Author Topic: Web Shield - HTTP traffic in Thunderbird  (Read 9998 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85640
  • No support PMs thanks
Re: Web Shield - HTTP traffic in Thunderbird
« Reply #15 on: April 13, 2006, 12:07:47 AM »
Just make a copy of the ini file and paste it to a different folder before you edit the file, it is only a text file. Just use your favourite text editor, notepad or wordpad will be fine, just don't use a word processor like word, etc.

Before you edit it terminate the Internet Mail provider, make the changes and save the avast4.ini file, enable the Internet Mail provider and that should be it.

Making an option in the GUI would likely be cumbersome, why stop at thunderbird and OE but all other email programs that could have the same functionality. The avast4.ini provided for many customisations that would otherwise make the GUI cumbersome and with reasonable care there is no problem in editing it.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: Web Shield - HTTP traffic in Thunderbird
« Reply #16 on: April 13, 2006, 08:42:35 AM »
David,

I have to agree with you about the GUI issue.

Why should every user of avast have to fix this gaping hole in the product personally via a GUI facility?   

While Lukas has offered us the paliative "the messages are scanned on download" I have to wonder what these words are really worth. 

Agreed the attachments are scanned.  So far so good.  Agreed the message content is scanned.

But ... if the html says "go to this website and download a file that is a trojan".  What does avast do about it ...

NOTHING
ZERO
NO PROTECTION


Come on team - tell me where I am missing the protection this product affords!


DaveD

  • Guest
Re: Web Shield - HTTP traffic in Thunderbird
« Reply #17 on: April 13, 2006, 01:28:29 PM »
Big hole, simple fix for Alwil Team. It shouldn't take them more then 60 seconds to fix this issue.

All we can do is wait and see if it gets fixed for the 4.7 release.

Sure, RejZor's program allows a quick fix for this problem... but it should be enabled by default because it has the potential to allow malicious data in without being scanned, when it would be so simple for the program to do so.

I get about 3 e-mails each week that are HTML-based and I trust them. However, what if HTML-based phishing e-mails come around that 'look' trustworthy to most? Users wouldn't even need to click on anything to visit the malicious site because the malicious site would've already visited them, you know.

Anyways, I do appreciate the avast! antivirus program and I trust that Alwil with do the right thing with this.

Cheers,
Dave

Offline lukor

  • Avast team
  • Super Poster
  • *
  • Posts: 1885
    • AVAST Software
Re: Web Shield - HTTP traffic in Thunderbird
« Reply #18 on: April 13, 2006, 04:54:05 PM »
But ... if the html says "go to this website and download a file that is a trojan".  What does avast do about it ...

NOTHING
ZERO
NO PROTECTION


Come on team - tell me where I am missing the protection this product affords!

Alanrf, what about standard shield? This is the protection avast! provides. Well, not only that, we have implemented a WebShield to further reinforce the protection for one type of applications - Web Browsers. Now, when you take it as granted, you might also want to use the same type of double protection for other applications as well - well, you have the option, don't you?

Just edit the avast4.ini or setup your mail client to use WebShield as it's proxy.

WebShield can be configured to monitor all access to port 80 regardless of an application, and you know that and you know how to do it.

And I have already explained here why we have chosen not to configure WebShield to behave like that on default. It may bring all sort of compatibility problems, especially when applications use HTTP protocol in not very standard way.

Like probably the mail client might be using HTTP to download mails from a webmail. Aborting a connection in this situation would cause what? Would it terminate just the current mail or whole download process? Would the mail client retry the download? What about the mails that have been already downloaded? Would they be downloaded again? Hmm, I can image several thousand users complaining about the fact that old mails are redownloaded every time until they delete their infected mail via webmail interface. Hmm.

Perhaps these problems can be solved, of course. My estimate is that it would probably take a little more time than 60 secs. But until they are solved at least to a certain degree I would not recommend to enable such potentionally problematic feature for all. I don't have a problem with allowing it for more advanced users. That's what we do.

But of course, this might be changed. This change can be done by a VPS update. However if there are some mails containing links to thunderbird exploits, I think the mail itself should be considered as a virus - so it should be caught by the Mail providers itself...

Lukas


Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re: Web Shield - HTTP traffic in Thunderbird
« Reply #19 on: April 13, 2006, 07:36:52 PM »
***

Somehow, I am missing the problem. Most of my email is html enriched. When I open each email & downloading begins, the "a" is constantly spinning until downloading is completed. I am sure it is Web Shield checking all that is downloaded. And, as lukor points out, what about the protection Standard Shiled provides?

