Hello,
I once raised the idea about transparent system level mail (TCP/IP traffic) scanning, but it didn't make big interest. :'(
http://forum.avast.com/index.php?board=2;action=display;threadid=57;start=285But now I've done some research how it's done by other AV software like Panda and Norton and I wish to share my little knowledge.
Almost for sure those av pgms are using Winsock 2 layered service provider (LSP) hooks to intercept / modify some functions calls to winsock like recv(), send() and this allow to scan all TCP/IP stream without installing any proxy. This method is quite simple... it's documented, having samples in Microsoft Platform SDK.
Moreover you are able to modify this stream.. and even redirect it, or close connection.. whatever you want. Because mail application (or even pure telnet connection) going trough WinSock 1st goes trough your functions that are hooked to WS2 layer.
Nevertheless time ago this idea was negated. However I'm still sure that implementing that in Avast! will stop all those problems with proxy configuration.. because no proxy will be needed, and any other pbms. Moreover I don't agree it won't lower memory consumption, because it will for sure. For implementing LSP you don't need any exe running... all you need is single DLL which is hook for the WS2.
This dll won't need such a complicated logic as it's now in Internet Mail Proxy... because all it needs is search specific data in the TCP/IP stream.. and scan it! Like begginnig of attachment... and so on. This is not complicated at all. Moreover it could scan besides POP3, SMTP, IMAP... some other protos like ICQ, Kazaa... same way.
This would be totally transparent to the user... with low memory consumption and no need for any configuration as it's the winsock level.
I wish Avast! had that feature... because I like this program as it's free for home use, has polish UI, and it's written by Czech ppl that are somehow near friends to the Polish
(even it might sound funny)
Here are references you can lookup:
-
http://www.ndis.com/papers/winpktfilter.htm- C:\Program Files\Microsoft SDK\Samples\netds\WinSock\LSP (Platform SDK)
-
http://www.microsoft.com/msj/0599/LayeredService/LayeredService.aspxRegards,
