Post by: ondrej.kolacek on November 16, 2020, 03:29:08 PM
TL;DR: Temporarily disable Avast Mail Shield on Big Sur if this is happening to you.

Problem: Mail stops working with Avast Antivirus Mail Shield active

Affected mail applications: Apple Mail, Spark (both seem to use the same communication framework), possibly more. Does not happen with all email clients, eg. Thunderbird works fine

Conflicting apps: It seems any app that uses System Extension which filters network connections. We have reproduced it with:
Cisco AnyConnect (even installing only VPN module without actually using it causes System Extension to be started)
Little Snitch firewall
Microsoft Defender

What is happening: Apple Mail or similar mail app connects to mail server but fails to initialise secure connection and fails communicating. This is probably not caused by Avast Antivirus or any of the conflicting apps; it seems like a bug in the Apple's networking library used by the mail client. Web Shield (web browsers) and alternative Mail clients (like Mozilla Thunderbird) are working fine in a similar situation.

How to find out potential conflicting apps: run Terminal and in it run the following command:
systemextensionsctl listoutput may be like:
4 extension(s)
--- com.apple.system_extension.network_extension
enabled active teamID bundleID (version) name [state]
* * 6H4HRTU5E3 com.avast.Antivirus.SystemExtension (1.2.72/1.2.72) Avast Antivirus System Extension [activated enabled]
* * UBF8T346G9 com.microsoft.wdav.netext (101.13.75/101.13.75) Microsoft Defender ATP Network Extension [activated enabled]
* * DE8Y96K9QP com.cisco.anyconnect.macos.acsockext (4.9.04043/4.9.04043) Cisco AnyConnect Socket Filter Extension [activated enabled]
--- com.apple.system_extension.endpoint_security
enabled active teamID bundleID (version) name [state]
* * UBF8T346G9 com.microsoft.wdav.epsext (101.13.75/101.13.75) Microsoft Defender ATP Endpoint Security Extension [activated enabled]
The relevant are the extensions with * under "active" in com.apple.system_extension.network_extension section; in this case, aside from Avast there is Microsoft Defender and CiscoAnyConnect. Please note that not all system extensions listed there must be conflicting!

What to do (workaround): Either disable Avast Mail Shield in Avast GUI or disable the conflicting apps. This is easier said than done, eg. Cisco AnyConnect starts system extension even when it is inactive; uninstall of such applications may be the only other solution.
For those who may have problem with their company requiring them to run antivirus when connecting to VPN, you can try to disable Scan Secure Connections in Avast Preferences, tab Core shields, section Email Shield, and set up your mail to only use secure connection (IMAPS - port 993, POP3s - port 995)

What have we done: We have reported this issue to Apple.

After throughout analysis, the only workaround currently possible is to turn off scanning of email traffic for those that are affected. In the next version (Avast 14.7) we will automatically do this if we detect a clashing product. ETA for this new version is end of next week. Please turn off Mail shield manually in the meantime. We are very sorry that we have not caught this issue in our testing and that we are adding problems to all of you affected. The fix of the underlying issue needs to be done on Apple side.
Post by: Thomas812 on November 17, 2020, 04:21:22 AM
Nice try to push it to Apple.

Why did this not occur to Avast during product testing? Don't you test for production environment, where VPN connections more often then not are a must, with CISCO being a world standard for this, particularly under work-at-home Corona?

Did Corona work at home and Big Sur catch you guys completely by surprise?

Then, how come, that Avast has this problem and other AV have not (case at point: Intego)? What is "reporting to Apple" other than trying to shirk responsibility?

My work has been seriously affected by Avast product failure. I wasted so much time on this issue, that I blamed on anything but Avast, including the wifi router.

I am being paid by the hour, you know? And jobs are very hard to come by these days. Not using antivirus and VPN breaks the agreements at the base of my work.

If Avast had done proper product testing, then the issue would have occured to you. Then the very least you can do is sending out a warning to your customers "please don't upgrade OSX, particularly not if in a production environment, we are not ready yet."

But since the issue did not occur to you because you are overly confident in your product and did not feel the need to properly test it in the first place, you of course did not see the need of warning your customers.

I think there is potential for some lay-offs at Avast.

I expect Avast to improve its act dramatically.
Post by: lxt on November 25, 2020, 11:29:10 AM
Hi Ondrej,

Many thanks for the precious instructions (Terminal did return both Radio Silence and Avast as a potential source of issues). I disabled Avast Web Shield for now. Mail app is now back in business and Radio Silence (currently in a beta in order to run on Big Sur) works like a charm. I am looking forward to v14.7 and hopefully Apple will address this painful incident in the upcoming 11.1 release.

Post by: ondrej.kolacek on January 14, 2021, 11:16:43 AM
in today's Developer Beta of MacOS Big Sur 11.2 beta2 build, the issue seems to be finally fixed by Apple. This means that when MacOS 11.2 is released, it should work fine!
Kind regards,
Ondrej Kolacek
Post by: Corby on March 01, 2021, 04:57:15 PM
Has this issue indeed been resolved? 

I am on MacOS 11.2.1 and Spark I have had the email shield turned off for a number of months while waiting for the issues to be worked out. Upon review of this post today, I ran the "systemextensionsctl list" terminal command.  Unless I am misunderstanding what I should see here, it looks like there is still a conflict:

1 extension(s)
--- com.apple.system_extension.network_extension
enabled   active   teamID   bundleID (version)   name   [state]
*   *   6H4HRTU5E3   com.avast.Antivirus.SystemExtension (1.2.74/1.2.74)   Avast Antivirus System Extension   [activated enabled]
Post by: jakub.bednar on March 02, 2021, 12:01:49 PM

The issue was resolved by Apple. In versions prior to 11.2, having competing Network Extensions caused errors in one of Apple's communication libraries. It seems they have fixed the library in macOS 11.2 so the errors should not occur even when there are multiple network extensions on the same system. Please try to enable the MailShield and see if your Spark client works or not.

Kind regards,

Jakub Bednar