Author Topic: Commentary: avast! email scans and SSL connections  (Read 11567 times)

0 Members and 1 Guest are viewing this topic.

Starfighter

  • Guest
Commentary: avast! email scans and SSL connections
« on: May 08, 2005, 06:25:08 AM »
In Canada, a large national ISP operated by Bell Canada, named "Sympatico" is currently in the process of changing user email accounts to the SSL protocol.  My understanding is that neither avast! nor Nortons etc.., are able to scan SSL based emails.

Ever so conveniently, Sympatico now offers to their users a new server based anti-virus checking service, but for a monthly fee of course!   What a business model!  Cut-out the competition by rendering their software incapable of scanning emails and then monopolize and profit by offering your own email anti-virus service.  Cost to consumer=less choice, higher price.   Cost to competing anti-virus companies=lost sales and shrinking market.  Cost to Sympatico? ha ha, laughing all the way to the bank.  Bottom line: scary.

I hope this trend doesn't continue...

Well, that's my rant for the day!

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Commentary: avast! email scans and SSL connections
« Reply #1 on: May 08, 2005, 09:44:07 AM »
Although Internet Mail cannot scan SSL connections you can use MS Outlook\Exchange provider and MS Outlook mail client (the one from office package).
This one CAN check SSL connections since file handling in MS Outlook is different than in normal email clients.

Second option is to leave protection to Standard Shield. It should keep you safe (except for extra Internet mail features like heuristics which are not available for Standard Shield)
Visit my webpage Angry Sheep Blog

DaveD

  • Guest
Re: Commentary: avast! email scans and SSL connections
« Reply #2 on: May 08, 2005, 01:43:27 PM »
Starfighter,

I have been using Sympatico for several years now.  You can scan SSL and TLS using avast! if you use Stunnel and OpenSSL.  I have been using that combination for a few months now and it works great.

http://www.stunnel.org/
http://www.openssl.org/

Let me know if you need instructions on how to set it up to work with Sympatico.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Commentary: avast! email scans and SSL connections
« Reply #3 on: May 08, 2005, 01:50:59 PM »
Do a forum search for Stunnel and Gmail, there have been a number of threads on the topic of SSL email and Gmail and how to get round the fact that avast (with Internet Mail provided) can't scan SSL email.

You can adjust your settings so avast scans outbound email before Stunnel encrypts and sends it, this is a very simplified explanation.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Starfighter

  • Guest
Re: Commentary: avast! email scans and SSL connections
« Reply #4 on: May 08, 2005, 08:27:56 PM »
Hi,

Thanks for the replies.  I since took a look at the Stunnel and OpenSSL webpages.  Unfortunately it's way over my head as what file versions to download and how to set them  up 

I use both Windows XP and Win 98 (desktop and laptop).  I'm using the latest version of Outlook Express. 

I doubt many casual users of Sympatico would know how to set it up to work with Stunnel, OpenSSL and avast etc.

I'd really appreciate some tips as what to do.  Thanks!   :)
« Last Edit: May 08, 2005, 08:31:46 PM by Starfighter »

sded

  • Guest
Re: Commentary: avast! email scans and SSL connections
« Reply #5 on: May 08, 2005, 08:52:35 PM »
I don't use Sympatico, but here is how to set up avast! secure email scanning wih XP, assuming you use port 995 for secure pop3 and port 25 for secure smtp.  Let us know is your setup is different, or if you use IMAP. 

To set up secure email with avast!, you need to do 3 things:

1) In your email client, use
localhost:11110 for your pop server
localhost:11025 for your smtp server
Do not check "use secure"

2) In avast! email provider add
11110 to the pop3 ports to redirect
11025 to the smtp ports to redirect

3) With a text editor, create Stunnel.conf (or cut/paste/edit below)
Stunnel.conf, the configuration file, looks like this for secure email:


client=yes
# POP3 service, listens on localhost:11110
[xxxxx-pop3s]
accept=localhost:11110
connect=pop.xxxxx.com:995

# SMTP service, listens on localhost:11025
[xxxxx-smtps]
protocol=smtp
accept=localhost:11025
connect=smtp.xxxxx.com:25

Replace the xxxxx connect lines with the names and ports of your ISP secure pop3 and smtp servers.

