Cannot get Gmail scanned by Avast

[VanguardLH]

Avast! Free 7.0.1474
Windows XP Pro SP-3
MS Office 2003 w/Outlook

The add-on for Avast in Outlook isn't there.  I already started another thread asking why it is missing.  Until then I figure to make Avast scan the e-mail traffic using its transparent proxy by having Outlook connect to Gmail using non-encrypted connections on standard ports (110 for POP and 587 for SMTP).  In Avast's Mail Shield under the SSL config, I added the Gmail hostnames and ports:

pop.gmail.com, SSL, 995
smtp.gmail.com, SSL, 465

I've already read several threads here about setting up Gmail with Avast, including the following article, but they didn't help:

https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1384&nav=0,1,694

Note that when Outlook is configured to use these ports that I can successively access my Gmail account (which is already configured to allow POP connects).  It is when Outlook is configured to use the non-SSL ports (110 and 587) that Avast fails to intercept the non-encrypted connection and then make its own encrypted connection to Gmail's servers.  There isn't much of an error in Outlook to see other than its status of:

Task 'Gmail - Receiving' reported error (0x80042108) : 'Outlook is unable to connect to your incoming (POP3) e-mail server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).'

As soon as I reconfigure Outlook to resume using SSL ports for the Gmail account then I can get Outlook to successfully access my Gmail account.  So the problem resides with Avast not intercepting the non-encrypted connection from Outlook.

In other AV products that do a similar means of intercepting e-mail traffic (or making users configure their e-mail clients to directly connect to the AV's proxy), there is often a log showing just what happened when the AV's proxy attempted to make the SSL connection to the e-mail server.  Without such a log, the user cannot tell if the AV's proxy even discovered or handled the e-mail connection from the local e-mail client or, if it did that okay, if the AV's proxy had a problem connecting to the e-mail server.  The AV is sitting between the e-mail client and the e-mail server.  Any status shown by the e-mail client is with its communication with the AV proxy.  Still it may not be evident if the problem was connecting to the AV proxy or with the AV proxy making its connection to the e-mail server.  With no log, the user can't see what happened between the AV proxy and the e-mail server.

POP only has 2 statuses: OK and ERR.  The server may add comments but they are not standardized text strings and there is no assurance the e-mail client will display those strings.  That the e-mail client shows an error says NOTHING about whether it ever connected to the AV's proxy or if the AV proxy had a problem of its own connecting to the e-mail server.  Is there a log in Avast showing what its Mail Shield did with regard to e-mail traffic?  When I issue a poll from the e-mail client, I need to see if Avast even saw and intercepted that e-mail connection.  If Avast didn't see or intercept the e-mail connection then the trouble is with Avast.  If that was okay then I need to see what happened when Avast tried to connect to the e-mail server.  After all, Avast is the actual client that is connecting to the server.

Yes, I know Gmail already scans for malware in received e-mails but that doesn't obviate that Avast *should* work for [re]scanning that same e-mail when the local e-mail client wants to retrieve it.

[JuninhoSlo]

Did you disable SSL protection for incoming/outgoing emails? Avast will create own SSL protection,so try to disable SSL (outgoing/incoming) protection and see what would happen,you can also send "test email" to yourself. Avast Free never had any Add-on toolbar for Outlook.

[VanguardLH]

When Gmail account works in Outlook (not using Avast scanning)

Outlook settings:
 POP:
 host = pop.gmail.com
 port = 995
 SSL = enabled
SMTP:
 host = smtp.gmail.com
 port = 465
 SSL = enabled

Avast Mail Shield - SSL accounts:
Irrelevant (not used).  Avast cannot intercept SSL traffic from Outlook to server.

When Gmail account fails in Outlook (using Avast scanning)

Outlook settings:
 POP:
 host = pop.gmail.com
 port = 110
 SSL = disabled
SMTP:
 host = smtp.gmail.com
 port = 587 (also tried 25)
 SSL = disabled

Avast Mail Shield - SSL accounts:
pop.gmail.com, POP3, 995, SSL
smtp.gmail.com, SMTP, 465, SSL

Despite configuring Outlook to use not use SSL and the standard (non-SSL) ports, Outlook fails to connect.  Well, all I really know is that either:

• Outlook failed to connect to Gmail (which demands SSL connects) which means Avast did not intercept the e-mail connection.
• Or Avast's proxy intercepted Outlook's e-mail connect (so Outlook never got to Gmail) yet Avast refused the connection so Outlook errored.
• Or Avast's proxy intercepted Outlook's e-mail connect but Avast failed to connect to Gmail.

