avast mail scanner problem

[Lars-Erik Østerud]

Suddenly avast mail scanner won't connect using SSL.
I can use SSL from my mail program.
But if I use non-SSL there and turn on SSL in the avast mail scanner
I get a SSL_connect_error_5 from the server.

Same thing happened on another system.
And there I fixed it by reinstalling avast.
But it's a bit of a hassle doing that every week :-(

Any ideas?

 

[Peter Foldes]

You do not need the email scanner. It is the cause of multiple issues with e-mail
clients

Read
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm

JS

 

[FromTheRafters]

Suddenly avast mail scanner won't connect using SSL.
I can use SSL from my mail program.
But if I use non-SSL there and turn on SSL in the avast mail scanner
I get a SSL_connect_error_5 from the server.

Same thing happened on another system.
And there I fixed it by reinstalling avast.
But it's a bit of a hassle doing that every week :-(

You probably don't need to scan e-mail, but if you want to I suggest any
problems you have as a result should go to the vendor's support people
for resolution.

 

[Beauregard T. Shagnasty]

Suddenly ...

I'm always tempted to ask, "What did you do just before 'suddenly'?"


I concur with the others about not needing to scan either incoming or
outgoing mail.

 

[David H. Lipman]

I'm always tempted to ask, "What did you do just before 'suddenly'?"


I concur with the others about not needing to scan either incoming or
outgoing mail.

Well, incoming is another story. However I believe in email scanning it when it is MAPI
or VIM scanning and not via a Proxy or other client method.

 

[Beauregard T. Shagnasty]

From: "Beauregard T. Shagnasty":

Well, incoming is another story. However I believe in email
scanning it when it is MAPI or VIM scanning and not via a Proxy or
other client method.

I assume you read the thundercloud.net page. What problem could there
be before actually attempting to run a file received by email? Top
that with .. it's been several years since I actually received a
malicious file via email. Maybe I'm just lucky.

 

[David H. Lipman]

I assume you read the thundercloud.net page. What problem could there
be before actually attempting to run a file received by email? Top
that with .. it's been several years since I actually received a
malicious file via email. Maybe I'm just lucky.

There is exploit code in email as well as phishing. The major playes who do VIM and MAPI
scanning will detect exploits and phishing the body.

I didn't read the data at thundercloud.net . Is there something there that I missed BTS ?

 

[Beauregard T. Shagnasty]

From: "Beauregard T. Shagnasty":

There is exploit code in email as well as phishing. The major
playes who do VIM and MAPI scanning will detect exploits and
phishing the body.

Hi, click here to log in to your bank account:
http://hacker.example.com/a345/www.bankofamerica.html

I didn't read the data at thundercloud.net . Is there something
there that I missed BTS ?

"Our advice is sound. Email scanning might have been useful years ago,
but not anymore. We're not sure it ever was."

 

[David H. Lipman]

Hi, click here to log in to your bank account:
http://hacker.example.com/a345/www.bankofamerica.html


"Our advice is sound. Email scanning might have been useful years ago,
but not anymore. We're not sure it ever was."

OK, I don't fully agree.

As for the URL, the URL can be obfucated and not everyone is savvy how URLs are formed or
the syntx of them.

 

[Beauregard T. Shagnasty]

David H. Lipman wrote:

(something amiss with your newsreader; it's snipping some attributes,
which I've restored twice now)

From: "Beauregard T. Shagnasty":

OK, I don't fully agree.

You are more than welcome to disagree, Sir.

As for the URL, the URL can be obfucated and not everyone is savvy
how URLs are formed or the syntx of them.

Sure, but you'd never see the little sample as I typed, above. The
HTML would show the clickable part as the real BoA domain name [1].
Some people would click it; others are more astute. Regardless, to my
knowledge, anti-virus programs don't act on that, but email clients
may. I know Thunderbird's own "Junk" filter would - no a-v necessary.

[1] a good reason to read mail in Plain Text

 

[FromTheRafters]

David H. Lipman wrote:

(something amiss with your newsreader; it's snipping some attributes,
which I've restored twice now)

From: "Beauregard T. Shagnasty":

OK, I don't fully agree.

You are more than welcome to disagree, Sir.

As for the URL, the URL can be obfucated and not everyone is savvy
how URLs are formed or the syntx of them.

Sure, but you'd never see the little sample as I typed, above. The
HTML would show the clickable part as the real BoA domain name [1].
Some people would click it; others are more astute. Regardless, to my
knowledge, anti-virus programs don't act on that, but email clients
may. I know Thunderbird's own "Junk" filter would - no a-v necessary.

