I just received the 2014 update this morning, and now I find that Avast and Thunderbird aren’t playing nicely. I now routinely (though not every single time) receive an Avast error message when I start Thunderbird, advising that it couldn’t scan my SSL email, and that I may need to configure SSL manually. The text of the message reads “The avast! Mail Shield encountered a problem with the secure connection to your mail server. You may need to configure the SSL scan feature manually.” It’s followed by a prompt to open Avast’s SSL settings.

Ok, that’s fine. Tell me how to configure it manually. The Avast help simply says that you check the box if you want Avast to scan SSL email. Exporting the Avast-provided SSL certificate and importing it into Thunderbird doesn’t seem to change anything. The error message still appears. I know Avast 2014 does things differently than prior versions. Is there a walkthrough for exactly how to set up Avast and Thunderbird using SSL?

I’m using Avast 2014.9.0.2006 and Thunderbird 24.0.1 on Windows 7 (64-bit).

Thanks.

Is there a walkthrough for exactly how to set up Avast and Thunderbird using SSL?

http://www.avast.com/en-eu/faq.php?article=AVKB91#artTitle

Those only go up through Avast 8. My setup worked fine in v8. With this new version, they’ve apparently changed something and now it doesn’t work properly. The error message I receive is not covered in the FAQ at this point.

Hi,

I got the same problem and have to say, that the error message is absolute rubbish. It just says “Uh, something does not work.”. So what now? There are no settings to change and the mail certificate is up to date. It worked absolutely perfect with avast 8 and now suddenly it doesn’t. Sorry, but how do you test your new versions?! Not at all?

So long.

same problem here - I had to install 2014 for 8.1, and then prob started.

Please, stick to your thread and post the requested info. You are not helping to get your problem solved by complain left and right without providing any information.

http://forum.avast.com/index.php?topic=138169.0

Funny that, I just downgraded to Avast 8 and now it works without any problems. So I’ll stick to version 8 until this stupid message box is changed in a way that it is helpful.

Hello,

I would like to add my own experience…

I too have the same problem, i.e., from time to time (not always) I can see the following Avast! pop up window:

[img]http://postimg.org/image/w40fnztn5/[img]

(saying: “The avast! Mail Shield encountered a probelm with the secure connection to your mail server. You may need to configure the SSL scan feature manually.
Click OK to open the Mail Shield Configuration page.”)

The strange thing is that in Statistics, Mail Shield seems to work (along with the others).

In view of the advice on this thread, I followed two different approaches/procedures:

a) the procedure (by the letter) described here: http://www.avast.com/en-eu/faq.php?article=AVKB91#artTitle.

Yet, the problem remained… So, I deleted the installed Avast! certificate in Thunderbird, in “Authorities” tab, (the “Servers” tab was empty from any Avast! entry, anyway) and (since I have Avast! version: 2014.9.0.2008) I followed procedure:

b) Settings > Active Protection > I chose “Mail Shield”, clicked on Settings (i.e., Mail Shield Settings) > SSL Scanning (the “Scan SSL connections” was already checked), I chose “Export Certificate” (which, in contrast to the procedure in a) produces a certificate with .der -instead of .cer- format). The exportation was successful and, I imported the new one -as described in a).

Once again, the problem persists.

So, clearly it seems that there a kind of conflict between Avast! and Thunderbird, therefore, I was thinking (as a workaround, and until a final solution is found) what if someone un-checks the “Scan SSL connections” ? I mean, that still the computer is protected, is not it?

Info: Avast! 2014.9.0.2008 and Thunderbird 24.1.0 on Windows 7 Professional @ 64-bit.

Thank you in advance.

Having the same problem.

Had the same problem. Here’s the solution that worked for me (from memory):

Start Thunderbird and in the left pane click on your email account then click “view settings for this account”

Server Settings: Make sure that connection security is set to “SSL/ TLS” and “Normal Password”

Then in the left pane click “Outgoing Server” then click on your email account in the window then click “Edit”

Apply the same settings as before.

Click Ok and shut down Thunderbird. Maybe reboot to be on the safe side.

There are no setttings to configure in Avast - just tick the boxes in the mail shield settings.

Start Thunderbird and if you get a warning - I don’t remember the exact wording but something like “unusual activity or a connection security warning” just allow the connection if prompted. If you’re asked to add a certificate and security exception - go ahead. It will allow Avast to scan your email and everything should then work fine.

