avast certification, ssl, & virus detection?

I’m a defecting AVG user, looking for a different antivirus program after a very ‘disenchanting’ experience with AVG8.
I like Avast a lot so far, but I have come across a couple of issues that are leading me further down the path of confusion, so I thought I’d try turning here for clarification/ help.

For the record, I use WinXP Home SP2, Thunderbird 2.0.0.14, and the Windows Firewall; my ISP is Bell Sympatico (sympatico.ca).

While I can get the “insert note into clean message” certification to work with my outgoing email, I haven’t had any such luck with it showing up in my incoming email (I just wanted to see the message once, so that I knew for sure that incoming email was being scanned). I think I’ve found my answer to that issue at http://forum.avast.com/index.php?top...9948#msg279948, where alanrf says:
“Avast cannot scan any secured email connection.
Avast only scans those unsecured POP/SMTP ports (110 and 25) and can insert “clean notes” in those scanned messages.”

Turns out my SMTP port is 25, but my POP port is 995 (SSL). I can’t get mail to come in at all if I change my POP port to 110.

Reply #22 in the thread quoted above, adds:
“Bear in mind that even with mail scanner not functioning, the standard shield would protect you from any email viruses anyway.”

I thought I’d verify that by sending myself the EICAR test virus. Well, the email arrived with a paper clip, indicating an attachment, but when I highlighted the email in order to read it, the paper clip disappeared. No popups from Avast. [When I tried creating the EICAR text file on my desktop, though, Avast caught it before I’d even named the the file to save it!]

My questions are:

  1. a) Does this mean that the “infected” attachment was removed before I downloaded the email in Thunderbird?
    b) Is that part of the function of an SSL connection?

  2. Is it really okay to depend on just the standard shield to ‘catch’ infected emails without the email scanner functioning for incoming mail?

Thanks for any words of wisdom!

AVG does (at least for now) have the advantage over avast that it provides a mechanism (even if a bit clunky) to manage secure email connections for you and allow you to have emails scanned that are delivered over secure connections to the server.

While avast has said that this function will also be provided in avast 5.0 (currently under development) right now you would need to use a third party free program STunnel to manage the secure connections and pass the mail to Thunderbird in a way that avast can scan them.

It is fairly difficult to get emails through most ISP mail services these days with even an eicar virus as an attachment (the attachment might simply be replaced with one telling you the attachment has been removed).

Right now, without the use of STunnel you would be relying on the Standard Shield for protection if you were to execute an infected attachment from your Thunderbird mail store. Given that most email providers now also scan emails before you receive them the risk is of receiving an infected email is much reduced.

There is a small chance (it is very small) that a virus (even eicar) in your Thunderbird Inbox (or any other mail folder) could cause avast to report the folder as infected and quarantine it. This would only happen if the virus was in the first (physical - usually the oldest) message in the folder.

If you want to try Stunnel we are help to help. For an example of setting up STUnnel (this was with GMail the the principle is the same for all secure email services) please see this post.

Thanks for the reply, alanrf.

I’ve installed STunnel, but I don’t know how to properly edit my stunnel.conf file.

As it stands, there are two users on this computer, both using Thunderbird: one user downloads gmail, the other downloads email from sympatico.ca (our ISP). Both require SSL, I think.

The TB settings for gmail (bypassing Avast) are pop.gmail.com, port 995, SSL connection (no server authentication); and smtp.gmail.com, port 587, TLS connection.

The TB settings for sympatico are pophm.sympatico.ca, port 995, SSL connection (no server authentication); and smtp1.sympatico.ca, port 25, TLS (if available).

Will each user have a separate stunnel.conf file, or will there just be a single one for the computer as a whole, with entries relating to both gmail and sympatico?