Author Topic: IPv6 Socket with option IPV6_V6ONLY == false blocked by Email shield  (Read 932 times)

0 Members and 1 Guest are viewing this topic.

Offline emil.kalchev

  • Newbie
  • *
  • Posts: 2
Hello,

Many of our clients (some of them are using your business product) complain recently that Avast is blocking our mail application. Our investigation shows that Email shield combined with IPv6 network is preventing .net Socket to connect. On every client machine we see those entries in C:\ProgramData\AVAST Software\Avast\log\Mail.log

[2019-05-17 09:22:31.294] [info   ] [MailShield ] [14332:12000] IMAPs Connect to IPv6 address, dropping
[2019-05-17 09:22:31.794] [info   ] [MailShield ] [14332:12000] IMAPs Connect to IPv6 address, dropping
[2019-05-17 09:22:33.811] [info   ] [MailShield ] [14332:12000] IMAPs Connect to IPv6 address, dropping
[2019-05-17 09:22:34.312] [info   ] [MailShield ] [14332:12000] IMAPs Connect to IPv6 address, dropping
[2019-05-17 09:22:34.813] [info   ] [MailShield ] [14332:12000] IMAPs Connect to IPv6 address, dropping
[2019-05-17 09:22:36.816] [info   ] [MailShield ] [14332:12000] IMAPs Connect to IPv6 address, dropping
[2019-05-17 09:22:37.317] [info   ] [MailShield ] [14332:12000] IMAPs Connect to IPv6 address, dropping

Our investigation shows that Avast is blocking Sockets created with option IPV6_V6ONLY == false (https://docs.microsoft.com/en-us/windows/desktop/winsock/ipproto-ipv6-socket-options). This is the socket option that allows both for IPv4 and IPv6 communications

Here sample C# code that reproduce the issue (socket.DualMode = true is switching the socket option IPV6_V6ONLY = false)

                    var socket = new Socket(AddressFamily.InterNetworkV6, SocketType.Stream, ProtocolType.Tcp);
                    socket.DualMode = true;

                    // outlook.com imap server
                    socket.Connect("imap-mail.outlook.com", 993);

Here sample application in C# that reproduce the issue

https://drive.google.com/file/d/18MMBg3dTGZgtGanOaP5oc-x2xQkMLDp_/view?usp=sharing

Offline mickey.b

  • Business Senior Support Technician
  • Moderator
  • Full Member
  • *
  • Posts: 120
    • Avast Business Technical Support
Hello,

Many of our clients (some of them are using your business product) complain recently that Avast is blocking our mail application. Our investigation shows that Email shield combined with IPv6 network is preventing .net Socket to connect. On every client machine we see those entries in C:\ProgramData\AVAST Software\Avast\log\Mail.log

[2019-05-17 09:22:31.294] [info   ] [MailShield ] [14332:12000] IMAPs Connect to IPv6 address, dropping
[2019-05-17 09:22:31.794] [info   ] [MailShield ] [14332:12000] IMAPs Connect to IPv6 address, dropping
[2019-05-17 09:22:33.811] [info   ] [MailShield ] [14332:12000] IMAPs Connect to IPv6 address, dropping
[2019-05-17 09:22:34.312] [info   ] [MailShield ] [14332:12000] IMAPs Connect to IPv6 address, dropping
[2019-05-17 09:22:34.813] [info   ] [MailShield ] [14332:12000] IMAPs Connect to IPv6 address, dropping
[2019-05-17 09:22:36.816] [info   ] [MailShield ] [14332:12000] IMAPs Connect to IPv6 address, dropping
[2019-05-17 09:22:37.317] [info   ] [MailShield ] [14332:12000] IMAPs Connect to IPv6 address, dropping

Our investigation shows that Avast is blocking Sockets created with option IPV6_V6ONLY == false (https://docs.microsoft.com/en-us/windows/desktop/winsock/ipproto-ipv6-socket-options). This is the socket option that allows both for IPv4 and IPv6 communications

Here sample C# code that reproduce the issue (socket.DualMode = true is switching the socket option IPV6_V6ONLY = false)

                    var socket = new Socket(AddressFamily.InterNetworkV6, SocketType.Stream, ProtocolType.Tcp);
                    socket.DualMode = true;

                    // outlook.com imap server
                    socket.Connect("imap-mail.outlook.com", 993);

Here sample application in C# that reproduce the issue

https://drive.google.com/file/d/18MMBg3dTGZgtGanOaP5oc-x2xQkMLDp_/view?usp=sharing

What happens if you disable IPv6 and only use IPv4?
We may need for you to submit a case at https://www.avast.com/business-support-contact
- Mickey B.
Avast Business Senior Support Technician
https://www.avast.com/business/support

Offline emil.kalchev

  • Newbie
  • *
  • Posts: 2
I can't test that now. However I tested if IPv4 sockets work and they work fine. IPv4 over IPv6 (https://tools.ietf.org/html/rfc7040) is not working