[1] a good reason to read mail in Plain Text

Indeed, but most users don't.

E-mail scanning always did have one very slight chance of being
advantageous. If an exploit was found for a vulnerability in the e-mail
client or its extensions, it could react to it before the exploit code
actually hit the e-mail client or its extensions.

Not a very likely scenario perhaps, and server side AV should be able
to handle it anyway. If the exploit code was fragmented, the server side
AV might not catch it (only looking at one chunk at a time) but your
client side AV might be able to sew the parts together (just like the
client would) and reveal the exploit code.

Too far fetched to really make it worthwhile, especially considering the
downsides to using e-mail scanning like computing cost, timing problems,
and the corruption issue.

 

[David H. Lipman]

(something amiss with your newsreader; it's snipping some attributes,
which I've restored twice now)

From: "Beauregard T. Shagnasty":

OK, I don't fully agree.

You are more than welcome to disagree, Sir.

As for the URL, the URL can be obfucated and not everyone is savvy
how URLs are formed or the syntx of them.

Sure, but you'd never see the little sample as I typed, above. The
HTML would show the clickable part as the real BoA domain name [1].
Some people would click it; others are more astute. Regardless, to my
knowledge, anti-virus programs don't act on that, but email clients
may. I know Thunderbird's own "Junk" filter would - no a-v necessary.

[1] a good reason to read mail in Plain Text

Yes. Many organizations and divisions of the US Gov't. bar Rich Text Formatted email.

 

[David H. Lipman]

Indeed, but most users don't.

E-mail scanning always did have one very slight chance of being advantageous. If an
exploit was found for a vulnerability in the e-mail client or its extensions, it could
react to it before the exploit code actually hit the e-mail client or its extensions.

Not a very likely scenario perhaps, and server side AV should be able to handle it
anyway. If the exploit code was fragmented, the server side AV might not catch it (only
looking at one chunk at a time) but your client side AV might be able to sew the parts
together (just like the client would) and reveal the exploit code.

Too far fetched to really make it worthwhile, especially considering the downsides to
using e-mail scanning like computing cost, timing problems, and the corruption issue.

It is likely scenario. For example Symantec on email server but Avira on desktop. Thus a
layered approach.

 

[Beauregard T. Shagnasty]

[1] a good reason to read mail in Plain Text

Indeed, but most users don't.

Oh, I know. I receive verrry few text-only emails. But that's all I
send. ;-)

A two-sentence email from/via yahoo is about 20KB!! <lol>

 

[FromTheRafters]

[1] a good reason to read mail in Plain Text

Indeed, but most users don't.

Oh, I know. I receive verrry few text-only emails. But that's all I
send. ;-)

A two-sentence email from/via yahoo is about 20KB!!<lol>

Remember "Incredimail"?

That was bad enough, but it's gotten worse.

 

[Beauregard T. Shagnasty]

Beauregard T. Shagnasty wrote:
[1] a good reason to read mail in Plain Text

Indeed, but most users don't.

Oh, I know. I receive verrry few text-only emails. But that's all I
send. ;-)

A two-sentence email from/via yahoo is about 20KB!!<lol>

Remember "Incredimail"?

That was bad enough, but it's gotten worse.

Yes. I have an uncle who used to use it. I remember the 35KB signature
graphic of the row of animated dancing elephants, a .gif image. I call
it Incrudimail. How could it get worse?

 

[FromTheRafters]

FromTheRafters wrote:
Beauregard T. Shagnasty wrote:
[1] a good reason to read mail in Plain Text

Indeed, but most users don't.

Oh, I know. I receive verrry few text-only emails. But that's all I
send. ;-)

A two-sentence email from/via yahoo is about 20KB!!<lol>

Remember "Incredimail"?

That was bad enough, but it's gotten worse.

Yes. I have an uncle who used to use it. I remember the 35KB signature
graphic of the row of animated dancing elephants, a .gif image. I call
it Incrudimail. How could it get worse?

When it gets forwarded through AOL and Yahoo. Blockquoted and more crap
added. D

 

[David H. Lipman]

Beauregard T. Shagnasty wrote:
[1] a good reason to read mail in Plain Text

Indeed, but most users don't.

Oh, I know. I receive verrry few text-only emails. But that's all I
send. ;-)

A two-sentence email from/via yahoo is about 20KB!!<lol>

Remember "Incredimail"?

That was bad enough, but it's gotten worse.

And their stupidly attached smileys and commercial....