You need to download and install OpenSSL from http://www.openssl.org/related/binaries.html and Stunnel from http://www.stunnel.org/download/binaries.html and install them.  Stunnel can either be installed as a windows service or added to your startup group.  Put stunnel.conf in the same folder as stunnel.

I am not running W98, but you should be able to follow the instructions in the avast! help file for manual setting of email protection to edit the avast4.ini file to get things directed to Stunnel.  Something like poplisten=127.0.0.1:11109 and similar for the email client pop3 server setting, and defaultpopserver=127.0.0.1:11110; smtplisten=127.0.0.1:10024 , similar for email client smtp server setting, defaultsmtp server=127.0.0.1:11025 should work with the same stunnel.conf .  Maybe someone who actually runs W98 will chime in.

There are a large number of users of secure email with avast! who can help here in the forum if you have problems/questions.  Give it a try!
« Last Edit: May 08, 2005, 09:15:43 PM by sded »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Commentary: avast! email scans and SSL connections
« Reply #6 on: May 08, 2005, 08:53:35 PM »
Starfighter, I can't help you with Windows 98 (maybe it's the same with Windows XP).
You must download the last version (stable, there is no need for beta versions) of OpenSSL and install it). It won't ask you more questions (not even the subdirectory for installation).
Then download Stunnel, open a new folder and put it there. In the webpage there is the instructions for installing it as a service and running it.
You will have to edit the stunnel.conf file afterwards to set it for Sympatico. Specially you will need to know the SSL ports for Sympatico. Saving the stunnel.conf file and restarting your computer you should have Stunnel running correctly.
Then is the battle for setting you email program.
I did it for GMail, take me some time and need help from other avast! users. Now it's working for Pop and Smtp email  ;)
Wow, Sded is here helping you. He's the master  8)
The best things in life are free.

Starfighter

  • Guest
Re: Commentary: avast! email scans and SSL connections
« Reply #7 on: May 12, 2005, 04:29:55 AM »
Thanks gang for the wonderful help!  I got it to work with XP now, no problem.

However, I can't get it (Stunnel & openssl) to work with Windows 98, as avast! doesn't allow for redirects with 98 (redirects are a greyed out option in avast for Win98).

So....in terms of my Win 98 laptop--Question--without avast! actively scanning my incoming emails, will I still be afforded some level of protection if I actually try to open an infected email attachment (with the avast standard shield activated).  For example, if I try to open up an email attachment such as a Word processing file-- would it protect me against that?  What about Zip files.... will it protect against that too?  If so, then I guess I don't need to be too concened that avast! isn't scanning my inbound emails.... so long as it scans the actual files when I try to run them...  Any help/clarification would be greatly appreciated!   ;D

« Last Edit: May 12, 2005, 04:32:48 AM by Starfighter »

DaveD

  • Guest
Re: Commentary: avast! email scans and SSL connections
« Reply #8 on: May 12, 2005, 01:38:06 PM »
Starfighter,

One thing that I would like to point out to you is that Sympatico scans all incoming and outgoing e-mail at the server level for free anyways.  I have been a Sympatico customer for about 2.5 years and I have never even received an e-mail virus.

You can test it out at the following page:  http://www.webmail.us/testvirus

It uses the EICAR test virus.  You will still receive the e-mails, but in the e-mail it has a message that the attachment was removed.  If I remember correctly, I believe Sympatico uses one of the Symantec Corporate versions (it says it in the e-mail).  And they are more likely faster to update their signatures for the threat of new viruses.

So you need not worry so much.  You could probably just stick to the resident protection.

DaveD

  • Guest
Re: Commentary: avast! email scans and SSL connections
« Reply #9 on: May 12, 2005, 01:47:19 PM »
I just tested it again out of curiosity to see which antivirus Sympatico is using now on the gateway level.  The message received in the e-mail is:

This message has been processed by the Brightmail(tm) Anti-Virus Solution using
Symantec's Norton AntiVirus Technology.

eicar.com was infected with the malicious virus EICAR Test String and has been deleted because the file cannot be cleaned.