« Last Edit: April 13, 2006, 07:38:33 PM by CharleyO »
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

DaveD

  • Guest
Re: Web Shield - HTTP traffic in Thunderbird
« Reply #20 on: April 13, 2006, 07:59:20 PM »
Somehow, I am missing the problem. Most of my email is html enriched. When I open each email & downloading begins, the "a" is constantly spinning until downloading is completed. I am sure it is Web Shield checking all that is downloaded. And, as lukor points out, what about the protection Standard Shiled provides?

The "a" is constantly spinning because the Standard Shield is scanning the content in that particular case.

Web Shield does scan the HTML within the e-mail itself, but does not scan the contents that the HTML pulls from the Internet which is typically just images. However, those images would be scanned by the Standard Shield anyways.

So I suppose that, after all, the Standard Shield would catch any virus that were to come in this way. Only exception being a compressed archive, but that would be scanned upon opening/executing whatever is in it anyways.

Thanks everyone!

Offline treker96

  • Jr. Member
  • **
  • Posts: 21
Re: Web Shield - HTTP traffic in Thunderbird
« Reply #21 on: April 14, 2006, 12:20:20 AM »
how do i post screenshots?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85640
  • No support PMs thanks
Re: Web Shield - HTTP traffic in Thunderbird
« Reply #22 on: April 14, 2006, 01:33:34 AM »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.691) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: Web Shield - HTTP traffic in Thunderbird
« Reply #23 on: April 14, 2006, 06:19:34 AM »
Quotes from the last post of DaveD in response to CharleyO:

Quote
The "a" is constantly spinning because the Standard Shield is scanning the content in that particular case.

Web Shield does scan the HTML within the e-mail itself, but does not scan the contents that the HTML pulls from the Internet which is typically just images.

Sorry - both comments are just plain wrong.

The "a" is mainly spinning because the Internet Mail scanner is scanning your mail as it is being downloaded, message body and attachments. The Standard Shield is only scanning the email executables and the existing mail files as they are being read (in a default avast setting).
 
Webshield plays no part whatsoever in scanning email - as it is being downloaded (because that is POP3 and not http) and, unfortunately,  as it is being displayed by your mail client or to use the technical term rendered.  I say rendered because for most of us these days much of our email comes in the form of html email.  This email is not just displayed (as old fashioned plain text would be) but the image on the screen is created by obeying (or rendering) the html commands that make up the email.  Effectively these emails are displayed by a browser engine (if you use a Microsoft mail client then it uses the same code as Internet Explorer; if you use Thunderbird then it uses the same code as Firefox).  As these html commands are executed they use browser functions to go out to the Internet to retrieve pieces of the email that are then executed on your system to produce the display you see.

The issue that is being discussed here (CharleyO are you on board now?) is that because this code is not being executed under the "process name" of a list of browsers that is included in the VPS file of avast, but instead are being executed under the process name of your email client then avast does not scan these files as they are downloaded.

For DaveD - there is a lot more than just images in the files downloaded.

I am happy to accept the assurance of Lukas that the execution of these files will be intercepted by the Standard Shield though I would appreciate formal confirmation that all files so executed are scanned by the Standard Shield prior to any involvement in execution.   

By the way, I should add (as I have mentioned above in the thread but just to reinforce it): 

If you happen to use an email account that can be displayed in your browser (such as Yahoo, Hotmail, Gmail etc) then, simply because you are displaying that email in the browser then avast will perform a scan of every element of the email as it is being retreived which it will not do for the same email displayed by your mail client. 

I suppose the moral of this story is - if you want a higher level of security from avast then if you can read your email in your browser, not in your email client.

If you use a mail client then the Internet Mail Scanner is still pretty good for checking attachments.   
« Last Edit: April 14, 2006, 08:51:23 AM by alanrf »

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: Web Shield - HTTP traffic in Thunderbird
« Reply #24 on: April 14, 2006, 10:28:47 AM »
Lukas,

my sincere thanks for responding again in this thread.  Though I try your patience I appreciate it very much.

My responses in this forum are not based upon my own needs.  I merely suggest that I know how to use the excellent features built into avast and available to experienced users to configure avast to my needs. 

