Security certificate

[sejtam]

Avast customer service just replied to my ticket:

Hello,

Thank you for contacting AVAST Software company with your concerns.

First of all, uninstall the current version.
Uninstallation must be carried out from the application's menu bar - item "Uninstall avast!"
Uninstalling avast! Antivirus for Mac:
http://www.avast.com/en-gb/faq.php?article=AVKB67#artTitle


Then install avast! version 7.0.38501 onto your computer, please follow these steps:
http://www.avast.com/en-gb/faq.php?article=AVKB69#artTitle

It seems to have helped. have not checked the certificates as yet though.

Makes you wonder whether Avast's certs are only generated during an install
and need a full removal/reinstall to be regenerated (as the version they told me to install is the one i already had)

Still no good answer on why they inject this bogus(?) cert into the IMAPS stream (and why it only seems to have problems for Gmail/googlemail)

[specimen9999]

Still no good answer on why they inject this bogus(?) cert into the IMAPS stream (and why it only seems to have problems for Gmail/googlemail)

The answer is simple, that's how the AV is able to scan encrypted connections (IMAPS), Avast acts as the mail client (a proxy) making the connection to the email server, decrypts, scans, encrypts with its cert that it installed on the computer and hands it to the mail client, it's a sort of a hack, if you may, but it's the best way they came up to be able to scan encrypted connections for viruses (the previous way was MUCH worse, trust me).

The process of uninstalling and reinstalling generates a new cert that Avast installs in your computer (it's unique).

[doom_laur]

Avast customer service just replied to my ticket:

Hello,

Thank you for contacting AVAST Software company with your concerns.

First of all, uninstall the current version.
Uninstallation must be carried out from the application's menu bar - item "Uninstall avast!"
Uninstalling avast! Antivirus for Mac:
http://www.avast.com/en-gb/faq.php?article=AVKB67#artTitle


Then install avast! version 7.0.38501 onto your computer, please follow these steps:
http://www.avast.com/en-gb/faq.php?article=AVKB69#artTitle

I can confirm this has solved my problem as well. Thank you!

[fssbob]

An uninstall/reinstall resolved the problem for me as well.

Before the uninstall/reinstall, Thunderbird complained about an Avast-signed pop.gmail.com certificate that expired 6/7/2013. After the uninstall/reinstall, there isn't any pop.gmail.com certificate. I've seen a couple of references to Google consolidating certificates. So I'm guessing that Google got rid of its pop.gmail.com certificate, replacing it with mail.google.com. Somehow Avast wasn't able to handle this with respect to its "Avast-signed" version of pop.gmail.com. Does this sound correct?

[tumic]

So why is Avast! inserting itself as a blanket CA on my Mac but not my PC?

Because avast! for Mac is capable of HTTPS scanning, wheres the PC version is not. The avast! CA
must be there to enable that, more technical info here: http://public.avast.com/~tuma/techinfo/

[tumic]

There is a bug in re-signed certificate caching in the current version that causes the web/mail shield
sending expired SSL certificates to the clients. It will be fixed in the next program update. Till then, you
can "fix" the corresponding problems by re-installing avast!.

[Samhill]

Because avast! for Mac is capable of HTTPS scanning, wheres the PC version is not. The avast! CA
must be there to enable that, more technical info here: http://public.avast.com/~tuma/techinfo/

Ah, OK. Thanks.