet Joined: May 20, 2003 Posts: 6 Location: USA

tosbsas · Trooper Joined: Feb 27, 2003 Posts: 15 Location: Argentina

No sweat - there is no question that it works

Once again: the screens I meant were of the bat and imon and benign. Important - in all possible places of benign you need to set 110

Ruben


	Home ˇ Topics ˇ Submit News ˇ Top 10 This entire site, Cops Themes, and Computer Cops are Š 2002 - 2004 Computer Cops, LLC. All rights reserved. You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0. Acceptable Use Policy. Use signifies your agreement. Engine Copyright Š 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member. Paul Laudanski, Member of Computer Cops, LLC Server Load: 589 pages served in previous 5 minutes. Page Rendered: 0.461 seconds.