Mailscan without function

[Lisandro]

The real 'mail scanner' itself (MailShield) will not scan THE BAT!. Hmmm .....

Sure... this is the reason for existing a specific plugin 

[alanrf]

I just downloaded TheBat v 2.12.04 installed it with all the default options and set up my main pop3 account (provided by my ISP).  I did not install the plugin. 

I then downloaded all the mail sitting out on the server using TheBat.  When I checked the source of the messages every one had the X-Antivirus headers inserted by avast and the Internet Mail scanner showed the subject line of the last message downloaded by TheBat. 

So, if you find yourself in the situation again of trying to use TheBat without the plugin then I would strongly recommend the Log=20 option I proposed earlier and let us see what is going on between avast and TheBat in your system.

[Its Me]

Hello

Thx for this information. This will descripe the working method like I'll see it and like I've understand it.

Looks like the problem is the installation of AVAST on this specific WINXP.

Ok ... lets have a try to log THE BAT! and AVAST.

The plugin method will scan and function. But this is NOT really something I'll find a good solution. There is a lot what AVAST MailShield will do and the plugin will not.

[Its Me]

@Tech

SPAM killer? Nothing except the one of THE BAT!: BAYES IT

The virus protection plugin of AVAST doesn't need an internet connection.

[Its Me]

The log of an email fetch.

05/03/06 12:32:55 000000A8:   Started as service, Log = 20
05/03/06 12:32:55 000000A8:   Build 4.7.827
05/03/06 12:32:55 000000A8:   Windows XP Workstation (Service Pack 2)
05/03/06 12:32:55 000000A8:   Using WinSock 2.0
05/03/06 12:32:55 000000A8:   PID = 2028
05/03/06 12:32:57 000000A8:   AutoRedirect settings changed 1
05/03/06 12:32:57 000000A8:   IgnoreAddress set
05/03/06 12:32:57 000000A8:   IgnoreProcess set
05/03/06 12:32:57 000000A8:   IgnoreProcess set avast.setup,winroute.exe,ccEvtMgr.exe,ccPxySvc.exe,ccProxy.exe,ccApp.exe,ccPwdSvc.exe,ccSetMgr.exe,ccLgView.exe,
SMPROXY.EXE,isafe.exe,TMPROXY.EXE,EMULE.EXE,WEBPROXY.EXE,NAVAPW32.EXE,SYMPROXYSVC.EXE,NETMONSV.
EXE,CRAXY.EXE,CZDCPlusPlus.exe,ABC.EXE,mpftray.exe,bitcomet.exe,V3P3AT.EXE,ypager.exe
05/03/06 12:32:57 000000A8:   IgnoreProcess set avgemc.exe
05/03/06 12:32:57 000000A8:   IgnoreLocalhost settings changed 1
05/03/06 12:32:57 000000A8:   POP Start settings changed: 1
05/03/06 12:32:57 000000A8:   POP Listen settings changed: 127.0.0.1 12110
05/03/06 12:32:57 000000A8:   POP Listening daemon starting
05/03/06 12:32:57 000000A8:   POP Listen handler: 0x000002E4
05/03/06 12:32:57 000000A8:   POP RedirectPort: 110
05/03/06 12:32:57 000000A8:   Redirect set 110->127.0.0.1:12110
05/03/06 12:32:57 000000A8:   IgnoreLocalAddresses set 110
05/03/06 12:32:57 000000A8:   POP Listening daemon started
05/03/06 12:32:57 000000A8:   SMTP Start settings changed: 1
05/03/06 12:32:57 000000A8:   SMTP Listen settings changed: 127.0.0.1 12025
05/03/06 12:32:57 000000A8:   SMTP Listening daemon starting
05/03/06 12:32:57 000000A8:   SMTP Listen handler: 0x000002EC
05/03/06 12:32:57 000000A8:   SMTP RedirectPort: 25
05/03/06 12:32:57 000000A8:   Redirect set 25->127.0.0.1:12025
05/03/06 12:32:57 000000A8:   IgnoreLocalAddresses set 25
05/03/06 12:32:57 000000A8:   SMTP Listening daemon started
05/03/06 12:32:57 000000A8:   IMAP Start settings changed: 1
05/03/06 12:32:57 000000A8:   IMAP Listen settings changed: 127.0.0.1 12143
05/03/06 12:32:57 000000A8:   IMAP Listening daemon starting
05/03/06 12:32:57 000000A8:   IMAP Listen handler: 0x00000314
05/03/06 12:32:57 000000A8:   IMAP RedirectPort: 143
05/03/06 12:32:57 000000A8:   Redirect set 143->127.0.0.1:12143
05/03/06 12:32:57 000000A8:   IgnoreLocalAddresses set 143
05/03/06 12:32:57 000000A8:   IMAP Listening daemon started
05/03/06 12:32:57 000000A8:   NNTP Start settings changed: 1
05/03/06 12:32:57 000000A8:   NNTP Listen settings changed: 127.0.0.1 12119
05/03/06 12:32:57 000000A8:   NNTP Listening daemon starting
05/03/06 12:32:57 000000A8:   NNTP Listen handler: 0x0000032C
05/03/06 12:32:57 000000A8:   NNTP RedirectPort: 119
05/03/06 12:32:57 000000A8:   Redirect set 119->127.0.0.1:12119
05/03/06 12:32:57 000000A8:   IgnoreLocalAddresses set 119
05/03/06 12:32:57 000000A8:   NNTP Listening daemon started
05/03/06 12:32:57 000000A8:   Ignored PIDs: 2028 188
05/03/06 12:32:57 000000A8:   Ignored Addresses: 192.168.0.10:119 127.0.0.1:119 192.168.0.10:143 127.0.0.1:143
192.168.0.10:25 127.0.0.1:25 192.168.0.10:110 127.0.0.1:110 72.3.135.203:80 193.243.128.78:80
193.243.128.76:80 62.132.1.234:80 198.200.173.74:80 198.200.173.139:80 127.0.0.1:80
05/03/06 12:32:57 000000A8:   Ignored Processes: avgemc.exe forx.exe FXMadeEasy.exe aoltpspd.exe waol.exe ypager.exe V3P3AT.EXE bitcomet.exe mpftray.exe ABC.EXE CZDCPlusPlus.ex CRAXY.EXE NETMONSV.EXE SYMPROXYSVC.EXE NAVAPW32.EXE WEBPROXY.EXE EMULE.EXE TMPROXY.EXE isafe.exe SMPROXY.EXE ccLgView.exe ccSetMgr.exe ccPwdSvc.exe ccApp.exe ccProxy.exe ccPxySvc.exe ccEvtMgr.exe winroute.exe avast.setup

