Help! Avast not scanning Outlook Express

At first, Avast Home scanned outgoing and incoming Outlook Express messages. Now it scans neither. When I hover the cursor over the icon at the bottom-right of my screen, the pop-up window reads “avast! On-Access Scanner: 7 provider(s) total, 4 running.” At the time of installation 6 of 7 were running. And the message for Internet Mail is “The provider is waiting for a subsystem to start.”

Can anyone tell me what’s going on? Why has Avast stopped scanning email? How can I get it to start again? Thanks.

First, find out which 4 are running. Click on the icon with the “A”. In the left hand panel are a list of installed providers. If they are installed, they will be in color. Click on theinternet mail icon. In the right hannd panel, you will see three options, start, pause,terminate. Can you click start?

You can also check from here. Right click the A icon, highlite “pause provider”. Is there a check mark beside internet mail? This will also show you which providers are installed.

You can also highlite stop provider, and see if internet mail has a check mark beside it.

hope this helps…

Are you sure? Isn’t this related to MS Outlook plugin and NOT the Internet Mail provider?

The Internet Mail Provider is an avast! resident provider and it is not just the corresponding service. If you have Internet Mail running and stop the “avast! Mail Scanner” service, you disable the scanning of e-mails, but you don’t turn the provider into “stopped” state (rather “waiting for a subsystem to start”). Similarly, if Internet Mail is stopped, you cannot start it just by starting the “avast! Mail Scanner” service.

In other words, you should have 4 avast! Services: Control Panel > Administrative Tools > Services

C:\Program Files\Alwil Software\Avast4\ashServ.exe (avast! antivirus service)
C:\Program Files\Alwil Software\Avast4\ashUpdSv.exe (avast! Update Service)
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner service)
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (avast! e-Mail Scanner service)

The two first of them should be Automatic loaded and the two last Manually loaded. Can you check?

Thanks for the replies. I seem to have solved the problem by uninstalling Web Accelerator for my att.net account. I don’t understand why Web Accelerator affected Avast’s email scanning, but evidently it did affect it.

Thanks again.

If it is a proxy, it will interfere with WebShield.
If it changes Internet settings, you could have timeouts.
Just guessing but I can imagine some troubles… Maybe if you post ‘how’ Web Accelerator’ works we can imagine more.

I looked into the issue of email and web accelerators some time ago. Many web accelerators are basically the same third party product that is just branded with the name of the ISP.

In some cases they introduce a proxy (particularly for HTTP traffic), but the one I looked at in detail performed effectively the same low level intercept of port 110 that avast does to get control of the POP3 traffic and “accelerate” email. This completely prevented the Internet Mail provider from intercepting POP3 mail and performing the email scanning it is designed to do.

That’s why I normally include a question about accelerator use for folks having problems with getting their mail scanned.

There is a bit of a work around that users of Mcafee 7 and previous used, if you really want to use an accelerator. Since Mcafee relied on download scan and system scan to detect virusi after you clicked on them, many uses set their email program to down load mail to a folder other than the inbox, and then scanned that folder.

Obviously you won’t be able to scan out going mail.

Will you feel safe with this method?
I mean, receiving an e-mail, saving it to a file in your HDD and only AFTER scan it?
It’s the opposite of WebShield does, for instance, with HTTP (Internet) traffic: scans BEFORE any file is saved into your HDD…

I assume this really means download it to another folder and then scan that folder for every single message that arrives - if the folder survives move the message to another folder.

Very laborious.

I would advise any user of Thunderbird to absolutely avoid this suggestion - you will just lose any folder and all of its contents if it contains a virus.

Yes, another folder is used. As far as time consuming, just scanned 112 files, 95,000 KB wmp and pps in about 2 minutes. to some this is long, to others it isn’t. The folder should survive as each email is scanned individually

As far a feeling safe, why not? If the folder is scanned before opening anything. Besides, 0540-3 never picked up soberab2, I ended up with 4 of them in my inbox. So this would have been the same.

As far as conflicts with some mail programs, anyone using any suggestions should do a little research before trying.

As I said, this is a bit of a work around if someone really wants to use an accelerator. It worked with another virus scanner.

Your point on Thunderbird is noted.

For any email client that encrypts mail automatically (Outlook Express, Lotus Notes) this suggestion is, quite honestly, nonsense.

If your email client encrypts mail then avast is never going to find any virus signature in the email files because the virus has been encrypted.

Outlook (not Outlook Express) is a special case because avast has a plugin for that product (and as I recall The Bat as well).

About the only widely used email product that I know that leaves the mail files in plain text such that avast can easily spot a virus is Thunderbird … I have made my point on that.

These accelerators are widely touted by the ISPs but, in most cases, there are other products available that can achieve similar speed improvements that work well with products such as avast and do not conflict with them.

I admit, avast detection should be better.
But, after all, a spam killer will manage infected email very well if you know how to configure them. For instance, MailWasher or Spamihilator won’t let these emails reach your inbox.

It’s not a matter of avast’s detection not good being good enough(personally I think it’s fine). It’s just that the virusi get here faster than the updated VPS. But everything takes time. :wink:

The same holds true for spam killers. It takes a few days for the signature to be added to the database. For example, it was about four days 'til my mail server added most of soberab2’s versions to their anti spam program.

No, spam killers are not signature based (at least the two ones I’ve posted before).
They use bayesian analysis (search Google for bayesian and you’ll find a lot of theory), plugins, DNS blocking filters, etc.
They’re not signature based, they’re heuristic.

Which is why the human brain should always be your first line of defense, don’t open email attachments from unknown sources or even known sources that could be infected (friends) until you check.

Viruses that uses social engineering to tempt you to click on links or attachments, etc. for the most part need to be able to get established, create registry entries, copy files to system folders, etc. They need permission for that and most people give that by default.

So in the worst case scenario, it gets past the mark 1 brain and is an undetected virus or malware then you need something else.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can’t put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

Exactly! But it is still amazing how many people still get infected (and annoyed and want to blame the AV company) even though their AV is “up to date”. Five minutes a week checking online virus libraries would save them a lot of grief. At least they might recognize some of the subject titles new virusi use.

I usually got to http://vil.nai.com/vil/newly-discovered-viruses.asp
It’s usually quite up to date.
I’m sure there are a lot of good ones out there.

Yes a good link for new virus info, googling on an email subject title, attachment, etc. often returns some info.

Hi,

i see this, too (the provider is waiting for a subsystem to start), i haven’t got any web accelerator, and i think, at first, Avast Home scanned outgoing and incoming MS Outlook 2002 messages.

thank you

Make sure the avast plugin is not disabled into MS Outlook:

Outlook 2003 > Help > About > Disabled items
Outlook 2000 or 2002(?) > Tools menu > Options > Other > Advanced Options > Add-In Manager.

As reported a lot of times, the message “The provider is waiting on the subsystem to start” will be shown there until you open MS Outlook.
The plugin will be enabled automatically after that.