avast! e-Mail Scanner Service try to connect

[dpaehl]

'avast! e-Mail Scanner Service' from your computer wants to connect to DSL01.83.171.144.88.NEFkom.net [83.171.144.88], port 143

Why?

Not my provider or an e-mail account

[DavidR]

What is your firewall?

Any program attempting to use the email ports 25, 110, 143 and 119 will be scanned by the localhost proxy of the 'avast! e-Mail Scanner Service' ashMaiSv.exe. However, this isn't the initiating program, something on your system is trying to connect using the IMAP port.

Does your firewall not show in the logs what program this is?

Are you getting any timeout errors?
Are you using Azureus?

[alanrf]

Are you using azureus or any other peer-to-peer client?

Ooops ... David beat me to the question.

[dpaehl]

I use Kerio 2.15 only the IP for my mail accounts are free POP3.

no peer-to-peer client?

I have found the problem. Always i start tor then comes the firewall with this IP.

More test:
I deny this access and no problem. But this comes after the last avast upate (HOME).

[Lisandro]

Always i start tor then comes the firewall with this IP.

Which program is asking for connection? I mean, executable file.
Did you run other antispyware scannings?

[dpaehl]

Always i start tor then comes the firewall with this IP.

Which program is asking for connection? I mean, executable file.
Did you run other antispyware scannings?

d:\programme\alwil software\avast4\ashmaisv.exe

Not always, only from time to time

No other spy or virus software installed

And always the same:

'avast! e-Mail Scanner Service' from your computer wants to connect to DSL01.83.171.162.174.NEFkom.net [83.171.162.174],

Used Mail Thunderbird Version 1.5 (20051201)

[Lisandro]

No other spy or virus software installed

It won't hurt, on contrary, if you install any of them and run an antispyware scanning.

And always the same:

'avast! e-Mail Scanner Service' from your computer wants to connect to DSL01.83.171.162.174.NEFkom.net [83.171.162.174],

Unfortunatelly, I cannot imagine what's going on. Maybe someone from Alwil could help here. Vojtech?

[alanrf]

Tor  is a kind of peer-to-peer function that provides for anonymizing of network access by routing transactions through a network of "servers" that donate bandwidth for that purpose. 

A short scan shows that there are recommendations to those donating bandwidth that useful ports they can define for accessing the servers include (preferably 443) but also 143 and 110.  I assume because these ports are "well known" and not frequently blocked and the folks acting as servers probably do not run mail servers at the same time. 

As David mentioned, by default, avast! intercepts calls to servers on ports 25, 110 and 143 (SMTP, POP3, IMAP).  Avast! assumes that any such calls are intended for mail purposes. 

It certainly has nothing to do with any update to avast!

The best solution will probably be to exclude the Tor process in the [MailScanner] section of the avast4.ini file.