NOD32 messing up separation between different account in Windows Mail

[Mickey Segal]

When I upgraded from NOD32 antivirus version 2.7 to version 3.0, I found
that the separation between different email accounts in Windows Mail was
messed up.

Problem: When I reply to a message received after the NOD32 upgrade,
typically the account chosen by Windows Mail is the default account, not the
account through which the message was received.

Expected behavior: If I reply to a message received before the NOD32
upgrade, the account chosen by Windows Mail is the account through which the
message was received.

Version 3.0 processes messages in a different way than did version 2.7,
creating a temporary folder within "Deleted items" after which a modified
form of the message is put in the Inbox. It appears that something about
this process messes up the association of a message with the account through
which the message was received.

The problem occurs more than 50% of the time but less than 100%. I've
tested on two Vista computers and they both have the same problem. I have
not figured out why the problem occurs on less than 100% of messages. I
created two test messages on the same computer in the same format, differing
only in that one added #2 to the subject line, and the problem occurred with
the second message and not the first (though on another Vista machine, which
received the same messages, the problem occurred for both messages,
suggesting the problem is in processing a received message, not creating an
original message).

On 5 January I contacted the company using its Web support form and was told
to expect a response after one business day. When I didn't get a response
by 11 January I contacted them by phone and they agreed to bump the request
to a higher level support person. The higher level support person
responded "Please run this utility and let us know if this resolves the
issue. http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml".
It was of no help, despite my responding to them the same day they did not
respond. I phoned them again on 15 January and was told I was being put
through to a special high priority line and when I left a message someone
would respond the same day. I got no response.

I've been happy with NOD32 except for this problem, though I've never tried
to deal with their technical support before.

Does anyone have any idea what is going wrong and how to fix it?

Technical details:
NOD32 3.0.621.0 with all signature updates.
Windows Vista (one Business, one Home) with all updates.

 

[Frank Saunders MS-MVP IE,OE/WM]

When I upgraded from NOD32 antivirus version 2.7 to version 3.0, I found
that the separation between different email accounts in Windows Mail was
messed up.

Problem: When I reply to a message received after the NOD32 upgrade,
typically the account chosen by Windows Mail is the default account, not
the account through which the message was received.

Expected behavior: If I reply to a message received before the NOD32
upgrade, the account chosen by Windows Mail is the account through which
the message was received.

Version 3.0 processes messages in a different way than did version 2.7,
creating a temporary folder within "Deleted items" after which a modified
form of the message is put in the Inbox. It appears that something about
this process messes up the association of a message with the account
through which the message was received.

The problem occurs more than 50% of the time but less than 100%. I've
tested on two Vista computers and they both have the same problem. I have
not figured out why the problem occurs on less than 100% of messages. I
created two test messages on the same computer in the same format,
differing only in that one added #2 to the subject line, and the problem
occurred with the second message and not the first (though on another
Vista machine, which received the same messages, the problem occurred for
both messages, suggesting the problem is in processing a received message,
not creating an original message).

On 5 January I contacted the company using its Web support form and was
told to expect a response after one business day. When I didn't get a
response by 11 January I contacted them by phone and they agreed to bump
the request to a higher level support person. The higher level support
person responded "Please run this utility and let us know if this resolves
the issue.
http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml". It was
of no help, despite my responding to them the same day they did not
respond. I phoned them again on 15 January and was told I was being put
through to a special high priority line and when I left a message someone
would respond the same day. I got no response.

I've been happy with NOD32 except for this problem, though I've never
tried to deal with their technical support before.

Does anyone have any idea what is going wrong and how to fix it?

Technical details:
NOD32 3.0.621.0 with all signature updates.
Windows Vista (one Business, one Home) with all updates.

Email scanning should be turned off in any anti-virus. Also exclude EML
files from the scan. It provides no
protection not provided by the regular resident protection.
Sooner or later email scanning almost always causes problems and it provides
no benefit.