[Its Me]

Hello

So I've found the problem. It's AVASTs installation. It will install the plugins for THE BAT! but will not activate the plugin. When starting THE BAT! it starts AVASTs plugin module AvBatPlg.tbp. And this will be the problem.

Without the activated plugin module AvBatEx.bav the plugin will not work. But AVAST MailShield will NOT work too! So delete the plugin modules or rename them and all will work fine.

Installation routine should be checked for this joke.

[alanrf]

Its Me said:

Installation routine should be checked for this joke.

I cannot find the joke.

Trying to follow the logic of your post these are the steps I took.

1) I uninstalled avast from my system.

2) I downloaded TheBat v 2.12.04 installed it with all the default options and set up my main pop3 account (provided by my ISP).  I did not install the plugin.

3) I installed the current version of avast.

4) I then downloaded all the mail sitting out on the server using TheBat.  When I checked the source of the messages every one had the X-Antivirus headers inserted by avast and the Internet Mail scanner showed the subject line of the last message downloaded by TheBat.

I will post my log for comparison after this message (and to comply with post size limitations)

I regret that I have to conclude that there is some other function in your system that is interfering with the ability of avast to incercept the POP3 calls to port 110.

We have seen such software provided by ISPs as "firewall/parental control" and also as "improved network performance". 

Can you think of any software that you are running that could be wanting to scan your email?

