Author Topic: Email over SSL  (Read 6708 times)

0 Members and 1 Guest are viewing this topic.

diablo

  • Guest
Email over SSL
« on: November 05, 2005, 01:46:30 PM »
I am using Avast v4.6 Home edition, and I use Thunderbird to get my email.
I currently fetching my email using POP3 over SSL on server port 995.

Avast does not scan my incoming emails - presumably because it's not monitoring port 995 and because of the SSL encryption. I have been getting virus attachments regularly - about one every two days. These viruses are than all saved in my inbox, until I manually check whether it's a virus, by trying to save the attachment to disk.

Is there any way I can get round this, except by fetching all email by standard POP3 on port 110?

Diablo.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Email over SSL
« Reply #1 on: November 05, 2005, 02:00:06 PM »
Is there any way I can get round this, except by fetching all email by standard POP3 on port 110?
Take a look here: http://forum.avast.com/index.php?topic=10428.0 to see how to set up secure email with avast!.

Since SSL/TLS e-mail is encrypted and decrypted in the client, external virus scanners (including avast!) can't read or scan it.
The solution is to pass e-mail in and out un-encrypted from your client (Outlook Express, Thunderbird, ...) to a proxy program (Stunnel) that does the actual ssl or tls encryption/decryption of the pop3/smtp e-mail and communicates directly with the ISP server on the appropriate ports. Another drivers (OpenSSL) are need as a library of encryption/decryption routines.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86498
  • No support PMs thanks
Re: Email over SSL
« Reply #2 on: November 05, 2005, 05:43:58 PM »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

diablo

  • Guest
Re: Email over SSL
« Reply #3 on: November 06, 2005, 01:36:45 PM »
Thanks for replies.
I am going to try using the Stunnel SSL proxy to access email. I am already using other proxies - I am using 'hotmail popper' to get msn webmail from Thunderbird, and an SSH tunnel proxy that I use for web access etc., using SOCKS5.

I have installed the Windows XP modification so that I can use more than one loopback IP address.

I guess I will have to experiment with loopback addresses and port numbers.

Diablo.

joeloucyn

  • Guest
Re: Email over SSL
« Reply #4 on: November 07, 2005, 02:40:26 AM »
I thought that I throw a note in here!
Stunnel now comes as an installer which installs Open SSL and Stunnel so now you just have to download the installer version from here http://www.stunnel.org/download/binaries.html
At the moment it is stunnel-4.14-installer.exe so you do not need to to go to the Open SSL website just create your stunnel.config and you are ready to use Stunnel!  ;)
« Last Edit: November 07, 2005, 02:43:55 AM by joeloucyn »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86498
  • No support PMs thanks
Re: Email over SSL
« Reply #5 on: November 07, 2005, 03:35:13 PM »
Thanks for that, this will certainly make the process easier and less daunting for those in their first experience with SSL scanning.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Arup

  • Guest
Re: Email over SSL
« Reply #6 on: November 08, 2005, 02:46:44 AM »
I maybe be mistaken but I have heard the latest AVG 7 does SSL mail scanning setup through system loopback process.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86498
  • No support PMs thanks
Re: Email over SSL
« Reply #7 on: November 08, 2005, 04:11:24 PM »
I can't see how it can do this in a localhost loopback as this is effectively what avast does to scan emails. I don't know where you heard it but it would be nice to see exactly what it says.

Unless there is a plug-in like the avast plug-in for MS Outlook which allows avast to scan encrypted email (SSL) because it is inside MS Outlook and the encryption process.

So if it is outside the encryption process a huge amount of processing effort would be required to decrypt the email in order to be able to scan it. This would cause timeout warnings occasionally seen when sending large attachments and they aren't encrypted when avast is scanning them.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

NormandieFrance

  • Guest
Re: Email over SSL
« Reply #8 on: November 08, 2005, 05:08:05 PM »
I can't see how it can do this in a localhost loopback as this is effectively what avast does to scan emails. I don't know where you heard it but it would be nice to see exactly what it says.

Unless there is a plug-in like the avast plug-in for MS Outlook which allows avast to scan encrypted email (SSL) because it is inside MS Outlook and the encryption process.

So if it is outside the encryption process a huge amount of processing effort would be required to decrypt the email in order to be able to scan it. This would cause timeout warnings occasionally seen when sending large attachments and they aren't encrypted when avast is scanning them.

This is where I saw it and according to AVG it works. I tested it and the emails come in "certified". I am not a tech so I cannot say that it works, but it appears to. Here is their link that show the set up:

http://forum.grisoft.cz/freeforum/read.php?3,25035,backpage=,sv=

Have a good day,
NormandieFrance

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Email over SSL
« Reply #9 on: November 08, 2005, 06:07:08 PM »
I'll be very nice if avast! develop this feature too. A lot of users have to make the SLL/Stunnel by-pass to scan SSL mail  :-\
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86498
  • No support PMs thanks
Re: Email over SSL
« Reply #10 on: November 08, 2005, 07:37:08 PM »
Well that looks like it is setting up something similar to what had/has to happen before with avast email scanning (and with non-NT OSes now), with the exception that you are able to set-up email account details within the AVG email scanning settings.

This would appear to give the same result of having a plug-in inside the email prog. Although there are things I don't understand, like how you shouldn't tick the "This server requires a secure connection (SSL)." If this simply doesn't login securely or if it doesn't encrypt the email?

But if it works and is that simple (relatively) to set-up great. Whether it is that simple in reality for the programming side, I don't know, perhaps avast should develop a plug-in strategy for OE?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

joeloucyn

  • Guest
Re: Email over SSL
« Reply #11 on: November 09, 2005, 04:42:25 AM »
I think if you read further into AVG specs you will notice that they integrated Stunnel and Open SSL into their Mail proxy!
I hope if avast does this that SMTP is excluded as Stunnel has well-known problems with large attachments when used in SMTP although the problem does not show up in POP3.