Hi all, 
recently the avast mail scanner icon is frequently showing up in the tool bar as often as every couple of minutes, but I am not using any email applications.
When i put the mouse on it it says: Avast Mail Scanner user-39002 wfd86a.dsl.pol.co.uk
None of this resembles the email accounts when sending and receiving.
Any ideas ???
Is it this one?
http://forum.avast.com/index.php?topic=19794.0;topicseen
These could be simpthoms of infection…
Better if you run a boot time scanning of avast AND an ewido + a-squared scanning for cleaning trojans.
Does this resemble your ISP, pol.co.uk ?
If so are you using a P2P program ? - Azureus perhaps ?
Do you have a firewall, if so what ?
I don’t know what the pol stands for.
I use utorrent and it does seem to trigger the event when this is running,but if this is the case why does it say mail scanner and not p2p.
Never used to see the icon flash up.
Using Sygate Personel Firewall at the moment.
Ran spyware doctor and it found a couple of things which I deleted, although I didn’t pay much attention to what they were as I did it before I saw your post.
The pol stands for Planet On Line I believe, I have seen this type of activity in other P2P programs namely Azureus and the reason the mail scanner gets involved is because it or another peer is truing to connect using an email port which avast’s email scanner is monitoring. Usually this would cause a connection timeout warning.
I’m sorry I don’t use any P2P program, so I have no idea of the set-up for utorrent on communication ports, etc.
Take a look at this thread and see if you can apply the same logic/settings to utorrent.
Check out this Thread http://forum.avast.com/index.php?topic=18105.0
and this post in particular http://forum.avast.com/index.php?topic=18105.msg154105#msg154105
Sygate also has a problem in that it may report localhost proxy activity but not the program that is using the proxy, so there are occasions when it will report the web shield connecting to the internet when it is the browser using the proxy to connect. This masks programs as you allow web shield access so by default anything using the proxy gets through because Sygate only sees the proxy.
How to disable transparent web shield proxy and allow only those browsers you want use it:
In avast! go to Web Shield provider, Customize…, Basic tab, blank the redirected HTTP port field (remove the 80). Now no browser can use web shield unless you manually configure it to use Web Shield.
However, since Sygate is no longer being developed, perhaps it is time to look for another firewall that doesn’t have this issue with localhost proxy.
I just installed utorrent (version 1.5) to take a look at it.
It seems it is a popular alternative to azureus apparently because it is “skinnier” and reportedly faster, mainly due to not being java based (which azureus is).
Unlike azureus it does not offer the user the opportunity to avoid peers who offer connections on “well known ports” such as those intercepted by the avast Internet Mail provider. While utorrent seems to assign the user’s listening port randomly at a high port number the users can connect to peers on other products where - as we know - the “well known ports” are frequently used.
The simplest solution for roadkill and all utorrent users is to edit their avast4.ini file and in the section headed:
[MailScanner]
add a line:
IgnoreProcess=utorrent.exe
Perhaps the avast folks could save them all the trouble and do it for them.
Thanks Alan.
Many thanks for all your help.
Altered the ini.
I’l let you know if it does not fix it.
Roadkill 8)
Hi all ,
today this mail scanner icon appeared to my pc too.
I am going to do what alarf suggests editing the avast4.ini file e.t.c.
My question is ,
by doing that am i leaving any hole for infections e.t.c. ?
I am newbbie in these matters so forgive me if i ask something obvious or funny.
Thx for reading this…
N.
P.S. I have utorrent ver 1.6 installed but it was not loaded in memory when the problem occured…(and i havent used it yet for today)
No, you’re only bypassing the mail provider to scan utorrent traffic.
utorrent shold be scanned by P2P and Standard Shield providers. 
Before editing the ini file you have to identify why the email icon is scanning, if it is utorrent and not something else then this is the correct action.
Stopping the email scanners scanning content that isn’t in email protocol won’t leave you more vulnerable as the email scanner will effectively stall as it is looking for the traffic using email ports to be using email protocol.
1st of all thx for trying to help…
DavidR is probably right.It seems that it is not cause of utorrent.