[alanrf]

Here is the log (parts truncated to fit posting limit):

05/03/06 20:32:54 00000E94:   Started as service, Log = 20
05/03/06 20:32:54 00000E94:   Build 4.7.827
05/03/06 20:32:54 00000E94:   Windows XP Workstation (Service Pack 2)
05/03/06 20:32:54 00000E94:   Using WinSock 2.0
05/03/06 20:32:54 00000E94:   PID = 3720
05/03/06 20:32:54 00000E94:   AutoRedirect settings changed 1
05/03/06 20:32:54 00000E94:   IgnoreAddress set
05/03/06 20:32:54 00000E94:   IgnoreProcess set
05/03/06 20:32:54 00000E94:   IgnoreProcess set avast.setup,winroute.exe,ccEvtMgr.exe,ccPxySvc.exe,ccProxy.exe,ccApp.exe,ccPwdSvc.exe,ccSetMgr.exe,ccLgView.exe,SMPROXY.EXE,isafe.exe,TMPROXY.EXE,EMULE.EXE,WEBPROXY.EXE,NAVAPW32.EXE,SYMPROXYSVC.EXE,NETMONSV.EXE,CRAXY.EXE,CZDCPlusPlus.exe,ABC.EXE,mpftray.exe,bitcomet.exe,V3P3AT.EXE,ypager.exe
05/03/06 20:32:54 00000E94:   IgnoreProcess set avgemc.exe
05/03/06 20:32:54 00000E94:   IgnoreLocalhost settings changed 1
05/03/06 20:32:54 00000E94:   POP Start settings changed: 1
05/03/06 20:32:54 00000E94:   POP Listen settings changed: 127.0.0.1 12110
05/03/06 20:32:54 00000E94:   POP Listening daemon starting
05/03/06 20:32:54 00000E94:   POP Listen handler: 0x00000EB0
05/03/06 20:32:54 00000E94:   POP RedirectPort: 110
05/03/06 20:32:54 00000E94:   Redirect set 110->127.0.0.1:12110
05/03/06 20:32:54 00000E94:   IgnoreLocalAddresses set 110
05/03/06 20:32:54 00000E94:   POP Listening daemon started
05/03/06 20:32:54 00000E94:   Ignored PIDs: 3720 2956
05/03/06 20:32:54 00000E94:   Ignored Addresses: 192.168.1.101:119 127.0.0.1:119 192.168.1.101:143 127.0.0.1:143 192.168.1.101:25 127.0.0.1:25 192.168.1.101:110 127.0.0.1:110 72.3.135.203:80 193.243.128.78:80 193.243.128.76:80 62.132.1.234:80 198.200.173.74:80 198.200.173.139:80 127.0.0.1:80
05/03/06 20:32:54 00000E94:   Ignored Processes: avgemc.exe forx.exe FXMadeEasy.exe aoltpspd.exe waol.exe ypager.exe V3P3AT.EXE bitcomet.exe mpftray.exe ABC.EXE CZDCPlusPlus.ex CRAXY.EXE NETMONSV.EXE SYMPROXYSVC.EXE NAVAPW32.EXE WEBPROXY.EXE EMULE.EXE TMPROXY.EXE isafe.exe SMPROXY.EXE ccLgView.exe ccSetMgr.exe ccPwdSvc.exe ccApp.exe ccProxy.exe ccPxySvc.exe ccEvtMgr.exe winroute.exe avast.setup
05/03/06 20:35:32 00000EB0:   POP accept connection from: 127.0.0.1
05/03/06 20:35:32 00000EB0:   Connection handler: 00000F38 (380)
05/03/06 20:35:32 00000F38:   Ignored PIDs: 3720 2956
05/03/06 20:35:32 00000F38:   Ignored Addresses: 192.168.1.101:119 127.0.0.1:119 192.168.1.101:143 127.0.0.1:143 192.168.1.101:25 127.0.0.1:25 192.168.1.101:110 127.0.0.1:110 72.3.135.203:80 193.243.128.78:80 193.243.128.76:80 62.132.1.234:80 198.200.173.74:80 198.200.173.139:80 127.0.0.1:80
05/03/06 20:35:32 00000F38:   Ignored Processes: avgemc.exe forx.exe FXMadeEasy.exe aoltpspd.exe waol.exe ypager.exe V3P3AT.EXE bitcomet.exe mpftray.exe ABC.EXE CZDCPlusPlus.ex CRAXY.EXE NETMONSV.EXE SYMPROXYSVC.EXE NAVAPW32.EXE WEBPROXY.EXE EMULE.EXE TMPROXY.EXE isafe.exe SMPROXY.EXE ccLgView.exe ccSetMgr.exe ccPwdSvc.exe ccApp.exe ccProxy.exe ccPxySvc.exe ccEvtMgr.exe winroute.exe avast.setup
