I just raised a ticket on the avast! ticketing system on this:
#RTM-698-79670
imap.gmail certificate (avast! issued???) expired.
Details This issue has been discussed for over a week on the Avast! mac Forum, but there has been no action/resolution:
http://forum.avast.com/index.php?topic=126642.0For over a week now, when accessing my IMAP mail accounts at gmail (imap.gmail.com and imap.googlemail.com),
with avast! MailShield enabled, I get a nasty warning.
see attached
The security certificate that is shown apparently is issued by Avast! and has expired on 8/6/13 (I take that to be the 8h of June)
When I disable MailShield, I get no certificate issues, and in fact TB shows no certificate at all.
It seems that MailShield (since V7.0??) inserts itself 'seamlessly' into the IMAP connection stream, and presents its own certificate to the mail client, but that has expired and does not get renewed).
That this issue has persisted for over a week, with no solution from Avast, and in fact that Avast seems to insert a bogus(?) certificate for sites greatly shakes my confidence in Avast's security. How can I trust that there is no
man-in-the middle attack here?