How do I tell if Avast ever intercepted the non-encrypted e-mail connection from Outlook?  That is, when Outlook fails when not using SSL, how do I know if Avast actually saw Outlook trying to connect and grabbed that connection?

[JuninhoSlo]

Try this delete email rules in Avast mail shield,and set up SSL protection (incoming/outgoing server) to None,restart your PC,open Outlook 2003 again and send "test" email" to yourself,do you still have same problem? Have you ever get Avast pop-up which says: "Avast has detected a secure connection from your email program,something like that?

[VanguardLH]

Try this delete email rules in Avast mail shield,

What rules?  The only Mail Shield settings I see are those mentioned (SSL accounts).  There are no rules, like "If FROM contains <string> then flag with <string>".

and set up SSL protection (incoming/outgoing server) to None,

What does that accomplish?  That looks to have my e-mail client (Outlook) use non-SSL connects to have Avast intercept them and then Avast does non-SSL connects to the e-mail server.  That won't work because remember that Gmail will NOT accept non-SSL connects.  Gmail demands SSL.  So Avast won't be able to connect and I end up erroring anyway just like I am now.

restart your PC,

Are you insinuating that changes in Avast's Mail Shield require a reboot for them to be effected?

open Outlook 2003 again and send "test" email" to yourself,do you still have same problem?

Gmail requires SSL connects.  Your test scenario is doomed to fail.  Gmail will not accept non-SSL connects.

Have you ever get Avast pop-up which says: "Avast has detected a secure connection from your email program,something like that?

I have never seen that prompt.  The option in the SSL accounts settings of "Automatically detect and warn about unprotected SSL connections" is enabled.

My assumption is that Avast's Mail Shield will only intercept outbound connections, not inbound connections.  Yet today when I went back into the SSL Accounts settings in Mail Shield, I see new SSL setups in there that I never added.  For example, a new entry (not added by me) exists for "giganews.com, NNTP, 119, None".  That is, it is for connects to giganews.com for Usenet (newsgroups) and non-encrypted.  I don't have a Giganews account for newsgroups.  My newsreader (40tude Dialog) does not have an account defined for Giganews (because it wouldn't work since I don't have an account at Giganews which is a paid service and requires a login that I don't have).  The only other newsreader on my host is Outlook Express (which I don't use) and it has no NNTP (news) accounts defined in it.  There may be articles in a newsgroup from someone that submitted through Giganews but that doesn't have me connecting to there.  The only NNTP servers to which I connect at Albasani, Eternal-September, and AIOE.  The following new entries showed up since yesterday and I didn't add them nor did I ever get a prompt about them:

schnuerpel.eu, NNTP, 563, SSL
cesmail.net, NNTP, 119, None
eternal-september.org, NNTP, 563, SSL
giganews.com, NNTP, 119, None

cesmail.net is for Spamcop's NNTP server as they have their own newsgroups that aren't peered to Usenet (i.e., they have private newsgoups).  My newsreader connects to news.spamcop.net but its IP address is 216.154.195.61 for which a reverse DNS lookup gives news.cesmail.net.  I understand why the Eternal-September entry got added because that server is defined in my newsreader and I've visited Usenet since installing Avast.  I've done an nslookup on news.albasani.net to get the IP address and then a reverse nslookup on that IP address to see if the hostname lookup resulted in a different one.  Yep, news.albasani.net = 178.63.61.145 = four.schnuerpel.eu so I understand how that entry showed up.  The Giganews entry showed up because I visit the private newsgroups for Mozilla (to get help on Firefox).  This is because news.mozilla.org = 216.196.97.169 = news.mozilla.giganews.com.  So a problem in using Avast's Mail Shield is that what it detects for a hostname is what I see after performing a reverse DNS lookup but users won't know about that and not understand why an outbound connect request on a hostname results in Avast showing a different one.  If I didn't know something about DNS then I wouldn't know why these new entries had shown up.