05/03/06 20:35:32 00000F38:   --POP command REDIRECT 204.127.202.10:110 3784
05/03/06 20:35:32 00000F38:   PATH: \Device\HarddiskVolume2\Program Files\The Bat!\thebat.exe
05/03/06 20:35:32 00000F38:   Connected to POP server 204.127.202.10 110 (388)
05/03/06 20:35:33 00000F38:   received 51 (388)
05/03/06 20:35:33 00000F38:   <-POP +OK (sccrpxc11) Maillennium POP3/PROXY server #75
05/03/06 20:35:33 00000F38:   sent 51 (380)
05/03/06 20:35:33 00000F38:   received 14 (380)
05/03/06 20:35:33 00000F38:   ->POP USER ...
05/03/06 20:35:33 00000F38:   sent 14 (388)
05/03/06 20:35:33 00000F38:   received 5 (388)
05/03/06 20:35:33 00000F38:   <-POP +OK
05/03/06 20:35:33 00000F38:   sent 5 (380)
05/03/06 20:35:33 00000F38:   received 15 (380)
05/03/06 20:35:33 00000F38:   ->POP PASS ...
05/03/06 20:35:33 00000F38:   sent 15 (388)
05/03/06 20:35:33 00000F38:   received 11 (388)
05/03/06 20:35:33 00000F38:   <-POP +OK ready
05/03/06 20:35:33 00000F38:   sent 11 (380)
05/03/06 20:35:33 00000F38:   received 6 (380)
05/03/06 20:35:33 00000F38:   ->POP STAT
05/03/06 20:35:33 00000F38:   sent 6 (388)
05/03/06 20:35:33 00000F38:   received 14 (388)
05/03/06 20:35:33 00000F38:   <-POP +OK 5 118258
05/03/06 20:35:33 00000F38:   sent 14 (380)
05/03/06 20:35:33 00000F38:   received 6 (380)
05/03/06 20:35:33 00000F38:   ->POP LIST
05/03/06 20:35:33 00000F38:   sent 6 (388)
05/03/06 20:35:33 00000F38:   received 72 (388)
05/03/06 20:35:33 00000F38:   <-POP +OK 5 messages (118258)
1 1426
2 28840
3 31207
4 31148
5 25637
.
05/03/06 20:35:33 00000F38:   sent 72 (380)
05/03/06 20:35:33 00000F38:   received 6 (380)
05/03/06 20:35:33 00000F38:   ->POP UIDL
05/03/06 20:35:33 00000F38:   sent 6 (388)
05/03/06 20:35:33 00000F38:   received 213 (388)
05/03/06 20:35:33 00000F38:   <-POP +OK 5 messages (118258)
1   20060502143323s1600a9frme00062n
2   20060502191942s2300k664ae00062o
3   20060503035137r230084eqie00062p
4   20060503185830r1100qc9vpe00062q
5   20060504020226s16009qla0e00062r
.
05/03/06 20:35:33 00000F38:   sent 213 (380)
05/03/06 20:35:33 00000F38:   received 8 (380)
05/03/06 20:35:33 00000F38:   ->POP RETR 1
05/03/06 20:35:33 00000F38:   sent 8 (388)
05/03/06 20:35:33 00000F38:   --POP Getting file
05/03/06 20:35:33 00000F38:   received 1434 (388)
05/03/06 20:35:33 00000F38:   sent 5 (380)
05/03/06 20:35:33 00000F38:   --POP File got
05/03/06 20:35:33 00000F38:   --POP Timeout handler: 0x00000F40
05/03/06 20:35:33 00000F38:   ProcessFile C:\WINDOWS\TEMP\_avast4_\unp180535227.tmp
05/03/06 20:35:33 00000F38:   ProcessFile Incoming email 'D*' From: Michael Axxxxxxx <yyyyyyyyy@hotmail.com>, To: Andy Pzzzzz <xxxxxxxxxx@hotmail.com>,
05/03/06 20:35:33 00000F38:   ProcessFile exit 1
05/03/06 20:35:33 00000F40:   --POP Finishing timeout handler
05/03/06 20:35:33 00000F38:   --POP Mail is clean
05/03/06 20:35:33 00000F38:   --POP Modified message to send: C:\WINDOWS\TEMP\_avast4_\unp180535227.tmp