If i hover the mouse over the icon i get at least 3 different names (even ip’s) and also they change as the time pass by.
strange eh?
Well ignoring utorrent won’t harm this current email scanner icon issue, if it is down to utorrent it should stop the occurrence. If not then it could be that you have a spambot on your system, not too likely because of the multiple IPs which sounds more like P2P than email servers, etc.
Again it never hurts to be too sure you could try running Ewido or a-squared (depending on your OS) in safe mode, Ewido anti-spyware If using winXP. or a-Squared free if using win98/ME. If they come up clean (or no serious issues) it is more likely to be utorrent and the change to the ini file may indicate that also if there are no more email icons popping up.
I ve already added the nie you suggested and the problem persists.
So i will scan my pc with avast -since this is the one i have installed right now- and let you know what will happen.
Thx again 4 your much appreciated help.
N.
Click the Blue text in my last post, they are links to the programs, they can work alongside avast, although I would ensure that you are off-line and pause the standard shield provider before starting the other scan. The two programs are more specialised in trojan detection and removal and Ewido is the better of the two (IMHO) if you have XP ?
I doubt that avast will find anything as this is already on your system and if it was going to detect this trojan it would already have done so.
Well…
sorry for my tipo error at my previous message.
Actually i meant ad-aware and not avast.
So i used ad-aware to scan my system.
While ad-aware was scanning avast found a virus inside a rar file win32 kind of virus.
Probably didnt cause the problem since i hadnt ever run it. (Ad-aware had to scan it in order avast to find the virus)
Anyway i deleted it through avast and so ad-aware kept on scanning.
It found some minor threats (althought it didnt mentioned them as so important threats) i deleted them too.
Now everything seems ok…but you know…tomorrow maybe my pc will make a peperone spaggetti and consume it by itsself…
Oh ,i love/hate how so many things are running under/out of our attention inside our pc’s and they just come and go by themselves…
Thanks everyone who answered me to this thread.
I hope i wont have to post here for problem again and i hope that in the near future my pc wont do things by itself all of a sudden…
N.
P.S. Excuse my lame english.
I doubt that adaware would detect anything like this, rather the specialist tools that I previously mentioned. It is also an idea to pause the standard shield whilst doing a scan with another security based program. This not only avoids possible conflict (if adaware opens a rar/zip file and it is infected avast could also detect it) not to mention the adaware scan will be quicker because avast won’t be looking over its shoulder so to speak.
Deletion is never a good first option (you have none left) send it to the chest or quarantine area, etc. and investigate.
There is nothing wrong with your English, but I would question your not downloading and using one of the specialist anti-trojan tools as this possible spambot trojan may be more likely to reveal this possible infection.
For about one and a half year with the combination of avast ,adaware and windows firewall i have a nice and well going on pc.
Before that i was in a cyceon using different firewalls antivirus e.t.c. progs ,had conflicts unwanted and sometimes useless port blocks e.t.c.
So i just fed up.
That was the virus-frightened period for me.
In the bottom end, the way the pc’s work now you use one program but you have no idea what it does except what it says it does…but this is a subject for another thread i quess…
Though , since you obviously know much more from me in this area + the fact you wanted to help with no obvious profit leaves me no other option than to hear what you tell me and so i will dnld and run the prog you suggested.
Regards,
N.
P.S. Yeah in deed. I firstly moved it to the chest in order to see the what’s and why’s but then i remembered how fed up i was and since it was not a useful file i deleted it.Also i felt sure that this file was not the reason. Actually i found anothr thread in here with the same problem talking something about the users provider had some connection with this same problem which i think that is the same reason for me.Unfortunatelly i cannot locate the thread again 
Just a reminder again folks that the avast team have already added utorrent to the list of exclusions in the Internet Mail scanner - so that is definitely not the cause of the icon appearing.
As other’s have suggested - time to use all the tools available to track down a potential spambot.
Let’s not forget that the Internet Mail scanner could be of some help here. If there is a mail spambot at work it might well be worth turning on the timer in the Internet Mail scanner for a while (Internet Mail acanner > Customize > Advanced tab > Click on Timer > OK) and it will probably at least reveal the process that is sending out the spam.