In the past, I had tried many times to send myself real viruses in the e-mail by disabled any real-time protection, sending the files, then re-enabling the real-time protection before receiving the e-mail back again.  None of those real test viruses ever came back.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Commentary: avast! email scans and SSL connections
« Reply #10 on: May 12, 2005, 01:54:29 PM »
However, I can't get it (Stunnel & openssl) to work with Windows 98, as avast! doesn't allow for redirects with 98 (redirects are a greyed out option in avast for Win98).
Well, are you sure?
If you write the name of the user something like this:
pop3 server= smtp server = 127.0.0.1
username = mail.server.coml#user#portnumber
smtp authentication enabled and the username there = mail.server.coml#user#portnumber
Will it work?

Question--without avast! actively scanning my incoming emails, will I still be afforded some level of protection if I actually try to open an infected email attachment (with the avast standard shield activated).  For example, if I try to open up an email attachment such as a Word processing file-- would it protect me against that?  What about Zip files.... will it protect against that too?  If so, then I guess I don't need to be too concened that avast! isn't scanning my inbound emails.... so long as it scans the actual files when I try to run them...  Any help/clarification would be greatly appreciated!   ;D
Email protection is a very speciall one... I won't give up so quickly and be happy without it  ::)
If you set to scan all open/created/modified file in Standard Shield, you will scan the files (attachments).
The best things in life are free.

Starfighter

  • Guest
Re: Commentary: avast! email scans and SSL connections
« Reply #11 on: May 12, 2005, 10:08:38 PM »
Technical: Bingo--that did it, thanks!  ;D

DaveD: Thanks for the tip!  I hadn't known Sympatico did that! :-)

It's all working now on my end. 
« Last Edit: May 12, 2005, 10:10:59 PM by Starfighter »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Commentary: avast! email scans and SSL connections
« Reply #12 on: May 12, 2005, 10:18:48 PM »
Technical: Bingo--that did it, thanks!  ;D
Well, I'm surprised too  ;D
It was just a guess  :o

Can you post the final username syntax that you use?  ;)
The best things in life are free.

Offline lukor

  • Administrator
  • Super Poster
  • ***
  • Posts: 1884
    • AVAST Software
Re: Commentary: avast! email scans and SSL connections
« Reply #13 on: May 15, 2005, 11:28:19 AM »
I just tested it again out of curiosity to see which antivirus Sympatico is using now on the gateway level.  The message received in the e-mail is:

This message has been processed by the Brightmail(tm) Anti-Virus Solution using
Symantec's Norton AntiVirus Technology.

eicar.com was infected with the malicious virus EICAR Test String and has been deleted because the file cannot be cleaned.


In the past, I had tried many times to send myself real viruses in the e-mail by disabled any real-time protection, sending the files, then re-enabling the real-time protection before receiving the e-mail back again.  None of those real test viruses ever came back.

Send your self a virus (eicar) compressed with 7-zip, (http://www.7-zip.org). This format can be opened by new versions of WinRAR (for example). We have already seen a viruses that require users to decompress them manually and yet spread rather smoothly. I guess this would not be stopped by their server antivirus.

DaveD

  • Guest
Re: Commentary: avast! email scans and SSL connections
« Reply #14 on: May 15, 2005, 01:24:08 PM »
Send your self a virus (eicar) compressed with 7-zip, (http://www.7-zip.org). This format can be opened by new versions of WinRAR (for example). We have already seen a viruses that require users to decompress them manually and yet spread rather smoothly. I guess this would not be stopped by their server antivirus.

lukor,

I did exactly as you suggested.  I compressed the eicar file in a .7z archive and sure enough it did pass right through Sympatico's server-side virus scanner.  And sure enough, avast! Internet Mail module picked it up.  That definitely made me re-think a few things, so I apprecaite the information.

Thanks,
Dave