Avast 4.7 and SSL

[2007i]

my OE6 accounts (smtp/pop3) run over a SSL on port 995 and 465

setting the ports accordingly in the 'Internet Mail' scanner - makes OE6 unable to fetch any mail. only the default ports seem to work?

ideas?

st.

[joeloucyn]

avast's  "Internet Mail" scanner does not work with SSL , you have to use it in combination with STUNNEl. With most SSL servers your mail is already scanned by an antivirus program before it is delivered to you so you probably do not need to use avast's "Internet Mail" scanner. Take a look here for information using Stunnel http://forum.avast.com/index.php?topic=8775.msg97026#msg97026, note that Stunnel comes as an installer now which incudes OpenSSL so you now have to only download Stunnel , install and configure it. You can download Stunnel here: http://www.stunnel.org/download/stunnel/win32/stunnel-4.20-installer.exe

[2007i]

thank you, I was just reading some SSL related stuff here and see it's not supported.

Yes, my ISP is doing a mail scan on his side - I just disable the Avast mail scanner as I don't want to muck around with other software to get it going.

[joeloucyn]

If you use Outlook instead of Outlook Express, the "Outlook/Exchange" scanner installs a plug-in in Outlook which scans SSL, unfortunately you can't use it with Outlook Express.
So, yes, you  might find it easier to just use your ISP's AV scan.

[alanrf]

You do not need to "muck about" or disable the mail scanner ... you just need to remove the ports 995 and 465 you added in the first place.

[joeloucyn]

I just disable the Avast mail scanner as I don't want to muck around with other software to get it going.

But, that is what he said! He does not want to use other software (Stunnel)

[alanrf]

The poster said that it was now necessary to stop the Internet Mail scanner to get mail.  I was pointing out that the poster had been the cause of making the Internet Mail scanner not function and should remove the problem.

[joeloucyn]

And that he did! Post closed.

[alanrf]

Oh, I missed where it was said that the erroneous port settings were removed.  Please point it out to me. 

[2007i]

If you use Outlook instead of Outlook Express, the "Outlook/Exchange" scanner installs a plug-in in Outlook which scans SSL, unfortunately you can't use it with Outlook Express.
So, yes, you  might find it easier to just use your ISP's AV scan.

Thx, but I don't have Outlook since I have no MS Office installed. I am an OpenOffice user. The last MS Office I used was Office 97 Pro years ago.

[alanrf]

Lest anyone thinks that the Outlook plugin really does scan SSL what actually happens is that the SSL session is terminated in Outlook, Outlook then passes the message source to avast for scanning via a program interface; there is no communication session (SSL or otherwise) involved at this time.  The same is true also for the plugin that works with The Bat mail client. 

Given the increasing use of secured connections for emails I hope that the avast team might give some thought to incorporating a facility into avast that provides the equivalence of STunnel function in the Internet Mail scanner (ie secure end point management and smooth delivery of the message source to avast for scanning).   

[Lisandro]

I don't want to muck around with other software to get it going.

Without Stunnel you won't be able to manage. With it, no problem.
Since SSL/TLS e-mail is encrypted and decrypted in the client, external virus scanners (including avast!) can't read or scan it.
The solution is to pass e-mail in and out un-encrypted from your client (Outlook Express, Thunderbird, ...) to a proxy program (Stunnel) that does the actual ssl or tls encryption/decryption of the pop3/smtp e-mail and communicates directly with the ISP server on the appropriate ports.