Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: rbeane on April 10, 2007, 11:03:02 PM
-
Should a HTML email message that comes into Outlook 2007 connect through the webshield when it accesses information from the website? If I open show that message in preview mode under outlook it shows the connection from my IP address to the foreign address when running netstat command. Also if I look at the webshield last scanned field it doesn't show up.
I also have problems with other programs not going through the webshield. Rssreader.exe which I mentioned in another thread. Could there be a problem with the asrdr.sys(I assume this is what controls the automatic proxy webshield)?
-
WebShield scans - by default - only HTTP traffic through port 80.
Do the other two programs fill this requirements? Did you change WebShield settings?
-
Yes port 80 and no except 3 urls to exclude under exceptions.
-
Yes port 80 and no except 3 urls to exclude under exceptions.
But do they use protocol HTTP or use POP/SMTP or other one?
-
It is http.
-
Hmmm...
Maybe you should activate logging in WebShield:
1. Edit <avast>\data\avast4.ini file
2. Find the section [WebScanner]
3. Add the line:
EnableLogging=1
4. Restart Web Shield in XP (terminate and start again) or whole PC in case of Win98
5. Browse (trying to access some webpages)
The log file are <avast>\data\log\ashwebsv.log and ashwebsv.ws.
They would be accessible when WebShield is terminated again.
Post them here or send by mail to rypacek (at) asw.cz
After that, disable the logging to avoid a big log file.
-
I will try that and post back. thanks
-
Just a couple of other points.
One (that has already been mentioned I believe) is that scanning of http traffic is by an inclusion list managed by avast. So only the http connections initiated by processes in the list will be scanned.
You can include extra processes yourself by editing the avast4.ini file.
I believe that avast should be scanning the http accesses involved in rendering your html messages when they are displayed by Outlook. However, if you are re-reading a message or reading a message that has a common access with a previous message then those pages are likely to still be in the cache so the http outbound access is avoided and avast will not show it in the "last scanned" entry.
-
Outlook is not on the "safe browser for webshield" list because of possible HTTP webmail (MSN/Hotmail) connections. MSN uses nonstandard extensions to WebDAV that can somehow confuse WebShield.
If you're not using Outlook to grab email from Hotmail (via the "HTTP" nonstandard interface) you can add Outlook.exe to the list of processes that will be scanned. To do this, add the following line
OptinProcess=Outlook.exe
to the [WebScanner] section of the file <avast>\data\avast4.ini. Then restart the WebShield provider and you should be all set.
Cheers
Vlk
-
There was nothing in the log file for the outlook html message with web content in it. Nor anything from the rssreader software. I will try the optin for the rssreader. As for outlook even if the message has been read if there is web content that is retrieved online when the message is viewed it should go through the scanner. Otherwise, couldn't a message be sent with something malicious retrieved from the web page
-
Optin=1
OptinProcess=rssreader.exe, outlook.exe
Is the above correct because it doesn't pick up the outlook web content?
-
Optin=1
OptinProcess=rssreader.exe, outlook.exe
Is the above correct because it doesn't pick up the outlook web content?
Remove the blank space:
OptinProcess=rssreader.exe,outlook.exe
-
I don't think you need the Optin=1 line, though it doesn't seem to have any effect.
-
Vlk,
I will always bow to your judgement in these matters.
However, I retrieve my email from Hotmail all day every day (as do others I support) using Thunderbird. Ah, you are about to say, you are using an http screenscraper. Well, no we are not. We all have WebDav enabled Hotmail accounts and we are all using the WebDav interface to retrieve and send mail as supported by the Thunderbird Webmail extensions.
Thunderbird is in your "scan http" list and it works just fine - not a problem since the day you added it to your list.
-
David,
been a while since we talked about the Optin process for Webshield.
If you recall its default value is Optin=1 which means that the avast Optin process is to be used and the unknown avast list and any extra user specified inclusions are to be scanned by the Webshield. The value of Optin=0 means that that the Webshield is simply to scan all http accesses by all processes.
-
alanrf, you're probably right that after all, WebShield CAN handle MSN's HTTP interface for fetching emails. However, what's certainly confusing is the way it reports a virus, if found. That is, the standard WebShield virus dialog, with the "Abort Connection" button, somehow doesn't work in this scenario. Clicking that button simply aborts downloading of the email (or all emails) - and that's probably not what we'd hope for in this case. The same of course happens on each and every successive attempt to grab email (until WebShield is stopped, or the offending message is deleted from the server - possibly from another machine).
That's why we're somehow reluctant to including mail clients to the default optin list.
Cheers
Vlk