Author Topic: Security certificate  (Read 25620 times)

0 Members and 1 Guest are viewing this topic.

Offline sejtam

  • Jr. Member
  • **
  • Posts: 34
Re: Security certificate
« Reply #15 on: June 17, 2013, 11:53:06 AM »
Avast customer service just replied to my ticket:

Quote
Hello,

Thank you for contacting AVAST Software company with your concerns.

First of all, uninstall the current version.
Uninstallation must be carried out from the application's menu bar - item "Uninstall avast!"
Uninstalling avast! Antivirus for Mac:
http://www.avast.com/en-gb/faq.php?article=AVKB67#artTitle


Then install avast! version 7.0.38501 onto your computer, please follow these steps:
http://www.avast.com/en-gb/faq.php?article=AVKB69#artTitle


It seems to have helped. have not checked the certificates as yet though.

Makes you wonder whether Avast's certs are only generated during an install
and need a full removal/reinstall to be regenerated (as the version they told me to install is the one i already had)

Still no good answer on why they inject this bogus(?) cert into the IMAPS stream (and why it only seems to have problems for Gmail/googlemail)

Offline specimen9999

  • Sr. Member
  • ****
  • Posts: 349
Re: Security certificate
« Reply #16 on: June 17, 2013, 11:33:54 PM »
Still no good answer on why they inject this bogus(?) cert into the IMAPS stream (and why it only seems to have problems for Gmail/googlemail)

The answer is simple, that's how the AV is able to scan encrypted connections (IMAPS), Avast acts as the mail client (a proxy) making the connection to the email server, decrypts, scans, encrypts with its cert that it installed on the computer and hands it to the mail client, it's a sort of a hack, if you may, but it's the best way they came up to be able to scan encrypted connections for viruses (the previous way was MUCH worse, trust me).

The process of uninstalling and reinstalling generates a new cert that Avast installs in your computer (it's unique).

Offline doom_laur

  • Newbie
  • *
  • Posts: 11
Re: Security certificate
« Reply #17 on: June 17, 2013, 11:54:28 PM »
Avast customer service just replied to my ticket:

Quote
Hello,

Thank you for contacting AVAST Software company with your concerns.

First of all, uninstall the current version.
Uninstallation must be carried out from the application's menu bar - item "Uninstall avast!"
Uninstalling avast! Antivirus for Mac:
http://www.avast.com/en-gb/faq.php?article=AVKB67#artTitle


Then install avast! version 7.0.38501 onto your computer, please follow these steps:
http://www.avast.com/en-gb/faq.php?article=AVKB69#artTitle


I can confirm this has solved my problem as well. Thank you! :)

Offline fssbob

  • Newbie
  • *
  • Posts: 7
Re: Security certificate
« Reply #18 on: June 18, 2013, 07:19:47 AM »
An uninstall/reinstall resolved the problem for me as well.

Before the uninstall/reinstall, Thunderbird complained about an Avast-signed pop.gmail.com certificate that expired 6/7/2013. After the uninstall/reinstall, there isn't any pop.gmail.com certificate. I've seen a couple of references to Google consolidating certificates. So I'm guessing that Google got rid of its pop.gmail.com certificate, replacing it with mail.google.com. Somehow Avast wasn't able to handle this with respect to its "Avast-signed" version of pop.gmail.com. Does this sound correct?

Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
Re: Security certificate
« Reply #19 on: June 20, 2013, 03:16:56 PM »
So why is Avast! inserting itself as a blanket CA on my Mac but not my PC?

Because avast! for Mac is capable of HTTPS scanning, wheres the PC version is not. The avast! CA
must be there to enable that, more technical info here: http://public.avast.com/~tuma/techinfo/

Offline tumic

  • Moderator
  • Advanced Poster
  • *
  • Posts: 724
Re: Security certificate
« Reply #20 on: June 20, 2013, 06:34:56 PM »
There is a bug in re-signed certificate caching in the current version that causes the web/mail shield
sending expired SSL certificates to the clients. It will be fixed in the next program update. Till then, you
can "fix" the corresponding problems by re-installing avast!.

Offline Samhill

  • Newbie
  • *
  • Posts: 12
Re: Security certificate
« Reply #21 on: June 30, 2013, 11:53:48 AM »
Because avast! for Mac is capable of HTTPS scanning, wheres the PC version is not. The avast! CA
must be there to enable that, more technical info here: http://public.avast.com/~tuma/techinfo/
Ah, OK. Thanks.