05/03/06 20:35:33 00000F38:   sent 1519 (380)
05/03/06 20:35:33 00000F38:   --POP AavmReleaseScanResult
05/03/06 20:35:33 00000F38:   --POP Delete Files
05/03/06 20:35:33 00000F38:   received 8 (380)
05/03/06 20:35:33 00000F38:   ->POP RETR 2
                              <-- Stuff deleted -->
05/03/06 20:35:34 00000F38:   ->POP RETR 3
                              <-- Stuff deleted -->
05/03/06 20:35:35 00000F38:   ->POP RETR 4
                              <-- Stuff deleted -->
05/03/06 20:35:35 00000F38:   ->POP RETR 5
05/03/06 20:35:35 00000F38:   sent 8 (388)
05/03/06 20:35:35 00000F38:   --POP Getting file
05/03/06 20:35:35 00000F38:   received 7300 (388)
05/03/06 20:35:35 00000F38:   sent 5 (380)
05/03/06 20:35:35 00000F38:   received 8186 (388)
05/03/06 20:35:35 00000F38:   received 8186 (388)
05/03/06 20:35:35 00000F38:   received 1973 (388)
05/03/06 20:35:35 00000F38:   --POP File got
05/03/06 20:35:35 00000F38:   --POP Timeout handler: 0x00000F54
05/03/06 20:35:35 00000F38:   ProcessFile C:\WINDOWS\TEMP\_avast4_\unp189709649.tmp
05/03/06 20:35:35 00000F38:   ProcessFile Incoming email 'Make your special moms smile this =?iso-8859-1?b?TW90aGVyknMg?=Day' From: "Comcast Online Communications" <Online.Communications@comcast.net>, To: <zzzzzzz@comcast.net>
05/03/06 20:35:35 00000F38:   ProcessFile exit 1
05/03/06 20:35:35 00000F54:   --POP Finishing timeout handler
05/03/06 20:35:35 00000F38:   --POP Mail is clean
05/03/06 20:35:35 00000F38:   --POP Modified message to send: C:\WINDOWS\TEMP\_avast4_\unp189709649.tmp
05/03/06 20:35:35 00000F38:   sent 25730 (380)
05/03/06 20:35:35 00000F38:   --POP AavmReleaseScanResult
05/03/06 20:35:35 00000F38:   --POP Delete Files
05/03/06 20:35:35 00000F38:   received 6 (380)
05/03/06 20:35:35 00000F38:   ->POP QUIT
05/03/06 20:35:35 00000F38:   sent 6 (388)
05/03/06 20:35:35 00000F38:   received 17 (388)
05/03/06 20:35:35 00000F38:   <-POP +OK comcast.net
05/03/06 20:35:35 00000F38:   sent 17 (380)
05/03/06 20:35:35 00000F38:   received 0 (380)
05/03/06 20:35:35 00000F38:   --POP Finishing connection handler

[Its Me]

@alanrf

Hello

Sorry, but it is a joke ... in two ways.

1. When installing AVAST (in custom mode I've installed it), it will install the plugin modules by default (mark set!) if it will find an installation of THE BAT!. This it not really a problem but
a) the plugin isn't neccessary at all (except you will have virus protection for THE BAT! without the MailShield running).
b) the plugin isn't activated in THE BAT!, so the plugin will not function at this time AND MailShield will NOT function too!

2. When deleting the plugin from within THE BAT! only the module of the plugin in THE BAT! is removed / deactivated. But NOT the second module which AVAST has installed. So the plugin will NOT work AND the MailShield will NOT work too.

And sorry ... this is a real joke ... or better it's a REAL bug!

And yes, your post of the log will AVAST show after I cleaned installation (renamed the plugins).