Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: ehsmeng on March 25, 2007, 11:33:50 AM

Title: Avast strips starttls?
Post by: ehsmeng on March 25, 2007, 11:33:50 AM

Hi,

I'm trying to make encryption work on outgoing mails using Thunderbird.

If I use TLS, Thunderbirds whines about there not being any STARTTLS. And indeed, a quick telnet agreed on that:

Connected to mail.example.com.
Escape character is '^]'.
EHLO example.com
220 example.com ESMTP Postfix
250-example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250 8BITMIME

But when I "Stop On-Access Protection" in Avast I do get the Starttls:

Connected to mail.example.com.
Escape character is '^]'.
EHLO example.com
220 example.com ESMTP Postfix
250-example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250 8BITMIME

How can I make Avast just "check outgoing where possible and let me encrypt as I want"?

Thanks,
Marcus

Title: Re: Avast strips starttls?
Post by: DavidR on March 25, 2007, 02:28:07 PM

avast can't check encrypted email, as it is effectively 'outside' the email client and encryption process. That is the whole point of encryption so it doesn't handle it well if you standard pop3/smtp ports for encrypted email.

avast intercepts the outbound email to scan it and once done then hands it off but it believes it is plain old smtp port 25 traffic so doesn't know to initiate the 'STARTTLS' command. Sorry this is a very simplified interpretation of my limited understanding of this. Also see http://forum.avast.com/index.php?topic=26654.msg217996#msg217996 (http://forum.avast.com/index.php?topic=26654.msg217996#msg217996)

To be able to scan encrypted email avast needs a third party interface, STunnel.
Gmail and Avast Providers (http://forum.avast.com/index.php?topic=14854.msg125401#msg125401)
Solution: Using GMail with Avast and a SPAM filter (http://forum.avast.com/index.php?topic=10428.0)
Redirecting multiple SSL accounts (http://forum.avast.com/index.php?topic=12258.0)

What ports are you using and what does your ISP (?)/email service say you should use ?
There are ports allocated for SSL/TLS connections. Secure Ports POP3 995; SMTP Ports, Thunderbird-587 - Outlook/Express-465. Also see http://email.about.com/od/gmailtips/qt/et010605.htm (http://email.about.com/od/gmailtips/qt/et010605.htm)