Author Topic: firewall  (Read 5056 times)

0 Members and 1 Guest are viewing this topic.

centsi

  • Guest
firewall
« on: November 19, 2003, 08:17:30 AM »
my firewall program has picked up avast email scanner trying to create an incoming connection with 211.206.189.140 on tcp:3346. Can you tell me why it is doing this?

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11811
    • AVAST Software
Re:firewall
« Reply #1 on: November 19, 2003, 09:26:03 AM »
I may be missing something... but how could the email scanner create an incoming connection? Isn't it more likely that somebody from outside is trying to connect to your SMTP port (i.e. checking whether you have a SMTP open)?

centsi

  • Guest
Re:firewall
« Reply #2 on: November 19, 2003, 11:13:58 PM »
I just this second, have noted in outpost that ashmaisv.exe is listening on smtp, pop3 and imap. is this how virus checkers check incoming email?

Surely the remote port should be smtp, pop3 and imap, not the local port? Is avast running as a mail server virus checker as well as a mail client virus checker? If this is so, can I disable this functionality (I suppose it can be no real threat, but why cause more ports to be open, if they are not needed, as security issues seem to spring up like wild flowers)

I admit I don't really no much about such things, and I am not cmplaining, as avast is a great and free product.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11811
    • AVAST Software
Re:firewall
« Reply #3 on: November 20, 2003, 12:08:52 AM »
The Internet Mail provider (ashmaisv.exe) works as a proxy for common e-mail clients (unlike the Outlook/Exchange provider, which works as an Outlook plugin - the full MS Outlook (not Express) offers such possibility).
So, avast listens on the usual POP/SMTP/IMAP ports; the e-mail client is redirected to the local computer - i.e. it connects to avast; avast then connects to the real server and passes the requests on. So, avast "sits" between the e-mail client and the server. To do it, it has to listen on the ports that the e-mail program is connecting to.
However, on these ports, avast accepts connection from the local computer only - it would never accept a connection from another computer, so it shouldn't cause any security problems.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re:firewall
« Reply #4 on: November 20, 2003, 01:53:25 AM »
In other words, centsi, do not allow applications be connected from the Internet (server rights) but only allow them to connect the Internet (access rights).
The best things in life are free.

techie101

  • Guest
Re:firewall
« Reply #5 on: November 20, 2003, 06:16:21 AM »
Technical,

Very sound advice indeed!!!

techie