I use Avast 4.6. My provider has changed it’s POP setting to use SSL Port 995 for receiving EMail. The SMTP also has changed to use secure login too (TSL).
Avast mail resident protection does not seems to scan incoming mail anymore and block any EMail sending through SMtp server. Disabling the protection, restore SMTP.
Since SSL/TLS e-mail is encrypted and decrypted in the client, external virus scanners (including avast!) can’t read or scan it.
The solution is to pass e-mail in and out un-encrypted from your client (Outlook Express, Thunderbird, …) to a proxy program (Stunnel) that does the actual ssl or tls encryption/decryption of the pop3/smtp e-mail and communicates directly with the ISP server on the appropriate ports. Another drivers (OpenSSL) are need as a library of encryption/decryption routines.
Take a look here: http://forum.avast.com/index.php?topic=10428.0 to see how to set up secure email with avast!.
Not directly, it requires an intermediary, such as Stunnel.
This has been covered numerous times so a forum search would be of use, ‘SSL Stunnel Gmail’ without the quotes should return some information. The reason I mention Gmail is this was the most common request to be able to check SSL email.
This is close to a cookbook FAQ, and avast! has lots of people using it this way. Let us know if you need further support, or are using IMAP or gmail. Unfortunately, until significant changes are made to most email clients to support SSL scanning, you are restricted to using a select few that allow scanner plugins (Outlook, the Bat, …) or working around the encryption for scanning. And this is true for all virus scanners, even those with built in SSL support, until the email clients change.
The idea of secure email (SSL, Secure Socket Layer) is that it is secure if all and sundry could access it (for what ever purpose) then it wouldn’t be secure and would negate the reason of having secure email.
Many have been able to install it and get it working in these forums and many of those may well have felt it daunting, but they took it a step at a time (first get the two programs you need) print of the relevant threads to help and take it a step at a time. There are people here who will help.
Unfortunately, I’m not using SSL mail so haven’t got Stunnel or OPENSSL, so I have never set it up.
As I said do the search (for a full list of threads) there have been a number of recent threads helping people with the settings. See there is one here already whilst I typed this ;D
i installed as specified in the post. I can get mail in and out ok but i don’t think Avast is scanning it. I ask to add a usual scan note at the end of the message but it’s empty.
It is normal ? How can i know that the EMail has been scanned ?
Under Internet Mail/Customize make sure you have checked “scan” and “insert note” under pop and smtp, and that the redirect tab has 11110 for pop and 11025 for smtp added. If you are scanning, you should also see the subject of the message under “last scanned” on the opening page.
I just wonder if it would be possible to impliment Stunnel/OpenSSL in avast! itself.
So it will be able to check secure connections. More and more mail services are starting to use secure connection,so Internet Mail will become obsolete over time.
i second that. The way it think it works, is that the Email client send the message to Stunnel which decrypt the message (using libssl32.dll) and pass it on to Avast for scanning. There is no reason why can’t Avast do that instead.
I have a small free EMail checker “PopPepper” which i setup again after and with a tiny dll plugin is now able the handle SSl easely.
Actual use of Stunnel/OpenSSL by avast! is probably forbidden by the GPL or other open source license, since avast! is for profit. Implementing an SSL extension can be done (AVG does it, I think much more awkwardly than using Stunnel and OpenSSL), but it is still a problem because of the mail client structure. The mail client needs to use the SSL transparently in order to allow scanning, so the localhost:dummy port structure ends up being used, with the client turning off encryption so it can be done. To make it simple, mail clients should allow for the use of an antivirus plug in (like used for Outlook and The Bat") with an API for a plugin that virus scans the mail and still allows the email client to do the encryption or decryption and communicate with the SSL/TLS server. In other words, encryption still should be an email client function, with the virus scanner plugin enabled either before encryption (outbound) or after decryption (inbound). The other issue is the usual cryptographic problem-not just anyone can homebrew a secure system, and using open source like Stunnel/OpenSSL gives users confidence that the system is secure, through peer review and the open source nature of the programs. The alternative is to license commercial SSL products that are trusted. I don’t think adding SSL support to the av scanners is really a good way to go-better Thunderbird have a check mark for “virusscan” that works even if you select SSL or TLS and tells avast! the rules to implement the plugin. Lacking that, I much prefer the external approach used by avast! to the integrated and awkward approach used by AVG for ease of setup and use.