Probably the reason is the hostname requires a DNS lookup to get the IP address.  Humans like names but computers demand numbers.  The IP address gets returned as to where my computer is to connect and that is what Avast's Mail Shield sees as the actual connection endpoint.  But to be friendly, Avast does a reverse DNS lookup on the IP address to show a hostname for that endpoint.  That is, Avast shows a hostname instead of an IP address but the IP address is what my host gets back for the endpoint to where it connects and Avast translates that IP address back to a hostname.  A reverse DNS lookup, like what Avast is doing, often results in a different hostname or multiple hostnames.  If the connection were to Akamai, well, they have worldwide load-balancing servers with multiple IP addresses and those can have multiple hostnames.  Site owners that use a webhoster may show a different reverse lookup hostname (for the webhoster) than the one they registered and the DNS server points at the webhoster.  I also suspect the outbound DNS request is not SSL secured so Avast isn't going to see it to know that an outbound connection will soon appear for that hostname.  Client does an outbound DNS request (non-SSL) to translate from hostname to IP address, client gets IP address, client makes outbound SSL connection to that IP address, Avast sees the outbound SSL connection and adds an entry to its SSL Accounts list.  At that point, Avast only has an IP address so it does a reverse DNS lookup on IP address to get back a hostname (which may not work due to no A record at the DNS server or failed chaining upward to the next DNS server on a failed lookup, or result in a different hostname).  The friendly feature of showing hostnames instead of the actual IP addresses used for the connections can bite you in the arse if you don't know anything about DNS.

Does the prompt that Avast found a new SSL connection evaporate?  If so then it's very likely I wasn't at the computer and the prompt was gone by the time I got back.  Prompts that don't stick means they are worthless when the user isn't at the computer.  Yet the prompt should've shown up at the time when I loaded my newsreader and it connected to the various NNTP servers.  Never saw the prompt.

So Avast is detecting the outbound connections but not only for SSL but also for non-SSL.  After all, two of the new entries were "None" (non-encrypted) and those are accounts defined in my newsreader that don't use SSL (I don't know if those NNTP servers support SSL connects).  I have yet to see a prompt from Avast telling me it found an "unprotected SSL connection".  Because Avast never installed the add-on to Outlook to interrogate e-mails from within, I had to go through this SSL Accounts setup where the Mail Shield intercepts e-mail traffic (as it would for other e-mail clients).  Note that the setup works for getting my e-mail client to connect to my ISP's e-mail servers.  For my e-mail accounts at my ISP, I configured Outlook to *not* use SSL.  That is, each account at my ISP defined in Outlook is using non-SSL connects.  Avast is configured to intercept those non-SSL connects from Outlook and then it does the SSL connect to the server.  Those accounts work.  However, because I see no logging within Avast's Mail Shield as to when it intercepting the e-mail connects and what was the status or logging of its connect to the server, I really cannot tell if Mail Shield is working at all.  After all, my ISP will accept both non-SSL and SSL connections to their e-mail server.  So it could be Outlook is connecting when using non-SSL to the server and Avast isn't even involved.  Just because I configure Outlook to use non-SSL connects and configure Avast to intercept those connects and then use SSL on its side to the server doesn't mean it is really working that way.  There's no way for me to peer into the working of the Mail Shield to see (1) That a client connected via non-SSL to Mail Shield, and (2) That Avast followed with an SSL connection to the e-mail server.  There's no logging of its operations!  This is one major reason why I'll probably dump Avast's Mail Shield.  If there are problems then I can't tell if it's with the e-mail client, with its connect to Mail Shield, if there ever was a connection to Mail Shield, or if Mail Shield had problems connecting to and transfer with the server.

