After looking at numerous clever and incredibly complicated workarounds to get Avast to scan incoming and outgoing emails, I’ve reluctantly decided to switch to Avg on that PC because it claims to work with outlook express. I had expected and thought, until recently, that Avast was dutifully scanning my emails since this is the single biggest source of malware intrusion. I’m using OE 6 hooked to hotmail, gmail and sbc on an XP pro PC. It’s not an exotic or unusual setup. If Avg fails, I’ll look for another solution that doesn’t involve the complexity of the solutions offered on this excellent forum.
I will continue to use Avast on other PC’s that I don’t use for outlook express as it has otherwise provided excellent protection.
Good luck with AVG however you might get hit in the traffic coming the other way since avg8.
Rather than make the decision to jump ship first rather than ask for help seems a strange way to go about it.
Firstly I still use OE6, but I no longer use Hotmail, and the problem is the Hotmail email coming to OE is it isn’t using the POP3 protocol which the avast email scanners monitors, but uses a proprietary Microsoft function which is only available in OE and windows mail, etc.
It converts the webmail into a format that can be saved in OE and that isn’t POP3 so avast can’t scan that and no end of tweaking will resolve that.
Since gmail uses SSL, secure encrypted email designed to keep prying eyes out (including virus scanners) avast can’t scan that because it is operating outside of the email application (work is on going where avast 5 will be able to scan and handle SSL/TLS email). By all accounts avg can currently scan SSL email, but it isn’t pretty not is it easy to set up I hear.
Gmail does scan its email so that should help in any regard and you would be surprised how far a dose common sense will go to protect you. Don’t open attachments or click links in unsolicited emails, even if from friends, easy to forge that or their system might be infected. Especially if it seems a) out of character too good to be true, b) on-line ecard greeting, etc. c) picture from gorgeous Russian girl looking for friendship, d) security update, etc. etc. I think you get the picture.
I have no idea what you mean by sbc, so I can’t offer any suggestion.
Personally I wouldn’t switch to avg8 or any other AV simply because avast couldn’t scan my email, when there are measures you can take to limit exposure. You would be throwing out other valuable avast tools (network shield, web shield, anti-rootkit scan, anti-spyware, boot-time scan (not available in any other AV that I know), etc. etc…
I use mailwasher Pro as an anti-spam (there are other free options) but that also serves as a means of filtering out suspect and infected emails (auto and manually flag them for deletion) at email server level, they never get to my inbox to be even need scanned.
Neither avast or AVG know whether you use Outlook Express. Both of these products work by detecting the activity of the mail client not the mail client itself. They can do this because email is one of the rare applications that exist where there are strict standards on how the application must work (as in POP and SMTP).
avast works with Outlook Express and so does AVG.
Let’s take the email providers you have mentioned.
- Hotmail
If you are able to use Hotmail with OE then you are either paying for Hotmail to be able to use POP/SMTP servers of Hotmail or you are using a very old Hotmail account that is WebDav enabled. If the latter then Microsoft breaks the rules since the mail is received and sent via the WebDav protocol (which is under a delayed sentence of death from MS). This is not a standard email protocol and it cannot be scanned by either avast or AVG. When MS executes the promised demise of WebDav you will not be able to use Hotmail with OE any longer and the only mail client that will work with Hotmail will be Windows Live Mail (the replacement for OE). Neither avast or AVG will be able to scan Hotmail there since it is accessed by the new proprietary MS protocol DeltaSync - the replacement for WebDav.
- GMail
GMail (like many other mail services now) requires users to access their mail via a secure connection. No antivirus and nobody can scan these connections - that is the point of them being secure. However it is possible to manage the receipt/sending of emails on secure connections safely inside your system so that an antivirus can also scan them. That is what the “complex” solution using STunnel is all about.
The avast team have reported that in avast 5 (the next major release) the function of STunnel to manage the secure connections and allow the emails delivered via them to be scanned will be incorporated into avast.
AVG does have a lead on avast in that they included a method of providing the STunnel function in their product some time ago. The method of doing so was, I think, no less complex than setting up STunnel with avast. I have not looked at AVG 8 to see if they improved this. They had a similarly ugly method of allowing the emails of Webmail ↔ POP/SMTP converters to be scanned. In avast this was handled by one check box in the user interface. It remains to be seen if the avast team will provide a more elegant solution of managing secure email connections than AVG.
- SBC
If this too uses secure connections then the case is the same as that for GMail.
