« previous next »
Pages: [1]   Go Down

Author Topic: Bug report: IMAP connection hangs with Avast! Antivirus 6.x and compress/deflate  (Read 2453 times)

0 Members and 1 Guest are viewing this topic.

Offline Nucleus

  • Newbie
  • *
  • Posts: 8
Bug report: IMAP connection hangs with Avast! Antivirus 6.x and compress/deflate
« on: October 14, 2011, 05:49:29 PM »
Hi,
there is a problem with this configuration:

Avast! Antivirus 6.0.1289 (probably all 6.x versions)
Thunderbird (3.x and 7.x)
Cyrus IMAPd with "COMPRESS" extension (rfc4978) e.g. 2.3.16

SYMPTOMS:
- When connecting to a mailserver with IMAP protocol (and IMAP protection installed and activated), the connection hangs.

BUG EXPLANATION:
When both the server (e.g. Cyrus IMAPd 2.3.16) and the client (e.g. Thunderbird) support the IMAP compress extension (RFC 4978), the communication between client and server is compressed on-the-fly with the DEFLATE algorithm. Avast! IMAP protection does not correctly handle this, in fact, sniffing on the server side, we have something like this:

* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=LOGIN AUTH=PLAIN SASL-IR COMPRESS=DEFLATE] v74-x64-mail Cyrus IMAP v2.3.16 server ready
1 authenticate plain
+
.........
1 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE X-NETSCAPE URLAUTH] Success (no protection)
2 COMPRESS DEFLATE
2 OK DEFLATE active
2V.tQ.P.K.MURP.  <- binary deflated command. Hex: 32 56 f0 74 51 d0 50 ca 4b cc 4d 55 52 50 0a

here the connection hangs as the IMAP server waits for the next part of the command, that is never sent. The undeflated command is:

3 ID ("name" "P

Which is obviously uncomplete.
Notice the 0x0a at the end of the binary version. It seems that if the deflated command contains an Hex: 0a, the Avast! IMAP proxy triggers the end of the command and forward it to the imap server, but the command is not complete so the imap server keeps waiting for the next part of the command.

WORKAROUNDS:
- Disable "compress" extension support from Thunderbird
- Disable Avast! E-mail Protection (or the POP3/IMAP part at least)

The first workaround is not very easy for the final user, the second is dangerous. Can you please fix the bug?

Thanks in advance
Andrea Cascio
Nucleus srl
Logged
Pages: [1]   Go Up
« previous next »