Configuring Avast with Thunderbird using IMAP

[Trinu]

I've recently switched from webmail (specifically gmail) to mozilla thunderbird and am having trouble getting avast to scan my emails on access.   The only solutions for this problem i've found are directed at POP3 users.  Any help setting up on-access protection for IMAP would be appreciated.

[DavidR]

There is an add-on for thunderbird that allows for the import of gmail, in that way I believe avast can scan that content.

Sorry I don't use thunderbird so I don't know what the add-on is.

[sded]

If you are still using gmail as your service, but have switched to IMAP access, it is SSL (encrypted) email, not directly scanned in Avast! 4. Thunderbird and Avast!/Stunnel can be set up in the same manner as the POP3 access to scan the mail after decryption.   Main difference is connection to imap.gmail.com on port 993 instead of pop.gmail.com on port 995.  You can search here under gmail stunnel for instructions/examples and check back if you have any problems.  I run that configuration successfully.  Or try the TB add-on for gmail-I don't use it because I also have other SSL email accounts besides gmail.

[Trinu]

Thanks, but I'm still having trouble.  Specifically, the virus scanner starts, then just hangs there without actually completing a scan of any file at all.
 My stunnel.conf file says
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration

; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
cert = stunnel.pem
;key = stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

[pop3s]
accept  = 995
connect = 110

[gmail-imaps]
accept  = 993
connect = imap.gmail.com:993

[ssmtp]
accept  = 587
connect = 25

;[https]
;accept  = 443
;connect = 80
;TIMEOUTclose = 0

; vim:ft=dosini

Any more help would be greatly appreciated.

[sded]

OK, below is a gmail stunnel.conf that should work for you.

In TB, you set your server to access the localhost port listening in Stunnel.conf for the particular service, never secure.  So your TB IMAP will access server localhost on port 11143, with never secure checked.  Setup in Avast! for IMAP needs to look for port 11143 to scan under "redirect".

; We're running as a client to SSLify the POP & IMAP connections
client=yes
debug=5

; gmail IMAP service listens on localhost 11143
[gmail-imaps]
accept=localhost:11143
connect=imap.gmail.com:993

; gmail POP3 service, listens on localhost:11111
[gmail-pop3s]
accept=localhost:11111
connect=pop.gmail.com:995

; gmail SMTP service, listens on localhost:11026
[gmail-smtps]
protocol=smtp
accept=localhost:11026
connect=smtp.gmail.com:587

[calcu007]

if you config Thunderbird with pop3 info of gmail it work?

[Trinu]

Ok, now I'm getting the error message "could not connect to mail server localhost.  the connection was refused."

[sded]

In Avast!
Scan inbound mail checked under IMAP
11143 included under IMAP redirect
Ignore local communications unchecked

Server settings as shown

Stunnel up and running.  Right click of icon and selecting "log" shows what?

[Trinu]

stunnel log says
2009.06.17 13:39:50 LOG5[704:2652]: stunnel 4.27 on x86-pc-mingw32-gnu with OpenSSL 0.9.8k 25 Mar 2009
2009.06.17 13:39:50 LOG5[704:2652]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6
2009.06.17 13:39:50 LOG5[704:3316]: No limit detected for the number of clients

[sded]

The log says you are not getting to Stunnel-it will show the connections happening otherwise.  Doublecheck the settings under Avast! IMAP and redirect and that the TB server settings show an IMAP server (not POP, which selecting the TB gmail wizard will give you) with the proper entries.  Does your setup work if you don't scan port 993 under Avast! redirect for IMAP, and use imap.gmail.com and port 993 , SSL in TB?

[Trinu]

ok now it seems like now the connection is being made (it says connected in the bottom corner) but it times out before I can do anything.

[sded]

Where does it say "connected"?  Do you get any messages in the stunnel log now?  Should be able to tell what is happening to the connection from there.  Should exit and restart Stunnel if you have made any changes to Stunnel.conf along the way.  Probably should post your current TB/Avast! configuration, since some changes were made and we don't know what they were.   Do you get a dialog when you try to open the IMAP account?  You may need to right click the account name and select "subscribe".

[Trinu]

It says connected in the TB window.  Stunnel still reports no connections.  If attached screenshots of my current configurations.  I doubt its of much importance but since I can't pin down the problem I feel that I should tell you I'm running the 32-bit version of openSSL on a xp 64-bit.

[sded]

OK.  For the first figure,
The server name should be  localhost
The port number should be 11143

Second figure bypasses Stunnel, which should be fine for SMTP with Gmail

Third figure should uncheck "ignore local communications"

Is stunnel.conf just a copy of what I posted?

Stunnel log seems to say it is OK with your XP version.

[Trinu]

Thank you so much!  It's working now.