Dear Sirs,
F-Secure enable email scan but noticed it slow down
The built-in e-mail scanning in F-Secure Client Security 5.5x uses a
novel method that is very different from the usual.
NortonAV and most other competitors use a local-proxy based approach to
e-mail (SMTP/POP3) virus scanning. This is vulnerable, because malware
with built-in SMTP engine can circumvent it. But it offers greater
flexibility in port configuration and is not performance critical.
F-Secure's solution uses a trick involving the DFW personal firewall
component of the FSAVCS software. They are essentially slicing the
network interface card NDIS driver layer in half and insert a data pump
in between the parts. The pump sucks all port 25 and port 110 traffic
out and feeds it into the virus scanning core. This method cannot be
circumvented, as long as the AV is running. But it is not possible to
change the ports (you cannot use e-mail scanning with an SMTP server on
port 26 or access POP3 running on port 109).
Besides these issues, the solution is also performance critical, because
actions are not acknowledged until all AV scanning is done, sometimes
leading to timeouts, etc. Large size e-mails with packed attachments or
a slow link (e.g. 56kbps analogue modem) can lead to problems. Some
fixes have been implemented in the latest version. Please use the FSAVCS
5.52 SR1, available here:
ftp://ftp.f-secure.com/support/hotfix/fsavcs/avcs_5.52-10130-sr1.zip
Sincerely: Tamas Feher from Hungary.