I am trying to put myself in the place of and represent the needs of the average home user of avast.  Since I support a number of such users who are using avast on my recommendation I hope you will understand that I consider this my duty.  It is not my wish to be contentious but, as an avast supporter, I want your product to be the best it can be.  If my opinions have to suggest you are not being the best ... then so be it.

So Lukas ... on to my response:

What about the Standard Shield? 

Are you professionally content to stand behind the Standard Shield?  I'm sorry while I understand it is the foundation of avast - you have introduced so much more since I first encountered your product.  I do have to wonder though if you have not developed cold feet and whether certain moves mean that you are planning to exit recent forays such as mail scanning.

Quote
we have implemented a WebShield to further reinforce the protection for one type of applications - Web Browsers

What is a Web Browser?  It seems that you now wish to define this as a specific group of applications that are recorded in the VPS file - again - I am sorry to note - after developing cold feet about your ability to scan http accesses in a more general fashion when you first introduced this feature.  I cannot know the feedback your support teams experienced (though I ask you to believe me I have been there  in all the ungodly hours of the morning) but I still believe that this would be better based on exclusion of anomalies rather than inclusion of acceptances.  I know that the latter is much easier to explain to your management (and heavens! do I know what explaining to corporate management means).

You know and I know that what we are talking about is not the scanning of email during download.  Readers of this thread may think we are - but that is an irrelevance.  What we are really talking about is the rendering (displaying) of email which is a completley separate issue (in a mail client) from downloading the mail.  I have covered this in my previous post in this thread and I will not bore everyone with it again. 

I do accept that it not too easy for avast to understand the difference between an email client using http to download (in certain restricted instances) mail from the mail store and the incredibly frequent use of http by email clients in displaying html based email messages.  What is does mean though is that you have avoided the mail download issues of the few mail clients and ignored the issues of retrieving http files that is an essential part of displaying the content of a huge proportion of today's email.   

There are not too many mail clients that use http to download mail from a Webmail mailstore to a client. 

I have to confess at this point that I believe that you have thrown a certain amount of FUD (for those reading the thread and not knowing the acronym - Fear Uncertanity and Doubt) across the path here.   

There are (to the best of my knowledge) two types of http access to Webmail:

1) WebDav access to appropriately enabled Hotmail clients.  This is supported in an IMAP fashion by Outlook Express and Outlook (2001 and later editions).  As far as I can tell (and you should have tested it far better than I can) the avast WebShield has no negative affect on either of these products.

There are other third party solutions that provide WebDav to POP3 conversions.  These include HotPop (a paid solution) and the Thunderbird Webmail extensions. My testing with avast, so far, indicates no problems with either of these offerings.
Somewhere in this area falls IncrediMail and so,while here, I will admit there may be many other mail clients in this field that I have not tested (there's a get-out if ever you needed one).

2) There are also a number of programs that provide access to WebMail mail stores through http by what are know as screen-scraper solutions.

I have tested avast fequently with MrPostman and with FreePops (well known free offerings in this area) with no ill effect.  (In the unlikely case you care to check - you will find a sticky under my id in the AVG email forum advising users how to scan WebMail using these products). 

In short Lukas, I am merely suggesting that the problems you raise are not that large.  I am very familiar with (and have worked with developers to reduce) the instances of re-download of mail (see my id in the FreePops and Mr Postman forums). I think - just think - that if the majority of users had to choose between downloading unscanned malware to their systems over a re-download of email then they would agree with me ....

you bet your a$$ what I would choose!!!

I simply want what is best for the majority of avast users who could not give a d*mn about the details of this post and ... honestly ... why should they?  They rely on you guys to make the best decisions for this product.  The defaults must be the best for the majority.  I'm sure that is your view too.  Some of us sometimes do not agree with the view coming from avast central and I hope you will accept our input.

Sincerely,

Alan


   

 

 




« Last Edit: April 14, 2006, 10:45:22 AM by alanrf »

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re: Web Shield - HTTP traffic in Thunderbird
« Reply #25 on: April 14, 2006, 09:16:29 PM »
***

Ok, alanf ... I'm on board now.    :)


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

DaveD

  • Guest
Re: Web Shield - HTTP traffic in Thunderbird
« Reply #26 on: April 20, 2006, 12:21:25 AM »
As of the 4.7 release (or possibly through recent VPS update) the HTTP scanning of HTML-based e-mail in Thunderbird is now being scanned. This is very nice to see.

Thanks Alwil Team!