Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Alistair on July 02, 2005, 02:44:59 AM
-
Just thought I would mention that the incoming scanner seems to be a bit invasive in that it blocks out the service wanting to use. EG I am a programmer, and have written a program called 'spamdel' when spamdel wants to read the message it firstly gets the message number (GetUIDLList) then reads the desired text. Similarly to delete a message it GetUIDLList then delete desired message. Problem is when GetUIDLList, Avast blocks the port and program hangs. Without incoming scanning programs work fine. I expect this issue to be a common one with any program wanting the POP3 port, and would be hard to overcome, as many servers only have one port dedicated to POP3. Maybe there is a method around it, but not apparent to me.
Alistair+
-
Yes, there is a workaround.
Just add the name of the GetUIDLList process to be excluded from scanning.
Click 'Settings' in my signature than browse for the [MailScanner] section. You'll find there how to exclude it.
Another possibility is redirecting avast to scan other port number than the spam killer application (Redirection tab of Internet Mail provider settings).
Welcome to the most configurable antivirus round 8)
-
Yes, there is a workaround.
Just add the name of the GetUIDLList process to be excluded from scanning.
Click 'Settings' in my signature than browse for the [MailScanner] section. You'll find there how to exclude it.
Another possibility is redirecting avast to scan other port number than the spam killer application (Redirection tab of Internet Mail provider settings).
Welcome to the most configurable antivirus round 8)
Superb, just one problem. Most users would not be aware of these settings, and could not be bothered changing them. I believe Norton anti-virus has an 'ask the user to allow' method. If u are the programmer, could you please consider adding this feature in to a future release. I suspect you have one of the most popular freeware antiv progs, and it would be nice if it would help, not hinder other programs in their use of the net. IMHO ;-)
-
Yes, there is a workaround.
Just add the name of the GetUIDLList process to be excluded from scanning.
Click 'Settings' in my signature than browse for the [MailScanner] section. You'll find there how to exclude it.
Another possibility is redirecting avast to scan other port number than the spam killer application (Redirection tab of Internet Mail provider settings).
Welcome to the most configurable antivirus round 8)
Sorry, cannot for the life of me find any string entry in the [Mailscanner] section which is similar to you describe. Could you enlighten me with an example? The only thing vaguely like the job looked to be PassThrough=1 which is not suitable.
Al+
-
Add a new line IgnoreProcess if it doesn't exist in the [Mailscanner] section. I have done this to exclude/ignore MailWasher.exe and I added the line directly below the [Mailscanner] section start.
IgnoreProcess=GetUIDLList (or what ever the executable filename is)
-
Superb, just one problem. Most users would not be aware of these settings, and could not be bothered changing them. I believe Norton anti-virus has an 'ask the user to allow' method. If u are the programmer, could you please consider adding this feature in to a future release. I suspect you have one of the most popular freeware antiv progs, and it would be nice if it would help, not hinder other programs in their use of the net. IMHO ;-)
I'm not a programmer... I do not work for Alwil company... I'm just an user like you.
They're adding GUI for changing settings little by little by users' ask.
Anyway, please, never compare our beloved avast! with Norton. Norton is not the minimal part configurable as avast...
Norton is a big black closed box... :P
Sorry, cannot for the life of me find any string entry in the [Mailscanner] section which is similar to you describe.
Follow David ;)
In the first post of that thread I've wrote that you must add the lines that you don't have...
-
Alistair, the problem probably lies in the way your program communicates via POP3 protocol. The IgnoreProcess trick would probably work, but it should NOT be necessary.
Mail Scanner redirect your communication with server and scans the communication. If you just get the UIDList, you probably would not transmit any data that might be scanned. Anyway your program spamdel speaks with Internet Mail scanner instead of the destination server.
How does the communication looks like? Do you login, getUIDList and logout? Or do you send the command and block until the result is returned? Enable logging in Mail Scanner and decipher from the log what does Mail Scanner receive and how does it understand the commands.
There are two possibilities:
1) your program is BAD - meaning it does not speak proper POP3
2) Mail Scanner does not understand the commands used by your program even though they are correct
If 2) is the case and your are speaking correct POP3 according to POP3 RFC we should probably modify Mail Scanner to understand your commands. If 1) is the case, well you know what to do... :P Fix it. For example do you use \r\n to terminate the line (just like RFC requests) or just plain \n (WRONG) ?
Anyway, post here the transcript of the communication (e.g. when simulated in telnet), and send me or vojtech the logfile from Mail Scanner and we will find out where the problem is.
-
How does the communication looks like? Do you login, getUIDList and logout? Or do you send the command and block until the result is returned? Enable logging in Mail Scanner and decipher from the log what does Mail Scanner receive and how does it understand the commands.
Appreciate. Can u send me a PIM with your email adds and I will return findings.
Re above, I log in then get the UID list. I also log in and read headers and that part works OK through the mail scanner so there is something different in the outgoing protocol with some operations like UID and delete message that MScanner does not like there.
BTW just a thought, you have a nice help file, but pressing F1 in On-Access protection control, and other interfaces does not restore it.
-
use the email from my public profile.