I’ve just remembered some useful stuff regarding Avast scanning email in Thunderbird (or any other email client) on Windows 7.

Thunderbird additional settings:

Tools> Options> Security> Antivirus

Tick the box to allow antivirus to quarantine incoming messages.

Probably it will now quarantine anything loaded with a dodgy script. However Windows 7 isn’t configured by default to call antivirus programs when opening attachments. (Believe it or not!) So that means that if you attempt to open an attachment and for some reason Avast fails to scan it - you will still be able to open the attachment. There’s a way to ensure that if an attachment scan fails then the ability to open that attachment will be blocked by windows.

What you need to do is use Group Policy Editor to ensure that Windows 7 notifies antivirus programs to scan attachments:

Type gpedit.msc in the Start menu’s search box and then press Enter.
Navigate to User Configuration, Administrative Templates, Windows Components, and then select Attachment Manager in the left column of the Group Policy Editor.
Double-click Notify antivirus programs when opening attachments in the Settings section of the Group Policy Editor.
Select Enable and then click OK to save the changes.

Group Policy Editor is not available in some Windows 7 editions (Home Premium, Home Basic and Starter). Only Windows 7 Professional, Enterprise and Ultimate editions come with Group Policy Editor installed.

If you’d like to add Group Policy Editor to the Home Premium, Home Basic or Starter version of Windows 7 there’s an installation guide and download link here and it works:

http://www.askvg.com/how-to-enable-group-policy-editor-gpedit-msc-in-windows-7-home-premium-home-basic-and-starter-editions/

It’s my guess that a large majority of users would not be comfortable editing Group Policy settings, even if their particular version of Windows has that facility, and they should not have to.

The settings necessary to have Avast work properly with mainstream email clients like Thunderbird should have been properly documented in either the help file, or a FAQ specific to the 2014 version before the product was released to the public. Maybe it is somewhere - I’m still looking.

I have the same problem with Thunderbird and SSL scanning. However I get the Avast popup occasionally when coming out of standby mode with Thunderbird active. My guess is a timing problem between Avast and Tbird. The mail scan does work, the Avast complaint about the certificate is a nuisance. My OS is Windows 8 x64.

This same configuration worked flawlessly with Avast 8.x

As a workaround I disabled SSL scanning…

@ Callender

Regarding your first post: everything was already adjusted as you said (so, not a workaround for my case).
Regarding your second post: I am extremely reluctant to play with those Windows utilities. On top of that, I totally agree with olddog’s reply.

@ Olddog

Thumb up

@ Ahwphx

I tend to believe that what you did (and which was one of my thoughts) is (probably) the only realistic workaround -at least until a proper adjustment/solution from Avast! appears.

Sorry that it didn’t work for you. Perhaps consider fully removing Thunderbird then reinstalling. There’s no guarantee that it would solve the problem!

As for the Group Policy settings - I just posted that “for information only” and didn’t intend to suggest that it would be a good idea for inexperienced users to mess about with it. It’s just that I’m aware that a standard windows 7 installation has numerous security misconfigurations that could be fixed/ improved and that’s just one of them.

Picture the following scenario: Another user has access to your machine and disables the Avast mail shield in order to download and open an attachment that is blocked. They can do that no problem but with the fix in place it’s impossible. Of course this shouldn’t concern you if you’re the sole user.

If I may, uninstalling and installing -and that because of a peculiarity of behalf of Avast!- is not a decent option! I prefer to disable the scanning of SSL/TLS connections instead, or even to use another antivirus (in the worst case scenario).

Regarding the other stuff,two observations:
a) well… even so, Avast! should be able to scan the entire system afterwards -it is its role after all…
b) I am the only user of this machine

I have been around the houses with this issue. none of the solutions suggested on the forum (not just on this thread) or by Avast support have helped. initially one solution re fixing certificates seemed to work, but today I suddenly could not send emails again. This is unbelievably flaky. I have had to turn off email scanning completely and hope that the file system scan covers it. My ISP does some pretty good spam handling so I’m not too worried about that.

