New *release* build of avast now available (5.0.545)

[doktornotor]

Mail shield was in use.

No, not really... since you simply cannot scan traffic that's already encrypted.

[Hermite15]

confirming bug   I finally gave it a shot   Switched back my accounts to ssl ports in Thunderbird (IMAP/993 and SMTP/STARTLS), deleted the ssl account entries in Avast, launched the client, opened the avast interface and:
 1 found that an IMAP entry was created again. A bug 'cause it shouldn't happen but that doesn't conflict so far, you can still receive mails.
 
 2 On the other hand, if you attempt to send mails using SMTP/587/STARTLS, again the mail shield proxy is creating a secure account entry on port 465 and you can't send anything. This entry shouldn't be created at all in the first place, like the IMAP one. If you switch smtp in Thunderbird to 465, leaving the useless smtp/465 in avast, it works again. If both Thunderbird and Avast are on 587, nothing works.

 Anyway, all of this doesn't really matter. What matters is that the mail proxy shouldn't create any entry as long as you stick to ssl ports in the mail client. You should, if the option is left checked, just get the warning that Avast can't scan.
 adding: I mean guys, there has been quite a few threads recently from people who never used the mail shield before, were not aware of anything, didn't even know how to re-configure the mail client to get the mails scanned because they use to just leave the mail shield run without bothering. And technically, apart from the annoying warning that avast can't scan, there's no problem to send and receive. But now there's a bug >>> the ssl proxy attempting to reroute to ssl ports when nobody asked it to. What I don't understand is there has been many posts and new threads, it was obvious to me from the beginning that something was wrong, I could tell about that bug a few days ago already, and found it on my system today when testing. Where is Avast? no one noticed anything

[doktornotor]

Yeah, you are right. OTOH I really don't get what's exactly so difficult for people to grok that an encrypted communication cannot be scanned and why they keep enabling the encryption in client no matter how many times they are told not to if they want to use the mail shield... 

[Hermite15]

Yeah, you are right. OTOH I really don't get what's exactly so difficult for people to grok that an encrypted communication cannot be scanned and why they keep enabling the encryption in client no matter how many times they are told not to if they want to use the mail shield... 

I edited my post in the mean time...

[gosmeyer]

If they would only listen  

[Hermite15]

If they would only listen  

no I mean come on, there's a bug, but you can sort things out as I told you above
http://forum.avast.com/index.php?topic=59408.msg501775#msg501775

>>> for people using the mail shield properly, there's no problem. There's only a problem for those who
 don't use it and who don't shut it down completely (while in the older builds you could not use it and leave it on).

[doktornotor]

adding: I mean guys, there has been quite a few threads recently from people who never used the mail shield before, were not aware of anything, didn't even know how to re-configure the mail client to get the mails scanned because they use to just leave the mail shield run without bothering. And technically, apart from the annoying warning that avast can't scan, there's no problem to send and receive. But now there's a bug >>> the ssl proxy attempting to reroute to ssl ports when nobody asked it to. What I don't understand is there has been many posts and new threads, it was obvious to me from the beginning that something was wrong, I could tell about that bug a few days ago already, and found it on my system today when testing. Where is Avast? no one noticed anything

Nah... actually this "bug" is a good way to promote the mailshield functionality and point out that people have incorrect settings. Just needs a more user-friendly error message. 

[Hermite15]

adding: I mean guys, there has been quite a few threads recently from people who never used the mail shield before, were not aware of anything, didn't even know how to re-configure the mail client to get the mails scanned because they use to just leave the mail shield run without bothering. And technically, apart from the annoying warning that avast can't scan, there's no problem to send and receive. But now there's a bug >>> the ssl proxy attempting to reroute to ssl ports when nobody asked it to. What I don't understand is there has been many posts and new threads, it was obvious to me from the beginning that something was wrong, I could tell about that bug a few days ago already, and found it on my system today when testing. Where is Avast? no one noticed anything

Nah... actually this "bug" is a good way to promote the mailshield functionality and point out that people have incorrect settings. Just needs a more user-friendly error message.  

yeah ok the bug is indeed almost forcing people to use it...but I seriously doubt that newbies appreciate the trick...they're a bit lost atm it seems...especially those thinking that their mails use to be scanned...because they never bothered learning what it was all about, getting encrypted mails and use a tool that will allow decryption and scanning before stuff reaches the client.

[doktornotor]

but I seriously doubt that newbies appreciate the trick...they're a bit lost atm it seems...especially those thinking that their mails use to be scanned...because they never bothered learning what it was all about, getting encrypted mails and use a tool that will allow decryption and scanning before stuff reaches the client.

Well, as said... just needs a better error message. 

Seriously - people erroneously think they are getting their mail scanned and protected by avast while that never happened before with such incorrect setup. Avast should just spit out some basic instructions in disabling the encryption in email client (probably with a link to a howto on avast website) instead of breaking sending/receiving mail and it'd be perfect. 

[Tarq57]

@Krypton
I recommend you visit www.secunia.org and and under "products" run either the OSI or download and install the PSI.
Either of these will scan for out of date software with the object of allowing the user to patch vulnerable software.
The OSI is an online version that merely requires an ActiveX installation. The PSI is installed like any program, then runs and reports. Both are free.

Very worthwhile doing.

[Dcn.Dad]

Installed successfully on two XP-Pro sp3 machines & working fine.

It appears from the forum that comments/bugs are quite localized, which tells me v.545 is quite good.  With so many users out there, that's a tribute to Avast.

Keep up the good work!

[Dch48]

but I seriously doubt that newbies appreciate the trick...they're a bit lost atm it seems...especially those thinking that their mails use to be scanned...because they never bothered learning what it was all about, getting encrypted mails and use a tool that will allow decryption and scanning before stuff reaches the client.

Well, as said... just needs a better error message. 

Seriously - people erroneously think they are getting their mail scanned and protected by avast while that never happened before with such incorrect setup. Avast should just spit out some basic instructions in disabling the encryption in email client (probably with a link to a howto on avast website) instead of breaking sending/receiving mail and it'd be perfect. 

Actually, since most email providers scan for viruses coming into and leaving their servers, the mail shield in Avast! is redundant for the majority of people anyway.

[DavidR]

Whilst they may scan inbound and outbound emails on their servers, doesn't make the Mail Shield redundant.

Firstly there is no guarantee that the email server will score 100% detection rate in fact I would more or less guarantee they won't in the same way as avast won't catch 100% of all viruses, etc.

Secondly if there happens to be a hidden or undetected spambot on your system the Mail Shield may be the first indication of that fact in intercepting and scanning outbound email. These spambots generally come with their own very small SMTP program (it doesn't use your email program), so it may otherwise be undetected. I would go a step further in saying the Mail Shield, Expert Settings, Sensitivity, Heuristics sensitivity be set to High.

[rnuis]

I have a problem with this new version 507 that i can't run anything in the Sandbox . i have a other tread on this board but i don't get any help from Avast solving this . :'( :'(

[vojtech]

Anyway, all of this doesn't really matter. What matters is that the mail proxy shouldn't create any entry as long as you stick to ssl ports in the mail client. You should, if the option is left checked, just get the warning that Avast can't scan.

The mail scanner always used to create new accounts when client used SSL/STARTTLS. This way the SSL setup is 'remembered' and used after user disables SSL in the client. I don't think there is a problem in it.

However there is a bug in this build (5.0.545) causing that sending does not work when STARTTLS is configured in client and user does not disable it. It will be certainly fixed in the next update.