Author Topic: avast E-MAIL scanner sevice needs internet access and/or server rights...  (Read 3609 times)

0 Members and 1 Guest are viewing this topic.

sweepsnregs

  • Guest
...in Zone Alarm FREE edition???...how do i set avast in ZA? (I use ONLY webmails accessed thru a web browser! don't (know how) to use Outlook (which I guess is now called Windows Mail under my Vista Home Premium system) or Thunderbird or the likes)
« Last Edit: March 31, 2008, 09:11:53 PM by sweepsnregs »

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
If you do not use an email client on your system at all and the avast Internet Mail scanner is asking for outbound permission then you have something on your system which is trying to send email.

That would indicate you could have an email spam generator infection (a spambot). 

So, are you sure that you do not use any program that you would expect to be sending email?   

sweepsnregs

  • Guest
it seems to me with ZA, programs randomly/unexplainably popup asking for internet access (is this outbound??? using your language???) (only a few program ask to act as a server, most ask for internet access...please note language i'm using so please try to reply using same so I newbie don't get confused...thanks)

and if by email client, you mean Outlook and Thunderbird, no I don't know/never used them in anyway

Like I said ZA's randomness behaviors (it would seem to me, example, a lot of Windows System 32 thingies ask for ZA internet access AND the timing when they popup asking for permission have no clear connections to actions/activities I'm doing on my laptop) I don't think there's really no cause for concern whether there's an infection (my surfing speed is not slowed down)...

...but if i understand your message: avast e-mail scanner service is for Outlook and Thunderbird users and since I use Yahoo and Hotmail...I can block all 4 categories (ACCESS & SERVER; INTERNET & trusted) for avast e-mail module under ZA??!!!!

Hope i'm making sense as much as possible and please try to use same words i used

Thanks!!

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
The point of a having a firewall is to think about those programs that:

Quote
programs randomly/unexplainably popup
.

So you have to have some understanding of what you are allowing when you respond to those requests because if you just say yes then you will end up just as badly off as not having a firewall at all.  No point in worrying about your surfing speed if something is sending all your passwords and bank account details out.

To answer your specific question.

If you have a email spambot infection and you use ZA to block all access for for ashMaiSv.exe - the Internet Mail provider - then it will stop the spambot sending out its emails - which is itself a good thing but it will not stop the infection using resources in your system.   

There is a possibility that when update avast to the just released 4.8 version its new rootkit detection may show you some information if you do have a spambot infection.   

sweepsnregs

  • Guest
i don't do anything financial or personal info are involved

and yes i'm using avast 4.8.1169 Home w/ 080331-0 virus definition

is Outlook called Windows Mail in Vista Home Premium??? HOW do I UNinstall it? (and should I?)
« Last Edit: March 31, 2008, 11:18:36 PM by sweepsnregs »

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Windows Mail in Vista was a dead end update to Outlook Express created purely for Vista.

Microsoft has now moved on and the new product Windows Live Mail (currently available) is the upgrade path from Outlook Express and Vista Windows Mail.

Probably best to just leave Windows Mail alone in Vista, it is doing no harm and if you have not set up any accounts in it will not be trying to contact the network.

Microsoft Outlook is a separate product with much more functionality and, though it can be purchased standalone, it is normally part of the Microsoft Office suite.  If you do not use Outlook then you do not need to run the Outlook plugin in the list of providers for avast.   
« Last Edit: March 31, 2008, 11:48:41 PM by alanrf »

sweepsnregs

  • Guest
DAM it took me this long but I remember now EXACTLY why avast E-MAIL scanner service ashMaiSv.exe asked for INTERNET access IN ZONEALARM FREE Edition: it was just right after I UPdated to the LATEST avast AND REbooted...

...so it would seems I'm safe and not infected ?? ?? ?? !!!...

...now knowing that AND considering I don't use Outlook Express and Windows Mail, block all 4 with RED X's in ZA ?? ?? ??................(BUT if I should later change my mind and use Outlook, then give avast E-MAIL INTERNET access ?? ?? ??!! BUT NOT SERVER rights?? ??)

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
After a program update ZA should ask you to reconfirm the permissions for the updated programs.

BUT ... ZA will only ask when those programs try to go out to the internet (ie try to connnect to something outside) or when they want to sit there waiting for something to come in from outside (ie act as a server).

The Internet Mail provider of avast does not act as a server.  It is only activated when something in your system tries to go out to pull in email or to send email.  In your case it is almost certainly an infection in your system trying to send out spam.

Preventing access to the Internet Mail provider (which acts on behalf of a mail client - if you want to use one) means that you will stop the infection from sending the spam.  It will also mean that you cannot use the Internet Mail provider to scan mail accounts if you decide you do want to use Outlook Express or Thunderbird.

If you do allow the Internet Mail provider to connect to the Internet in ZoneAlarm then you will be allowing all that spam to be sent as well. 

If you wish we can help you to set up some logging in avast that will tell us what is trying to send out the mail.  Then at least you will have the beginnings of a handle on where the problem is. 

