Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: whafro on April 11, 2007, 04:39:26 AM

Title: Disabling the Mail Scanner
Post by: whafro on April 11, 2007, 04:39:26 AM
Hey Folks,

As of two days ago, my family (who lives on the other side of the country) started complaining that they were unable to check their email, saying the server was rejecting connections (was having no such issues myself, though I'm on a mac).  After troubleshooting for a bit over the phone, I found that killing Avast's processes made it work.  So it seems like the mail scanner is the culprit.

This just happened recently, and doesn't seem to correlate to any server-side changes (and no other users, besides the three of them, who are using thunderbird on windows, are having any issues, including other thunderbird for windows users who presumably aren't using Avast).

Does this seem like a reasonable conclusion?  I don't want to have them disable Avast entirely, so how can I describe to them to disable the mail scanner itself?

Thanks for the help!

Title: Re: Disabling the Mail Scanner
Post by: alanrf on April 11, 2007, 05:26:43 AM
Well something certainly changed.

It might be better to find and fix the problem than just turn off some of their protection. 

For example did they install any update to avast or have any change to their firewall that might now not allow the avast email scanner process (ashMaiSv.exe) outbound access? 

Might someone have tried to load another anti-virus product alongside avast (that could certainly explain this occurrence) and could lead to more problems later?

Later edit: There are quite a lot of us Thunderbird users who also use avast, if there were a generic server connection issue be sure this forum would be lit up like a Christmas tree.

Title: Re: Disabling the Mail Scanner
Post by: DavidR on April 11, 2007, 02:26:36 PM
What would be more helpful is the full text of the error message or a screenshot of it ?

I assume that these people were previously able to send and receive email ?
Has their ISP changed the email security in any way, commonly secure email, using SSL/TLS connection ?

As Alan mentions the most common cause of this type of thing is the firewall (which is ?) blocking the ashMaiSv.exe the avast email scanner. Unfortunately there isn't enough information to say why this might be happening.

Whilst they are unable to receive or send email, any protection is a moot point, so an interim work around until the true cause is found would be to terminate the Internet Mail Provider. Right click the avast icon, select On-Access protection Control), select the Internet Mail Provider and click terminate, answer Yes to the persist changes question.

This is however, 'not' a good or permanent solution as you lose the valuable email protection
Title: Re: Disabling the Mail Scanner
Post by: whafro on April 12, 2007, 12:24:03 AM
Thanks for your responses.

The mail server (which I run) has always had TLS enabled, and their Thunderbird settings reflected this as "TLS, if available."  Their connection would fail with the error: cannot log into slinky.jounce.net because server has disabled login.

When I had them switch their settings to TLS only, I got the following response:
The current command did not succeed.  The mail server responded:TLS not supported by avast mail scanner

When switched to SSL or killing Avast entirely, things work fine.

if Avast doesn't support TLS anyway, I'd prefer them using TLS/SSL than have virus protection at that stage of the game, personally.

On the server side, dovecot's imapd reports that the failed login attempts were logged as follows:

Apr 11 15:07:57 localhost dovecot: imap-login: Aborted login: rip=, lip=

(IPs obviously changed from their correct (and sensical) values.

Title: Re: Disabling the Mail Scanner
Post by: DavidR on April 12, 2007, 01:41:08 AM
avast doesn't monitor SSL/TLS connections, since they are encrypted, that is the whole purpose of secure email to keep prying eyes out including AVs. Since avast is outside the email client it can't scan this content.

What is the ISP ?

What ports do you use for the POP3 and SMTP server ?
If you are using the regular POP3 (110) and SMTP (25) ports this is why the connection effectively stalls as avast is trying to handle it as normal POP protocol traffic which it isn't.

Using a third party application STunnel allow avast to scan said secure email.
Stunnel now comes as an installer which installs Open SSL and Stunnel so now you just have to download the installer version from here http://www.stunnel.org/download/binaries.html (http://www.stunnel.org/download/binaries.html)
Redirecting multiple SSL accounts (http://forum.avast.com/index.php?topic=12258.0)
Gmail and Avast Providers (http://forum.avast.com/index.php?topic=14854.msg125401#msg125401)
Solution: Using GMail with Avast and a SPAM filter (http://forum.avast.com/index.php?topic=10428.0)

These examples for the most part reflect STunnel being used with gmail but should give you an idea.