Author Topic: eMail scanned if located in encrypted volume?  (Read 5222 times)

0 Members and 1 Guest are viewing this topic.

Offline Substanz

  • Newbie
  • *
  • Posts: 4
eMail scanned if located in encrypted volume?
« on: May 03, 2007, 09:43:37 AM »
Hello together,

a question for understanding. I use Thunderbird and have the mail folders located in a crypted Truecrypt volume.

1) Mails saved on disk are not scanable anymore because they are encrypted. Right?
2) Is it right, that avast scan incoming mails before writing to disk?
3) Opening a virulent attachment avast "rings the bell" anyway?

Thanks in advance,

Substanz

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: eMail scanned if located in encrypted volume?
« Reply #1 on: May 03, 2007, 10:25:30 AM »
1) Correct ... avast cannot scan encrypted files
2) Depends ... the Internet Mail provider (if running) scans email received on regular (port 110) POP email accounts  - this scanning takes place before the email is added to the Thunderbird email store.  avast cannot (without special steps by you) scan emails that are received on a secure email connection (like from GMail) or those emails received using certain WebMail to POP converters that access Hotmail/Yahoo emails into Thunderbird using functions like YPops, FreePops or the Thunderbird Webmail extensions. If either situation applies to you and you want further information on how to make it work let us know.
3) I believe that as you access attachments from the Thunderbird mail store and they are decoded from their attachment encoding by Thunderbird (absolutely nothing whatsoever to do with Truecrypt - this is email attachment "base64" decoding back into their regular file format) they will be scanned by avast.
« Last Edit: May 03, 2007, 10:31:43 AM by alanrf »

Offline Substanz

  • Newbie
  • *
  • Posts: 4
Re: eMail scanned if located in encrypted volume?
« Reply #2 on: May 03, 2007, 11:15:34 AM »
Hi alanrf,

thanks for answer!

To 2) PLEASE give me the further information. I use on each mail account the SSL (Port 995)/TLS option for security reason as well as WebMail for yahoo.com. How can I make they scanned by avast?

Thanks,
Substanz

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67273
Re: eMail scanned if located in encrypted volume?
« Reply #3 on: May 03, 2007, 07:19:16 PM »
I use on each mail account the SSL (Port 995)/TLS option for security reason as well as WebMail for yahoo.com. How can I make they scanned by avast?
Webmail is scanned as any other Internet page by WebShield.
Take a look here: http://forum.avast.com/index.php?topic=10428.0 to see how to set up secure email with avast!.
Advanced configuration: please refer to this post http://forum.avast.com/index.php?topic=8775.msg97026#msg97026

The best things in life are free.

Offline Substanz

  • Newbie
  • *
  • Posts: 4
Re: eMail scanned if located in encrypted volume?
« Reply #4 on: May 04, 2007, 08:55:56 AM »
Thanks Tech for the fast response!!

I've seen it was topic several times, so I read some threads. But I have further questions:

a) Is it the same "problem" with Outlook (Express)? Or is this provider more integrated than the internet mail provider, so the scans are behind the SSL encryption?
b) If I disable secure connection (port 995..) but enable secure logon (POP3) only, are the mails scanned by avast again?
c) What's about crypted mails (PGP, S/Mime) over a plain port 25 connection? Because they are encrypted within thunderbird, they are not scanned by avast. Right? And if, how does others solve this problem?

Thanks for be patient,
Substanz

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: eMail scanned if located in encrypted volume?
« Reply #5 on: May 04, 2007, 10:37:41 AM »
avast, in the Internet Mail provider, does not know what mail client you use to get your POP3 mail (and it does not care).  It scans mail that is received via a port 110 call or sent by a port 25 call for SMTP. (So, no difference between Outlook Express and Thunderbird).  Outlook works a bit differently.  avast has a plugin for Outlook.  Outlook passes each message to avast to be scanned after it has been received by Outlook so the connection, whether encrypted or not, is no longer an issue and before it is placed in the Outlook mail store.  This is a much nicer  and more effective solution than the other mail clients but there are no standards for this and this is just the interface that Outlook has.  (The Bat has a similar plugin).       

Typically almost all mail servers use different ports for secure mail connections (SSL & TLS) and avast does not scan those ports and you must not try to force avast to do so - it will not work - avast will generally prevent the connection being made.  Nobody (and no antivirus) can scan emails while they are being transported on a secure connection - that's the whole point of them being secured.  If you want to scan them then you have to move the secure connection management away from the mail client using a function like STunnel.

If the contents of an email are encrypted internally then avast can only scan the encrypted mail as is.  It does not know the encryption keys and so cannot decrypt it on the fly and scan it.  You would then rely on the scanning of the attachments as I explained to you in my first response.

Incidentally, I just tried my GMail account in Thunderbird using port 110 with and without secure authentication.  Neither way was successful in connecting to the GMail server for me.
« Last Edit: May 04, 2007, 10:39:22 AM by alanrf »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67273
Re: eMail scanned if located in encrypted volume?
« Reply #6 on: May 04, 2007, 10:56:32 PM »
How does others solve this problem?
I think Alanrf has answered your questions...
You need to use Stunnel to get your email scanned by avast with Outlook, Thunderbird or any other pop3/smtp email client.
The best things in life are free.

Offline Substanz

  • Newbie
  • *
  • Posts: 4
Re: eMail scanned if located in encrypted volume?
« Reply #7 on: May 04, 2007, 11:06:12 PM »
Hi Tech,
I thought STunnel is only for non encrypted mails which are coming trough a encrypted line / port (995). Then STunnel decrypt then before they reach avast and the the mail client. But if the mails are encrypted itself with a separated program like PGP or a S/Mime certificate but coming on standard port 25, then STunnel doesn't have an effect I think.
And here I thought about a solution, but it's not a matter of avast. So thank you all for answers!

Substanz

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67273
Re: eMail scanned if located in encrypted volume?
« Reply #8 on: May 04, 2007, 11:43:39 PM »
But if the mails are encrypted itself with a separated program like PGP or a S/Mime certificate but coming on standard port 25, then STunnel doesn't have an effect I think.
Yes... you're right. But avast can scan encrypted mail, can't it? Although it won't be able to 'see' the contents, it will be able to scan the email... maybe I'm wrong. Hope that someone that understand better these things come to help us.
The best things in life are free.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Re: eMail scanned if located in encrypted volume?
« Reply #9 on: May 04, 2007, 11:52:48 PM »
If the contents inside an email are encrypted using a private key mechanism then it doe not matter whether the mail is delivered on a secure or non-secure channel - avast can only scan the mail as it stands encrypted avast cannot scan the real mail contents. 

Secure channels are most often used to ensure that non-encrypted emails are secure from being viewed between server and client. 

Encrypting the email contents inside the email would be used when you you also wanted it to remain more secure even inside the message store on your computer or in the stores of any servers it goes through to get to you.   

« Last Edit: May 04, 2007, 11:56:52 PM by alanrf »