« Last Edit: April 01, 2008, 07:11:38 AM by alanrf »

sweepsnregs

  • Guest
If you wish we can help you to set up some logging in avast that will tell us what is trying to send out the mail.  Then at least you will have the beginnings of a handle on where the problem is. 



i think i do want to set this up so how do i go about doing this (i just hope it's not too technical--for me)

and u said if there are spambots on my laptop, then it should be caught by what's called the new anti-rookit thingy.........?? ?? ?? in the new avast Home version i'm using?? ??

so how do i go about setting up this spambot logging?? ?? ??

BUT B4 we do (what I deem) what might quite not be necessary or too tech for me, I thought I should clarify a few points:
1) EVERYTIME, I update avast (and reboot like it asks), it always ask for INTERNET ACCESS (NOTE: NOT SERVER rights--as I've always stated all this time...perhaps u missed that point?? ??)
2) and when it asks for ACCESS, it's as a CHANGED (understandably) PROGRAM (NOTE: NOT as a 'NEW PROGRAM')
3) and I think worth repeating: asks for ACCESS, NOT SERVER rights (but I AM JUST GOING AHEAD AND ASKING how should avast E-MAIL scanner service FOUR settings in ZA FREE be, that's all)

P.S. on a tangent here, how do i turn off ability where others can send me emails in this forum, to the LEFT, BELOW 'I'm a llama!' ?? ??
« Last Edit: April 01, 2008, 10:24:24 AM by sweepsnregs »

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
Quote
P.S. on a tangent here, how do i turn off ability where others can send me emails in this forum, to the LEFT, BELOW 'I'm a llama!' ?? ??

You will need to go to your profile again and this time select the Personal Message Options (at the end of the menu on the left).

To stop all personal messages in the forum you need to put an "*" (without the quotes) in the IgnoreList box.  Then click on "Change Profile".

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
To turn on the logging will require that you can navigate to the avast programs folder and then use a text editor (like Notepad) to insert a line in the avast4.ini file.  If you feel comfortable with that I can set up the instructions.

Let me know if you wish to proceed.

 



 
 
« Last Edit: April 01, 2008, 12:57:59 PM by alanrf »

Offline Giraffe

  • Sr. Member
  • ****
  • Posts: 241
  • I'm not a Lama!
<snip>
The Internet Mail provider of avast does not act as a server.  It is only activated when something in your system tries to go out to pull in email or to send email.  In your case it is almost certainly an infection in your system trying to send out spam.

Preventing access to the Internet Mail provider (which acts on behalf of a mail client - if you want to use one) means that you will stop the infection from sending the spam.  It will also mean that you cannot use the Internet Mail provider to scan mail accounts if you decide you do want to use Outlook Express or Thunderbird.

If you do allow the Internet Mail provider to connect to the Internet in ZoneAlarm then you will be allowing all that spam to be sent as well. 

OK, similar with Comodo 2.4: ashMaiSv.exe has permission both ways, TCP and UPD, any port! - so has avast.setup.

ashWebSv.exe, on TCP only, has the same permissions.

I set these to Ask then allowed them just so that Avast would work on these providers.

No malware (thorough scan with Avast, BitDefender (BD is demand only - the services aren't running usually) and 3 antimalware apps).

So, please, what should be allowed, which way and where (I've never managed to get the hang of firewalls).
W7 Pro SP1 32 bit
Intel Core i5 5675C; 4GB DDR3 1600 RAM
Avast!: 2328; Comodo Firewall

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67247
So, please, what should be allowed, which way and where (I've never managed to get the hang of firewalls).
Into the firewall settings, the following programs should be allowed to connect:

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner Service)
C:\Program Files\Alwil Software\Avast4\Setup\avast.setup (avast! Update executable). This is a temporary file that just appears when an update (check) is about to launch, and disappears again afterwards.

Don't need rights to connect:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (avast! Update Service)
C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service). Although, ashServ.exe sends ping packets to find out if the Internet connection is alive. You can turn this off by checking the "My computer is permanently connected to the Internet" box in the avast Program Settings > Update (Connections) page.

If you want to log the Internet Mail provider or the WebShield, just let us know.
The best things in life are free.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3866
  • Just an avast user
I hope that sweepsnregs will forgive this deviation in this thread that is not entirely connected to the current state of the thread.

The avast functions are well written and well behaved functions and it is not going to do any harm if they are given excessive permissions.  So if they are working then probably best to leave them alone. 

However if you want to be more explicit then ashMaiSv.exe and ashWebSv.exe both require to connect to the Internet  - that is they are all going out to connect to a server.  Even though it does not sound too logical this is true for both sending and receiving email - the connection is initiated out from your system to the server even for receiving email. For browsing your system always starts the connection out to the Web server.   They are typically creating TCP connections.

I believe the same conditions apply for avast.setup but I'm sure if I am wrong someone will be along to say so very quickly. 

None of these functions require permission to act as a server.

However, again, if these permissions are working then leave them be.  The next time you have to set them up again you can refresh your mind from this and perhaps try stricter settings. 
 
« Last Edit: April 01, 2008, 02:20:37 PM by alanrf »