 

[Mickey Segal]

Should I just tell the NOD32 folks that email scanning is a waste of time
and that they shouldn't bother fixing their product, they should just delete
the feature? Don't many people buy an antivirus program precisely to
protect against threats in email?

 

[Gary VanderMolen]

Email scanning is a redundant (unnecessary) feature
since all files including emails, are already protected
by the AV's real-time scanner. Even Symantec (Norton)
admits this in writing on their website.

 

[Mickey Segal]

I wonder if this has anything to do with the reason that the NOD32 folks
continue not to respond to this query (though I've never dealt with their
support system before and can't exclude the possibility that other support
requests also go weeks without response despite the company touting its
"next business day" response time).

 

[Mickey Segal]

I called up the NOD32 company again. After mentioning this thread and how
high it comes up in a Google search
(http://www.google.com/search?q=nod32+"windows+mail") they put me
through to a support person.

Soon after I got an email suggesting: "What we would like you to do is open
ESET and click the F5 key to access the setup screen. From there, scroll
down to the bottom and choose Email client integration and uncheck the two
boxes labled Integrate into Microsoft Outlook and Integrate int Outlook
Express/ Windows Mail and then scroll up to POP3 and go to the Compatibility
subfolder and move the compatiblity level over to maximum compatibility to
see if this does not correct the issue you are having."

Unfortunately this didn't fix the problem. I replied to the email, as so
instructed. It will be interesting if they suggest turning off email
checking even more thoroughly or decide to reproduce the problem themselves
and fix it. Or maybe, as in the past, the won't respond at all unless I
call.

 

[Mickey Segal]

I did hear back from the NOD32 folks, but they said "we just uploaded to the
downloads page a newer version" and suggested trying that, but both the
version they cite and the one on their Web site are the same one I installed
on 26 December, as documented in my initial support request on 5 January.
They also wrote "Next we will collect some logs from you as we would really
like to know what is going on" but didn't say which logs to send. They
suggested the possibility of uninstalling their software, but since I can
reproduce the problem on two different computers by replying to emails
received after the upgrade from 2.7 to 3.0 (but not before) it is not clear
that such an approach is likely to do much other than waste time.

I asked twice if they've ever tried to check this on one of their own
computers but they gave no reply at all to that question.

 

[Gary VanderMolen]

Thanks for keeping us informed.

 

[Mickey Segal]

I heard back from the NOD32 folks again today. They asked for me to run the
following two reporting programs and send them the output:
http://nod32-av.com/utilities/HiJackThis for Troubleshooting/hijackthis.exe
http://www.lookinmypc.com

Twice I've asked "Have you set up multiple accounts on Windows Mail and
tested this yourselves" and gotten no reply. When I sent the two log files
that they requested today I asked a third time. I wonder whether they are
trapped in a support mindset that doesn't allow them to try to reproduce a
problem without asking for all sorts of log files and reinstallations.

 

[Gary VanderMolen]

They are just having you do a bunch of 'busy work', so it looks like they
are actually doing something, when they are probably hoping you'll get
tired of playing and you'll just give up and go away.

 

[Mickey Segal]

Hopefully the next stage is not asking me to take off, one by one, all other
programs on the computer (the "strip poker" theory of computer support).

 

[Mickey Segal]

I heard back from the NOD32 folks again. They said nothing about the log
files that they had me generate and send. Now they want me to uninstall
their version 3.0, either install 2.7 or do email without antivirus software
(it was not clear which), and then reinstall 3.0.

This procedure takes quite a bit of time due to various scans that are done
as part of the procedure. I told them "Before I start this, please answer
the question I asked three times: "Have you set up multiple accounts on
Windows Mail and tested this yourselves?""

 

[Gary VanderMolen]

Keep us informed.

 

[Mickey Segal]

I heard back from the NOD32 folks, and it sounds like they did test for this
problem and not find it, though their response was terse and it is hard to
be sure.

