How does Norton/Trend scan transparently

  • Thread starter Thread starter warder
  • Start date Start date
W

warder

Hi,

Recent (well the last 3 years) anti-virus tools now transparently
intercept your emails and scan them somehow without changing your mail
application options.

I.e. they intercept port 110/25 connections and scan inbound and
outbound inline.

How is this done? (i.e. I'm after Win32 API hints etc)

Also how do they hook into the file loading mechanism in windows and
intercept that too?

Unusually for me, I can't find anything just by googling, so I'm either
not using the right 'terms', or it's not out there.

Thanks!
 
warder said:
Hi,

Recent (well the last 3 years) anti-virus tools now transparently
intercept your emails and scan them somehow without changing your mail
application options.

I.e. they intercept port 110/25 connections and scan inbound and
outbound inline.

How is this done? (i.e. I'm after Win32 API hints etc)

Also how do they hook into the file loading mechanism in windows and
intercept that too?

Unusually for me, I can't find anything just by googling, so I'm either
not using the right 'terms', or it's not out there.

Thanks!
Click to expand...

I thought they set up a proxy server on another port, where mail is
scanned coming and going.
 
Willie Nickels said:
I thought they set up a proxy server on another port, where mail is
scanned coming and going.
Click to expand...

That requires an optional setting like "use a proxy server" and reassigning ports so that the e-mail
client takes in from and sends out to a loopback address and the reassigned ports. The OP may
be referring to the firewall-like inspection of data being put through the normal e-mail ports. I
don't know how it is done but I suspect it is like a specialized firewall packet inspection for just
those ports.
 
Back
Top