For the SSL accounts that work (where Outlook is configured for non-SSL connects and Avast is configured for those e-mail servers to have it use SSL), the reverse DNS lookups result in getting back the same hostname.  That is:

pop.comcast.net = 68.87.26.158, 76.96.40.158 = pop3.westchester.pa.mail.comcast.net, pop3.emeryville.ca.mail.comcast.net
smtp.comcast.net = 76.96.40.155 = omta.emeryville.ca.mail.comcast.net

There is no change in domain although the hostname changes.  However, for Gmail, I get:

pop.gmail.com = 74.125.133.108, 74.125.133.109 = ia-in-f108.1e100.net, ia-in-f109.1e100.net

So there is a change in hostname after doing a reverse DNS lookup.  While the 1e100.net domain's leasee is Google, it is a different domain than the original one (that would've spurred the DNS lookup to get an IP address), plus the DNS lookup results in more than one IP address.  Maybe this is what causes Avast to fail when trying to get my e-mail client to connect to Gmail.  That's just a guess.  Do YOU have Avast's Mail Shield working with a Gmail account (which demands SSL connects)?

[Due to the 10K character limit in posts, the remainder of my response continues in the next post.]

[VanguardLH]

[Continued from previous post]

Without any logging in Mail Shield to show me that a client connected to it, including the details of the POP/SMTP commands it received after establishing the connection, along with logging Avast's connection to the e-mail server, including all the commands it sent and statuses received, there is no way to troubleshooting this transparent proxy.  It looks to work for non-Gmail account but, again, that's just looks.  I don't know that configuring Outlook to use non-SSL connects and configuring Mail Shield on those e-mail servers actually has Outlook connecting to Mail Shield.  Outlook may just be going directly to the e-mail servers and bypassing Mail Shield altogether so that it works is because Mail Shield isn't even involved.  Those non-Gmail accounts accept non-SSL and SSL connects.  So it's not like I can configure non-SSL connects in Outlook and it fails to show that Mail Shield never intercepted those connects.

Avast was supposed to install an add-on in Outlook.  It didn't.  Avast is supposed to intercept the non-SSL connects from Outlook and then it does the SSL connect to the server.  There's no way to prove that happened since there's no logging by Avast.  Avast is showing the reverse DNS lookup to provide a hostname which may not and often does not match the original hostname which results in users wondering why unknown hostnames show up in the SSL Accounts list.  Although it looks like the setup works for my ISP e-mail accounts, I cannot get the same setup to work for Gmail (which makes suspect that my ISP e-mail accounts are even getting intercepted by Avast).  I've used Avast for a couple years; however, before I never bothered to install the Mail Shield as it seemed superfluous.  Its on-demand scanner will catch any malware attachments that I might choose to extract from an e-mail.  I found that Avast is incapable of opening the .pst file and deleting records (e-mail items) from that database on a full scan.  The add-on is missing so I can't capture malware that way.  So I figured, well, maybe I'll just capture any malware that shows up in new e-mails that I receive hereafter.  Without logging, I can't tell that the Mail Shield is intercepting my non-SSL connects from Outlook.  And Mail Shield fails when I try to use non-SSL connects for the Gmail account (and where Mail Shield then does SSL connects required for Gmail).  So it looks like Mail Shield is just as bogus or superfluous now as it has been.  Time to remove it and get rid of the headaches and unknowns regarding its operation (or lack thereof).

[Pondus]

Avast was supposed to install an add-on in Outlook.  It didn't

have you tried avast repair?

I cannot get the same setup to work for Gmail (which makes suspect that my ISP e-mail accounts are even getting intercepted by Avast)

have you tried sending EICAR test virus to your account

http://www.aleph-tec.com/eicar/index.php

will not work if ISP have virsus scan on the mail server....and remove it before it arrive at your comp

[VanguardLH]

Avast was supposed to install an add-on in Outlook.  It didn't

have you tried avast repair?

A repair on a brand new and first time install of Avast?  As I've said, without Avast providing any logging as to what is happening with their Mail Shield (showing me that it connected to the client and then it connected to the server and what POP commands were received by the client that it then sent to the server) means I have no means of verifying that this transparent proxy is working.  Could be when I configure the Gmail account in Outlook to not use SSL that Mail Shield isn't intercepting the connection so Outlook goes directly to the Gmail server -- and that won't accept non-SSL connects.  If Mail Shield is not intercepting the connection then it's obvious why Outlook fails: Gmail demands SSL connects.

