Avast WEBforum

Business Products => Archive (Legacy) => Avast Business => Avast Server Protection => Topic started by: DroppinPackets on October 13, 2003, 08:53:36 AM

Title: Closing ports
Post by: DroppinPackets on October 13, 2003, 08:53:36 AM

Is there a way to close the IMAP port 143 from aswmaisv.exe from listening as it is not needed?

Also, ASWSERV.EXE listens on a local service port (1024 or higher), can this also be negating if it is not needed?

Title: Re:Closing ports
Post by: Vlk on October 13, 2003, 09:00:17 AM

Wait a moment, aswMaiSv.exe is running? So you've started the Internet Mail provider (i.e. completed the Mail Protection Wizard)?

In most cases, this thing is completely redundant in server environment (unless it's a terminal server).

Anyway, what program do you use to find out which app is listening on which port? netstat?

Title: Re:Closing ports
Post by: DroppinPackets on October 13, 2003, 09:22:05 AM

Quote from: Vlk on October 13, 2003, 09:00:17 AM

Wait a moment, aswMaiSv.exe is running? So you've started the Internet Mail provider (i.e. completed the Mail Protection Wizard)?

In most cases, this thing is completely redundant in server environment (unless it's a terminal server).

Anyway, what program do you use to find out which app is listening on which port? netstat?

Yes, aswmaiSrv is running, it is used for smtp and pop.

Redundant?

Netstat shows the ports yes.  But presently Kerio FW shows this as well.  I had installed TPF 5.1, but uninstalled it as it seems buggy, it actually could not see ASWSERV.EXE to enroll into it's sandbox, but external port scans (grc.com) could connect(could not actally connect, but recieved packets) to the port and it was reported closed.  More rules would have stealthed (null) the port.  But as i will have no need to connect to the server remotely, I see no reason to have open in the first place, if you follow my drift.  

Title: Re:Closing ports
Post by: Vlk on October 13, 2003, 09:57:56 AM

Interesting... AFAIK aswServ.exe doesn't have any TCP listener in it. What port numbers are we talking about, exactly?

BTW have you ever used avast Home/Pro? If so, does the ashServ.exe process from it exhibit similar behavior?

Thanks

Title: Re:Closing ports
Post by: vojtech on October 13, 2003, 10:03:02 AM

To prevent the Mail scanner from listenig on port 143, insert this line
StartImap=0
to the file Avast4\Data\avast4.ini into section [MailScanner].

Title: Re:Closing ports
Post by: DroppinPackets on October 13, 2003, 10:27:31 AM

I just checked an XP box with avast home and it only has the mailserver ports listening.

I presume it opens the next port from 1024 onwards that is availiable, on my system it is 1026, but if I disable a service(say DCOM), then it will be 1025.

Title: Re:Closing ports
Post by: DroppinPackets on October 13, 2003, 11:13:29 AM

Copy

Title: Re:Closing ports
Post by: Vlk on October 13, 2003, 11:25:54 AM

OK, it's the RPC listener then. Thanks for the info. I'll add an option to prevent avast using this port (just like in the consumer editions).