I’m now wondering what I paid for since the SafeZone (which seemed like a great idea, a way to turn off that resource hungry rapport service) is a bit flaky as well. I guess I can chalk it up to experience (and also the fact that Avast the free version did a solid job for several years - wierd how as soon as I start paying for software it seems to degrade in quality…)

I may move to another antivirus eventually , Ad-Aware is getting some really good reviews, but I’d like to give Avast a chance to sort this out - I think they should realise they will seriously lose custom here

I had the same thought, yet -after a lot of research- I came up with the conclusion that there is no flawless solution. For instance, the BitDefender (free edition) has major conflicts with CCleaner (a very handy and useful piece of software -in Windows OS). Similar drawbacks can be found in almost all of the solutions out there (like, e.g., Avira, AVG, Panta Cloud, etc).

So, for the time being I stay with Avast (which, otherwise, is pretty good) hoping that eventually the problem will be solved. If case that the problem persists, one can try either of the following procedures:
a) instead of following, by the letter, the steps mention here http://www.avast.com/en-eu/faq.php?article=AVKB91#artTitle, one could simply follow the variation (after having deleted all previously installed certificates):

“Settings > Active Protection > I chose “Mail Shield”, clicked on Settings (i.e., Mail Shield Settings) > SSL Scanning (the “Scan SSL connections” was already checked), I chose “Export Certificate” (which, in contrast to the procedure in a) produces a certificate with .der -instead of .cer- format). The exportation was successful and, I imported the new one -as described in the aforementioned link”

AND

in Thunderbird, in “Options > Security > Anti-Virus tab”, the single option must be checked.

b) if a) does not work (in due course) then disable the “SSL/TLS connection scanning” in Avast!, hoping that the file system scan will cover that as well.

I have also been having this problem since updating to 2014 (now 2014.9.0.2007 on Win 7 Pro x64 Thunderbird 24.1.0), and now, unless I uncheck “Scan SSL Connections” in Settings>Active Protection>Mail Shield (the other three Main items are checked) I can’t get mail. And Avast shows no mail scanning in Statistics.

In my attempts to get rid of the pop up error, I tried to delete the Avast mail certificate but it keeps telling me there already is one (from 3/13). Just now I looked under the Authorities tab and the Avast entry was gone. I reimported it (and see that also says 3/13), and restarted TB (now there don’t seem to be any Server entries for Avast in there now).
The same “avast! Mail Shield encountered a problem with the secure connection to your mail server. You may need to configure the SSL scan feature manually…” came up, as well as the TB "Add Security Exception popups, in this case for imap.googlemail.com:993 (8 accounts), imap.gmail.com:993, pod51000.outlook.com:993, pop.att.yahoo.com:995 (5 accounts). All server connections are set as SSL/TLS.

I cannot get/receive mail unless I deselect the Avast SSL Scanning, and it looks like none of the mail is scanned that way, according to the statistics. Can somebody please tell me how to configure TB and Avast to work together so my mail is scanned.

Hello,

try the following steps (to be sure):

1. if possible (i.e., if you are using an IMAP e-mail account, like gmail) perform a clean uninstall of Thunderbird

   (a) “Control Panel > Programs > Uninstall” and Choose Thunderbird
   (b) afterwards, use CCleaner (http://www.piriform.com/ccleaner) to remove any remnants
   (c) Start > type %AppData% (and press Enter). A folder named “Roaming” will appear in Windows Explorer. Delete any Thunderbird related folder. Do the same with folders
   “Local” and “Local flow”, which belong to the same folder three as “Roaming”
   (d) restart Windows

NOTE: Regarding step (c), you should be very careful -especially if you are also using Firefox

2. Then install Thunderbird again. After having your e-mail account set, do the following

   (a) In Thunderbird: “Options > Security > Anti-Virus tab”, the single option must be checked
   (b) In Avast!(*): “Settings > Active Protection >” choose “Mail Shield”, click on “Settings (i.e., Mail Shield Settings) > SSL Scanning” and make sure that “Scan SSL connections”
   is checked. Then chose “Export Certificate” (which will produce a certificate with .der -instead of .cer- format).
   (c) Import it to Thunderbird: “Option > Advanced > Certificates > View Certificates > Authorities > Import”. Make sure that in the tab “Servers” (next to “Authorities”) there is
   nothing related neither to Avast! nor to any recent certificate, which was added as an exception.

Hopefully, these will help…

(*) there is a new version of Avast!, so update