That I have to hope Mail Shield is working and cannot verify its operation pretty much means it isn't something I want to use.  I've used anti-spam, SSL tunnel (with e-mail monitors that don't support SSL connects) and other types of proxies and those provided a means of verifying its operation.  I could see the client got connected to the proxy.  I could see the proxy then connected to the server.  I could see the commands the proxy sent to the server and the statuses it got back.  Because I was able to see the operation of the proxy meant I could troubleshoot any problems with it.  Not with Mail Shield.

I cannot get the same setup to work for Gmail (which makes suspect that my ISP e-mail accounts are even getting intercepted by Avast)

have you tried sending EICAR test virus to your account
http://www.aleph-tec.com/eicar/index.php
will not work if ISP have virsus scan on the mail server....and remove it before it arrive at your comp

That won't work.  Gmail already employs malware scanning of e-mails.  So, as others have noted, I probably could skip trying to get Avast interrogating my e-mail traffic from Gmail since Google already scanned that e-mail.  But we all know that no AV scanner is perfect, especially when just signatures are used, and that overlapping of AV scanners provides better coverage.  In fact, some AV products incorporate 3 on-demand scanners to improve coverage.

I would have to find some malware that Gmail's AV scanner doesn't already detect but which Avast would detect.  I would need one to be blind and the other sighted regarding the same malware sample.  I don't think I can find a malware sample that would meet both conditions and frankly I really don't want to go searching for one.  I suspect your idea was to send myself a malware attachment to my Gmail account and then see if Avast alerted on it.  I'm wondering if Mail Shield always adds some headers to scanned e-mails to indicate if they are clean or infected.  Then I could send myself a test e-mail to my Gmail account, poll it using Outlook, and look at the headers.  Ooops, another problem there: Outlook recodes e-mail to fit into the records for its database so the headers may get modified (something Spamcop knows about when submitting spam mails to them).  I could use Outlook Express which is better at viewing the headers without modification.  A problem that I see with Avast modifying or adding headers is that would corrupt the hash used in generating a digitally signed e-mail.  Anyone that sends me a digitally signed e-mail would result in me seeing that e-mail was suspect of corruption.  It got changed so the hash changes.  So if Avast is adding headers identifying its operation then I'll end up having problems with receiving digitally signed e-mails.

Without logging, I can't tell what Mail Shield is doing regarding its supposed interception of client connects and then pretending to be the client to the server.  The same setup works for my ISP's e-mail accounts but not for Gmail.  If Avast is adding headers to scanned e-mails, that corrupts digital signatures (for me sending signed e-mails or for others sending me signed e-mails).

[Pondus]

A repair on a brand new and first time install of Avast?

maybe something went wrong during your install....since the outlook add on is not there ?
controlpanel > ad/remove programs > avast > uninstall > repair option....wait a couple of minutes and reboot

That won't work.  Gmail already employs malware scanning of e-mails.  So, as others have noted, I probably could skip trying to get Avast interrogating my e-mail traffic from Gmail since Google already scanned that e-mail.  But we all know that no AV scanner is perfect, especially when just signatures are used, and that overlapping of AV scanners provides better coverage.  In fact, some AV products incorporate 3 on-demand scanners to improve coverage.

Gmail is using two AV..from Authentium and McAfee

[JuninhoSlo]

What rules?  The only Mail Shield settings I see are those mentioned (SSL accounts).  There are no rules, like "If FROM contains <string> then flag with <string>"

Yes you have to delete all SSL/TLS settings in Avast mail shield.

What does that accomplish?  That looks to have my e-mail client (Outlook) use non-SSL connects to have Avast intercept them and then Avast does non-SSL connects to the e-mail server.  That won't work because remember that Gmail will NOT accept non-SSL connects.  Gmail demands SSL.  So Avast won't be able to connect and I end up erroring anyway just like I am now.

Gmail demands SSL protection,you right but you have to turn off SSL protecion for incoming/outgoing server,way? Avast will create own SSL,TLS or IMAP protection for your email that,s way you have to disable SSL protection(incoming/outgoing server) in your email client. Of Course you can leave SSL protection ON but than Avast email shield won,t check/scan your emails and you.ll get Avast pop-up window,which says: "Avast has detected a secure connection from your email program."

