ashServ.exe need internet access?

[Lisandro]

What port does the mail scanner monitor?

The default ones are 110 (pop3, inbound), 25 (stmp, outbound), 143 (imap).

[alanrf]

Port 25 (and port 110 for incoming).  Port 25 is the port that spambots use for sending outbound mail and they normally include their own SMTP component so it has nothing to do at all with whatever mail client you use (or whether you use a mail client at all).

[nmaynan]

The protection the mail scanner can give you is like this. If you get infected with an undetected spambot, it will send mail out on the port that the mail scanner monitors. The mail scanner icon will appear on the task bar. Now you will know that something is sending mail.

So I can pick up a spam bot in ways not related to using the email client things like Outlook?

To get this protection, just activate the Internet Mail module or do I need to activate the outlook module too?

You only have to look at the forums to find many occurrences of people whose computer is sending out spam.


So not only should you enable the Internet Mail provider you should set its sensitivity to High. As oldman said you don't need to enable outlook/exchange.

Should I set Standard shield, network shield, and web shield to HIGH also? I've been keeping them at Standard setting because i read somewhere that High can impact system performance or something of that nature.

[nmaynan]

What port does the mail scanner monitor?

The default ones are 110 (pop3, inbound), 25 (stmp, outbound), 143 (imap).

now wouldn't a firewall with Outbound protection alert me to if things are occurring on these ports? (I'm just trying to learn all I can about this stuff). Or does the Internet Mail module do something the firewall can't do for me?

[Lisandro]

now wouldn't a firewall with Outbound protection alert me to if things are occurring on these ports?

A good firewall well configurated with outbound monitoring (not Windows one).

[DavidR]

Leave the Standard Shield on Normal, that gives the best compromise between protection and performance. The sensitivity setting on the Network Shield has no effect (aesthetics so the providers have the same look) as it has only one task to do and no different level of scanning.

A firewall might alert you depending on what one you have, but the avast scan would be happening before it get to your firewall, providing another layer in your defence (avast scans in localhost proxy before sending any email, so if it is intercepting spam it isn't being sent).

[alanrf]

In your case - not using a mail client at all - the outbound notification/blocking offered by a firewall would be enough. 

However, less knowledgeable folks are often fooled by requests for outbound access by such process names as explorer.exe and svchost.exe which are the processes often compromised by spambots.  In these circumstances, when outbound permission has been granted at the firewall, the Internet Mail provider will still report the excessive mail sending performed by the spambot.       

[alanrf]

I should qualify my last post ...

The most common recent spambots we have seen here are those that have compromised the space of svchost.exe.  That Windows process does have valid cause for outbound access (though not to port 25).  So the outbound firewall would need to provide the discrimination of not just outbound access but outbound access by port to completely avoid the kind of successful infections we have seen.

[Lisandro]

In other words... Internet Mail provider could help and make things easier...

[nmaynan]

In your case - not using a mail client at all - the outbound notification/blocking offered by a firewall would be enough. 

However, less knowledgeable folks are often fooled by requests for outbound access by such process names as explorer.exe and svchost.exe which are the processes often compromised by spambots.  In these circumstances, when outbound permission has been granted at the firewall, the Internet Mail provider will still report the excessive mail sending performed by the spambot.       

Thank you so much guys 

Currently I have my firewall set to only allow svchost for UDP 53, 67, 123 Out. And UDP 68, 123 IN. I block Explorer entirely because I don't use Help and Support etc. So coupled with the fact that I do not use a mail client, it sounds like I have nothing to worry about. However, some extra protection prolly won't hurt. And I've learned so much from our discussion. I can help others who use mail clients iwith their Avast configurations.

[DavidR]

No problem.

A belated welcome to the forums.