Mail protection through Winsock ?

[RejZoR]

Have you ever think about this solution? There would be no need for ashMaiSv.exe and no need for Mail Configuration Wizard (or at least not for the second one).

Or are there some other drawbacks?
Btw NOD32 and some other also use such method.

[Lisandro]

Have you ever think about this solution? There would be no need for ashMaiSv.exe and no need for Mail Configuration Wizard (or at least not for the second one).

Or are there some other drawbacks?
Btw NOD32 and some other also use such method.

Yeah, seems possible...
Better, this is possible and not so far from reality.
This won't surprise some programmers  

[pk]

Yeah, seems possible...

Yes, we think about removing configuration wizard and use different scanning method, but it won't be via winsock (windows highest) layer like in NOD32; we'd not get all incoming data.

[RejZoR]

Heh i was so busy i forgot about this thread
What do you mean with: we'd not get all incoming data ?

First i thought it would be much simplier to enable mail protection (no Mail Protection Wizard) and better protection,since some worms have their own SMTP engine which is never routed through 127.0.0.1 (localhost).
I'll try something if its possible without reprogramming the whole thing hehe

[Vlk]

WinSock layer is impractical because it's too high on the stack. A program can easily bypass WinSock, thus bypassing the protection. A typical example of a network application that totaly bypasses WinSock is IIS 6.0. A number of AV companies use the Winsock layer to provide network AV shields but they never tell you that their solution is far from perfect.

A better way to do this is in a TDI (filter) driver -- i.e. in kernel mode -- and this is how avast will eventually work... However, development of such module requires quite a lot of time and testing is also very demanding... Therefore I don't want to disclose any time frames at the moment...

Thanks
Vlk

[RejZoR]

Ofcourse,i hope you'll impliment this feature asap (whenever this is )