Are you insinuating that changes in Avast's Mail Shield require a reboot for them to be effected?

Yes but you can also try Avast repair function if you want. How to use Avast repair function:

Start-Control Panel-Add/RemovePrograms-Avast-Repiar-Follow Instrcutions-Restart your PC,don,t forget to set up SSL protection for incomig/outgoning server in email clinet to NONE otherwise you,ll be facing with  the same problem again.

Gmail requires SSL connects.  Your test scenario is doomed to fail.  Gmail will not accept non-SSL connects.

That,s right Gmail deamands SSL connects but if you disable SSL protection in email client to NONE (incoming/outgoning server) avast,will create own SSL,TLS or IMAP protection in mail shield,let say a few words about sending email to yourself,I think this is the fastest/easier way to check if Avast mail shield scan my emails,if you prefer sending emails to your friends.....,fine it,s up to you.

I have never seen that prompt.  The option in the SSL accounts settings of "Automatically detect and warn about unprotected SSL connections" is enabled.

Wow strange you should be seen this prompt,Avast always show this prompt if you got SSL protection ON in email client.

Again try this:

1:Delete all you SSL rules in Avast mail shield
2:Set up SSL protection(incoming/outgoning sever) to NONE in you email client
3:Restart yor PC or use Avast repair,I prefer Avast repair......don,t forget restart you pc after you finish with repairing
4:Open your email client,if you want you can email to yourself,friends......
5:Still have same problems

Thank you.

Bye

[VanguardLH]

JuninhoSlo, it appears you missed or forgot my 2nd post in this thread -- the one where I mention the config for Outlook and Mail Shield for when polling Gmail works (when having Outlook connect to Gmail) and when it doesn't (when trying to get Outlook to connect non-SSL to Mail Shield and then Mail Shield to connect SSL to the server).  I understand what should be the proper setup to get Avast to intercept my e-mail connections but it doesn't work -- but only for Gmail.  The SAME setup for my ISP's accounts works okay (Outlook using non-SSL connecting to Mail Shield that then uses SSL).  However, because there is no logging, I cannot truly say that the working config for my ISP accounts (Outlook non-SSL, Avast SSL) is actually using Mail Shield.  Since my ISP accepts both non-SSL and SSL connects, that Outlook using non-SSL works okay could be (1) it connects to Mail Shield and that uses SSL to the server or (2) Mail Shield isn't intercepting the connection and Outlook is still going directly to the server.  Without logs there is no way to see what is really happening with Avast's proxy.  That a config works doesn't prove Avast is involved in the e-mail connection.

In my post with "When Gmail account works" and "When Gmail account fails" listing the two configs, do you see anything wrong there?

I can try the repair later to see if that gets the Avast add-on installed for Outlook; however, while that might fix the problem with Mail Shield not working because the add-on gets used instead in Outlook, it doesn't resolve how to get Mail Shield working for other e-mail clients (which I may use, like Outlook Express as a backup or others that I'm considering switching to later since it is very doubtful that I'll spend money on later versions of Office). 

[JuninhoSlo]

Sorry I didn,t see your second post,please forgive me, everything looks perfect and I really don,t understand why are you unable to recive/send emails ,now you can change your settings in Avast mail shiled(SSL Accounts) to:gmail.com-POP3-995-SSL,gmail.com-SMTP-465-SSL of course don,t forget turn off SSL protection in Outlook for Incoming/Outgoing server you can click on button "Use Defaults" Outlook will change outlook settings to:POP3=110,SMTP=25 you can try also 587

Outlook settings after you turn off SSL protection:(Use Defaults button)
POP3=110
SMTP=25

Avast mail shield-SSL accouncts:

Gmail.com-POP3-995-SSL
Gmail.com-SMTP-465-SSL

In Avast Mail Shield-SSL accounts,check "Automatically detect and warn about....... in case if you create other email account in future.

You mention something about switching to other email client,well I use Mozzila Thunderbird,try it.