I reverted my test computer from 3.0 to 2.7, and the problem went away. I
then went back to 3.0 and the problem re-appeared. This was what I
expected. But here is the interesting part: the problem went away on my
main computer.

I was able to determine when the problem went away on my main computer using
two folders in which I keep listserv digests from different listservs,
received on different email accounts. The listserv digests are very clean
for testing since each one is a one-item thread and each one arrives at
least once a day.

For one listserv the problem went away between digests on 17 and 18 January.
For the other listserv the problem went away between digests on 15 January
(afternoon) and 16 January. In both cases the problem never came back.

Interestingly, in the morning of 15 January I had created a new email
account. I'm wondering whether this reset some NOD32-created problem in
Windows Mail, but did so with different timing for the two listservs.

For those of you who know more about Windows Mail, does this sound possible?

If this hypothesis is correct, the NOD32 folks would have failed to
reproduce the problem if they took a computer running version 3.0 and added
several user accounts, since this would have reset the problem.

Since my test computer now has the problem back again, I offered to the
NOD32 folks to add the new account to that computer and see if it fixes the
problem.

 

[Gary VanderMolen]

A recurring theme we see here with antivirus-related issues is that:

A) There is a variable onset time before symptoms become evident.

B) That deleting and recreating the account often (temporarily) clears
the antivirus-caused corruption of that account.

 

[Mickey Segal]

All I did in this case was add a new account for a new address that I began
using. It is hard to tell if that was the crucial factor, but if they ask
me to do the same on the test computer I may get to do the experiment a
second time. Aside from that I have no idea why the problem would go away.

I presume they will ask me to try the same on the test computer, if only to
make the problem go away and get me out of their hair. But hopefully
finding a reproducible case will get them to focus on the problem rather
than sweeping it under the rug. For every person like me who takes the time
to analyze a problem carefully and report it there must be at least 10
people who are affected by a problem and decide just to live with it (or
switch to a different product).

 

[Mickey Segal]

I haven't heard from the NOD32 folks in a week, so they may have lost
interest in the problem. Maybe their problem reporting system credits this
as a fix since creating a new account on the original computer seems to have
fixed the problem on that computer. However, neglecting the fact that the
problem persists on the second computer after reinstall of 3.0 would be a
triumph of silly procedure over actual solving of problems, and does not say
good things about NOD32 support.

I'll email them one more time. If they don't respond I'll create a new
email account on the second computer, which presumably will fix the problem
there, but obviously not for others. One might have hoped the NOD32 folks
would care about solving the problem for others at least as much as I did,
but if not, at least there is web searching and other users can figure out
the problem by finding what we've documented here.

 

[Gary VanderMolen]

Thanks for your continued feedback.

 

[Mickey Segal]

It seems that persistence has produced results. I got the following message
from the ESET NOD32 folks:

"Thank you for the update. Unfortunately, this appears as though it could be
a bug in our software. We appreciate your patience in working with us to
thoroughly test all other possibilities. I will be sure to forward this
issue to the appropriate parties. A new version of the ESET software which
has been updated to fix some Outlook Express and Windows Mail issues is
slated to be released soon which might resolve the issue that you are
experiencing. I apologize for the inconvenience."

This was a non-trivial problem for them to reproduce because it occurred
only if the multiple accounts in Windows Mail were set up before the upgrade
to 3.0, and a typical test of a bug report would have been done in the
opposite order and failed to see the problem. But once it became clear that
there was a sequence in which one could reproduce the problem it seems like
the NOD32 folks took the problem seriously. Hopefully there will be a fix
available soon - so far version 3.0.621.0, which has the problem, is still
the current version at http://www.eset.com/download/registered_software.php.

I've asked them to give me a heads-up when the fix is available and I'll
pass along the word to the Windows Mail folks here.

 

[Gary VanderMolen]

Congratulations. It looks like your persistence in this matter will indeed
produce positive results.