I have no argument with the desire to scan emails in your system. However, with the antivirus scanning of email now done centrally by all the services you mention the likelihood of detecting an infection in email on your own system is greatly reduced. There is a great shift away from infected emails to social engineering emails which attempt to entice the recipient to open a link to an infected site or to a compromised file housed outside your system. avast is helping with this in the most recent release with the new function of the Network Shield to prevent access to known malware locations.
Wishing you success with your AVG effort and I hope you will take a fresh look at avast email scanning in avast 5.
David: Thanks for your response…I didn’t ask for help because I had already searched and found the solutions…just considered them to complex for me to implement. SBC = AT&T which in turn converts Yahoo mail and sends it in digestible form to the email client.
Alan Thanks for your very knowledgeable reply. If my AVG experiment doesn’t pan out, I will reply to this topic. As you can see, I have a low tolerance for complexity so if AVG requires some sort of cyber pretzel dance to protect Outlook Express, I’ll be back with Avast double-quick. Despite lack of email protection, I have yet to experience an effective malware attack since using Avast. A bit of paranoia helps, as does the scanning/cleansing on email servers.
I’m quite pleased to hear that the excellent Avast team is working on a solution in V5. Since I will still have Avast on 2 other PC’s I will be aware when that comes out and will give it a go on the Outlook PC after some feedback confirms it’s effectiveness.
Thanks again for your comments.
You’re welcome.
Though with as you mention your level of paranoia I really doubt you would be at much risk as far as emails are concerned (given as Alan also says the emails are scanned at source services).
However, I would have though that healthy paranoia along with your experience of avast would has stopped you seeking an alternative that you have no experience of ;D
David, My impetus to switch came from learning that my emails weren’t being scanned for malware locally as I had expected. I have considered email as major malware portal and I do get spam…although not a large volume. That said, I haven’t been infected so what I’m currently doing IS working. After reviewing the capabilities of Avast, I am indeed reluctant to switch…and may hold off to see what Avast 5 comes thru with. Any idea on the time frame for it’s arrival?
It’s expected for the first semester of this year.
While semester literally is derived from “six moons” in different parts of the world it can have different meanings and can represent a much shorter period of time.
So for clarity of Tech’s intent the avast team have said the first half of the year.
Common sense and caution really are the first level of protection, whilst email is still a major portal for infection, that is changing though and drive by attacks are starting to more prevalent.
However, email infection tends to be limited to attachments (never open directly save to your HDD and scan with avast), dodgy links to suspect sites (network shield is starting to catch these too, new addition to that shield) and of course iframe tags, which try to direct you to a site or run code on a site (again the network shield may help in this regard).
So keep doing what you are doing, it seems to be working well ;D
I would say that is a wise choice.
We are all waiting with anticipation for avast 5.0.
Thank all of you for your valuable comments and insights
We are all waiting with anticipation for avast 5.0.While I guess this is true, tell the truth I'm more than happy with 4.8. It just works. Sorry for being OT, I can't help with the email scanning aspect. What I would say, is Mr Toad you seem more than normally security conscious; any file you should happen to allow to run form an email attachment is unlikely to be infected, although that is possible. When it executes, if it's a malware file, and if the signature (or behaviour) is recognized by Avast, the on access scanner should stop it. And I believe this process is likely to be at least as effective with Avast as with AVG. Your posts indicate the type of person who would check any attachment out carefully before running it, anyway. I think you're probably pretty safe. I don't think you'd be any safer with AVG, but that's just personal (semi-ignorant) opinion, based on what I've read with users having problems with it. (Which doesn't mean the opinion is wrong. ;D)
While I may seem overly concerned, it is because some of the malware packages are incredibly difficult to get rid of. My son, who built the computer I’m working on and is vastly more knowledgeable than I, spent several hours getting rid of the varous pieces of an infection. My other son, who is also very knowledgeable had a similar experience. Both practice multi-layer malware prevention, yet were infected. I have a friend who has tossed one computer out a 2nd story window and dispatched another with .357 magnum due to malware infections. I feel my heightened level of concern is justified.
Well that is certainly one/two ways of dealing with the problem, expensive though, not to mention any health and safety issue.
‘Passer by killed by virus’ - whilst walking past a residential property the deceased was struck on the head by a virus infected, flying computer.
‘Neighbour killed by virus’ - whilst taking a shower a local resident was hit by a .357 magnum round which had passed through a virus infected computer and through the party wall separating the two properties.