I encountered one funny thing. Maybe you could help me.
I use Thunderbird for mail and it checks mail only when its running and when i click Get mail. I configured it this way.
Now comes the funny part.

I’m working as usual and all the sudden i notice mail checking icon next to the clock (Thunderbird is not running) which dissapears after few seconds.
Then i check Internet Mail provider and Scan count is 0 (zero).
Strange isn’t it?

Anyway i checked (WHOIS) IP which shows if you move pointer over mail checking icon. Here is the result:

inetnum: 83.156.0.0 - 83.159.255.255 netname: TISCALI-FRANCE-200401 descr: Tiscali France country: FR admin-c: BG34 admin-c: LTAD1-RIPE tech-c: TTFR1-RIPE status: ASSIGNED PA remarks: ****************** remarks: All abuse requests MUST be sent to 'abuse@tiscali.fr' remarks: and the logs must include the timezone and GMT offset. remarks: ripe-mnt@net.tiscali.fr IS NOT the mail to use to report abuses. remarks: Toute requete abuse DOIT etre envoyee a 'abuse@tiscali.fr' remarks: et les logs doivent inclure l'heure exacte et le decalage GMT. remarks: ripe-mnt@net.tiscali.fr N'EST PAS le mail a utiliser pour signaler remarks: un abus. remarks: ****************** notify: ripe-mnt@net.tiscali.fr mnt-by: MNT-TISCALIFR mnt-lower: MNT-TISCALIFR changed: jerome.fleury@fr.tiscali.com 20040126 remarks: Tag: Int source: RIPE

route: 83.152.0.0/13
descr: Tiscali France
origin: AS12876
mnt-by: MNT-TISCALIFR
changed: jerome.fleury@fr.tiscali.com 20040924
source: RIPE

role: LIBERTYSURF TELECOM ABUSE DEPARTMENT
address: Service Juridique Tiscali France
address: 10 rue Fructidor, 75834 Paris CEDEX 17, France
phone: +33 1 41 66 77 00
fax-no: +33 1 41 66 46 90
e-mail: abuse@tiscali.fr
trouble: ±----------------------------------------------------------------------+
trouble: | ATTENTION: Pour nous signaler un probleme (intrusion, spam, etc), |
trouble: | merci de respecter la procedure suivante: |
trouble: | Envoyer un mail a “abuse@tiscali.fr” avec les informations suivantes: |
trouble: | - date & heure (y compris le fuseau horaire ou l’heure GMT) |
trouble: | - adresse IP source ou toutes les en-tetes du mail |
trouble: | - nature du probleme (en quelques mots) |
trouble: | Nous ne repondons pas aux demandes par telephone. |
trouble: ±----------------------------------------------------------------------+
admin-c: BG34
tech-c: RL8839-RIPE
tech-c: TTFR1-RIPE
nic-hdl: LTAD1-RIPE
mnt-by: MNT-TISCALIFR
changed: ripe-mnt@net.tiscali.fr 20030416
source: RIPE

role: Tiscali Telecom France Registry
address: 35-37bis, rue Greneta
address: 75002 Paris
address: France
phone: +33 1 45082328
fax-no: +33 1 45082529
e-mail: ripe-mnt@net.tiscali.fr
trouble: Questions and problem reports: noc@fr.tiscali.com
trouble: ALL ABUSE REQUESTS MUST BE SENT TO abuse@tiscali.fr
admin-c: BG34
tech-c: FLB22-RIPE
tech-c: NR1053-RIPE
tech-c: BG34
tech-c: JFL5-RIPE
nic-hdl: TTFR1-RIPE
mnt-by: MNT-TISCALIFR
changed: frederic.le_brigand@fr.tiscali.com 20020924
changed: frederic.le_brigand@fr.tiscali.com 20021114
changed: jerome.fleury@fr.tiscali.com 20030520
source: RIPE

person: Benoit Grange
address: Tiscali Telecom
address: 37 bis rue Greneta
address: 75002 Paris - France
phone: +33 1 45 08 20 00
fax-no: +33 1 45 08 20 01
e-mail: benoit.grange@fr.tiscali.com
remarks: ±----------------------------------------------------------------------+
remarks: | ATTENTION: Pour nous signaler un probleme (intrusion, spam, etc), |
remarks: | merci de respecter la procedure suivante: |
remarks: | Envoyer un mail a “abuse@tiscali.fr” avec les informations suivantes: |
remarks: | - date & heure (y compris le fuseau horaire ou l’heure GMT) |
remarks: | - adresse IP source ou toutes les en-tetes du mail |
remarks: | - nature du probleme (en quelques mots) |
remarks: | Nous ne repondons pas aux demandes par telephone. |
remarks: | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
remarks: | Je ne suis que le representant legal de Tiscali et non pas |
remarks: | l’utilisateur final de l’adresse IP renvoyee par votre firewall |
remarks: | Les adresses IP sont generalement allouees dynamiquement a nos abonnes|
remarks: | et donc votre logiciel ne peut PAS connaitre le nom de l’utilisateur |
remarks: | reel de l’IP. Merci d’avoir lu jusqu’au bout. |
remarks: ±----------------------------------------------------------------------+
nic-hdl: BG34
mnt-by: MNT-TISCALIFR
changed: ripe-mnt@net.tiscali.fr 20030416
source: RIPE

I’m wondering what has Tiscali to do with my mails!?
My mail accounts in TB are both from Slovenia (one is my ISPs,other is free mail). And why does that mail checking icon come up if there is no mail checked? Any clues? ???
Thanks

Let’s see which process is doing the connection.

1. Stop the Internet Mail provider.
2. Replace the file \ashMaiSv.exe by this version: http://www2.asw.cz/~vlk/ashMaiSv.exe
3. Restart the Internet Mail provider

When the icon shows, look in the file \data\log\aswMaiSv.log and look up the line that has “(PID)” in it. The number on this line shows the ID (PID) of the process that’s making the connection. You can use e.g. the Windows Task Manager to find out which process has this PID (the PID column needs to be enabled in Task Manager’s settings, it’s not shown by default).

Cheers
Vlk

Don’t you have any SMTP server (open relay) running on your PC (eg. IIS) ? That might be it - someone sending a mail via your computer - thats an incoming connection to your SMTP server, which in turn forwards it to the destination server - thats an outgoing SMTP connection and as such it is scanned by avast!.

anyway I’am just guessing…

No i’m not running any server. But i messed up IP address for my LAN network which was set for public domain and not privat domain.