-
With the log, I cannot get any i/o information. EG when the scanner is activated by my email program, nothing is logged even in debug or info. Am I missing something, or are standard i/o ignored, but problems are posted to the log. If the latter that is a pity, as debug would have shown me the difference between a working I/O from my program to the opposite.
Alistair+
PS keeping this thread public as others might be wanting to work with Avast similarly.
-
Have you enabled logging in the Mail Scanner (by adding the line log=20 into the Mailscanner section of avast4.ini) ???
[MailScanner]
Log=20
Edit: BTW you can post your spamdel, I can check what does it send...
Edit2: Of course you need to restart Mail Scanner before and then terminate Mail Scanner after your trial - in order to flush the log on disk a make it available for reading.
-
=>Have you enabled logging in the Mail Scanner (by adding the line log=20 into the Mailscanner section of avast4.ini) ???
No will do; I had assumed it was in the log interface setup :-(
=> BTW you can post your spamdel, I can check what does it send...
OK, its url is
http://www.spamdel.com
or download
http://www.spamdel.com/spamdel.exe
Does not put anything into registry (uses INI files) so you can install & Uninstall clean.
Cheers,
Al+
-
Still no log of all coms events generated, or is that particular log not visible in the log viewer? I changed the [mailscanner] log=20 , saved, Stop access protection, then Start access protection right?
Interesting, I have two pop email accounts free.net.nz and orcon.net.nz if I use my default Avast scanner locks spamdel out, but if I use the secondary spamdel works OK. Would be good to see the log to see what is happening.
Alistair+
-
Alistair, search the forum for Log=20 !!!
the log file is generated in the <avast4>\data\log folder in the file ashMaisv.log, will be accessible only when Internet Mail provider is terminated.
Anyway, I have downloaded your program, filled up the introductory wizard, let it download my messages. It marked 5 of them as spam (well, missed my spams and marked the regular mails, but that does not matter for now), I've chosen one, clicked spamDel/Del, it redownloaded again and the message was deleted. All this was scanned by avast mail scanner...hmm, nothing wrong here.
-
Hi again. I can see the error on mailserver Orcon here; you can see mailserver Freenet is OK. I am not sure where the anomaly is, but it appears the UIDL list is not being provided correctly for some reason from Orcon when it parses via Avast.
Will put more time into it in next days when I can.
Alistair+
-
The problem occurs when your program sends UIDL command with a trailing space. Avast forwards only one line of response and the other lines create a mess in the response stream. We will fix it and you can also change your code to make it work immediately.
Thank you for the tip.
-
Thanks, I will let the Sakemail (delphi component) group know of the incompatibility.
Appreciate the pointer - it was easy to find the errant line & fixed that as well.
Kind regards,
Alistair+
-
Thanks for pointers which showed that my UIDL request had an extraneous space causing Avast problems. It is now fixed and Avast will handle it. Great work from your programmers debugging the info I sent and appreciations.
BTW you have to teach spamdel what emails your relevant address is, otherwise its marked as spam.
Kind regards,
Alistair George (author of Spamdel).
-
Thanks for pointers which showed that my UIDL request had an extraneous space causing Avast problems. It is now fixed and Avast will handle it. Great work from your programmers debugging the info I sent and appreciations.
BTW you have to teach spamdel what emails your relevant address is, otherwise its marked as spam.
Kind regards,
Alistair George (author of Spamdel).
Actually, it is not fixed, just a lot better. I find since fixing up the getuidl code, that avast mailscan still blocks out my program after say 2-3 hours of use. What it effectively does is cause my program to generate a stack overflow error and shut down. With the mail scan disabled of course this problem does not exist :-X
Unfortunately, with a stack error, I dont get any debug info.
Cheers,
Alistair+
-
What it effectively does is cause my program to generate a stack overflow error and shut down. With the mail scan disabled of course this problem does not exist :-X
Unfortunately, with a stack error, I dont get any debug info.
Alistair, then it's a good news - at least with avast! the bug in your code is reproducible.
-
Well, can't you simply stop the program before it crashes (say after one hour of operation) and check the current stack? There should be some repeated pattern (recursion) there, I guess.
-
Well, can't you simply stop the program before it crashes (say after one hour of operation) and check the current stack? There should be some repeated pattern (recursion) there, I guess.
Unfortunately, my programming expertise does not extend to PC ASM code, so looking at stack ASM would not help me much. The only thing I can attempt to do is go through the POP3 component code again and see if it is throwing any extaneous spaces or similar into its commands.
Thanks,
Alistair+
-
Well, it doesn't seem like a problem with spaces or anything like that, but rather some design problem. Stack overflow usually means infinite recursion - i.e. some function doesn't return as it should, but rather calls itself again (of course, it may not be direct, it could call some other code that ends up calling the original function). It may even possibly(?) be some inter-process thing, like your code being caught by avast!, redirected somewhere, intercepted by your code, caught by avast!, etc.... I'm afraid it's hard to say without stack inspection.
If you stop the program in debugger (and if you have the symbols for the compiled executable, which you probably do), doesn't the IDE show you the stack as source references? (i.e. is it really necessary to check it in ASM?)