Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: peertwo on February 17, 2006, 10:03:37 AM

Title: avast! Mail Scanner [ip 141-58-173-82.dyndsl.versatel.nl, ip1..
Post by: peertwo on February 17, 2006, 10:03:37 AM
The following icon and message has appeared in my task bar (see .jpg)
"avast! Mail Scanner [ip 141-58-173-82.dyndsl.versatel.nl, ip1..."

I'm aware that this issue has been discussed a number of times, but I can't find a solution.
I'll admit to be a n00b here, but hear me out  :)

There was one thread which talked about altering the .ini file, but it was refering to Azureus and the file javaw.exe which doesn't seem part of this issue.

Possibly I should add ?

[MailScanner]
IgnoreProcess=utorrent.exe

Does it matter which part of the .ini file this is placed in ?
How much of a securiy risk is this ?

Double clicking the icon (or anything else) doesn't seem to do anything.
So, I've yet to find out what comes after "ip1....."

Questions (in reverse issue)

[1] How do i get rid of it
[2] Does it signify a threat
[3] Is it interfereing with utorrent (I think it is)

If a thread has those answers please link.
My search brought up the following, but they haven't given me a usable answer.

http://forum.avast.com/index.php?topic=16521.0
http://forum.avast.com/index.php?topic=17695.0
http://forum.avast.com/index.php?topic=17163.msg146069#msg146069 (possibly an answer)
http://forum.avast.com/index.php?topic=19100.0

Searching for "utorrent", "versatel" and "azureus" (this latter seems a similar problem) bring lots of pages, but.............

Thanx
Title: Re: avast! Mail Scanner [ip 141-58-173-82.dyndsl.versatel.nl, ip1..
Post by: alanrf on February 17, 2006, 10:34:43 AM
Let's assume for a moment that you are not the same person who has already posted as "washann" and reported problems with the same ip address.

You seem to be telling us that you are using utorrent.

The threads about azureus are exactly relevant to the issue you are seeing.

utorrent is a another peer to peer application (just the same as azureus or bitorrent).

You have accepted an offer from another utorrent user to connect to them.  They have told you to connect to them on port 110.  You have done so. 

avast assumes that any connection to another system using port 110 is for the purpose of accessing email (that is the standard use of port 110). So avast intercepts that port and monitors the stream of data assuming it to be email traffic that should be scanned for viruses. 

If you wish to continue connecting to other utorrent peers who tell you to connect on port 110 then you have no choice but to proceed to exclude the utorrent.exe process within the [MailScanner] section of the avast4.ini as you have described.

Yes, it does matter that this is within the [MailScanner] section.

You will be relying on the Standard Shield to protect you by scanning any potentially unsafe files you download to your system from other utorrent clients.

I would have to defer to the avast team for confirmation but it may be that unless you exclude the utorrent process not only will you see the timeout messages (which are not affecting you very much at all) but it may be that avast will be unnecessarily caching the data stream thinking it represents email, this may be affecting your system performance (depending on the volume/speed of the datastream).
Title: Re: avast! Mail Scanner [ip 141-58-173-82.dyndsl.versatel.nl, ip1..
Post by: peertwo on February 17, 2006, 11:13:34 AM
Thanks for answering the question.
I'll probably edit the .ini file

I have one query, and I may be exposing my n00b status again here.

utorrent is not using port 110
it is using only ports >10000

or have I misunderstood ?

PS Just to clarify I am not "washann", nor have I ever posted on any Avast forum in this or any other name.
washann refered to a popup box, with a need to click it, and associated freezing. I have not had this. Just the icon in the corner.
Title: Re: avast! Mail Scanner [ip 141-58-173-82.dyndsl.versatel.nl, ip1..
Post by: peertwo on February 17, 2006, 11:39:22 AM
I have just discovered that this issue seems to be blocking my sending any outgoing mail  :o
I use "Pegasus Mail v4.30 beta1" (have used pegasus for years without any troubles)
Title: Re: avast! Mail Scanner [ip 141-58-173-82.dyndsl.versatel.nl, ip1..
Post by: alanrf on February 17, 2006, 10:36:53 PM
While you may have told utorrent to only use ports >10000 on your system what matters in the situation you have encountered is which port the person you are connecting to is using.

When we say connect on port 110 what it really means is send a request to the other system at that system's port 110 (which is the port that is waiting on that system to accept connections), it has nothing to do with the ports on your system. 

So when you try to receive your email and connect to the mail server on port 110 you are making a connection to the mail server's port 110.  This is what avast intercepts; avast assumes that when you try to access any other system at its port 110 you are doing so to get email - there is no magic here, it has nothing to do (as so many people seem to think) with avast somehow knowing every email program in existence.  When you place the exclusion in the avast4.ini file you simply tell avast not to trace the connection if it is being initiated by the program you want excluded.

The same is true when you send email.  If you are using regular SMTP to send your email then you will attempt to connect to your mail server on its port 25 (the standard prot for sending SMTP mail).  Again avast cares nothing about which program is making the connection.  If it is going to port 25 avast assumes it is sending email and will scan it.   

It is not very likely that this issue is blocking your outgoing mail. 

Are you able to receive mail?
Are you using a firewall - if so which one?

You can, if you wish for a while get avast to create a detailed log of your mail connections.  This may help to identify why your outgoing mail is apparently blocked.

This will also require an edit to avast4.ini file again in the section:

[MailScanner]

add the line:

Log=20

and save the updated file.

The log will be in Program Files\Alwil Software\Avast4\DATA\log\ashmaisv.log

Please try to send an email - hopefully the send failure will occur and be recorded.

If you are then willing to share the log ... please first obscure any personally identifiable information in it ... we shall have a better chance of understanding what may be causing the problem.