Mailscan without function

system · May 2, 2006, 7:52pm

Hello all,

using the newest version of AVAST 4.7 on WINXP behind a DSL router with THE BAT! mail client. AVAST should scan all mails of all mail accounts, but it doesn’t scan. It should set an info in all mails but it doesn’t set it.

Mail Shield activated. WINXP system running without any problems. AVASTs services and devices are running fine.

So what the matter with that AVAST mailscan?

Lisandro · May 2, 2006, 8:01pm

Did you install The Bat plugin?
Can you repair your installation through Control Panel?

system · May 2, 2006, 8:09pm

Hello

Thx for answering. No plugin is installed. Should not be neccessary at all I’ll think. Other clients like OPERA and THUNDERBIRD I will test soon.

What exact services, devices or LSPs needs AVAST for mail scanning?

AVAST mailshield is working as an proxy. Is there something to configure? I’ll think not if I understand the documentation in correct way.

What do you mean with repairing via control panel?

I’am using AVAST Home Edition.

alanrf · May 2, 2006, 9:07pm

I assume that you do have the Internet Mail provider of avast running and that when you select “Customize” and the “POP” tab you have the box checked for “Scan incoming mail”.

If that is the case then avast should scan all incoming mail connections to mail servers on port 110 (the standard POP3 port).

If it has scanned and you look at the source of an email message you will find in the headers two lines like:

X-Antivirus: avast! (VPS 0618-0, 05/02/2006), Inbound message X-Antivirus-Status: Clean

These headers ar not displayed as part of the message content.

Are those headers present in your mail?

system · May 2, 2006, 9:25pm

Hey

You’re right. I’am using the exact configuration for POP3 Port 110 and SMTP Port 25 for two accounts like you’ve descriped.

But AVAST will not scan and will not insert the message. This are header informations, so it will not be visible in the mail body, that’s clear.

I’ve tried to use the repair function of AVASTs installation tool without any changes.

There are no LSP or WINSOCKs changes on the system. It’s clean at all like it should be.

Is there a listing of all running services, devices and programs for AVAST available?

alanrf · May 2, 2006, 9:31pm

It might prove useful to create (for a while) a more detailed avast! log of your mail connections.

You can get the mailscanner to log your connections by editing the avast4.ini file (in Program Files\Alwil Software\Avast4\DATA folder).

In the section headed:

[MailScanner]

add the line:

Log=20

and save the updated file.

Then read in some mail to generate the logging information.

The log will be in Program Files\Alwil Software\Avast4\DATA\log\ashmaisv.log

Before posting the log you should mask any personally identifiable information.

alanrf · May 2, 2006, 9:35pm

One other question.

These accounts that are not being scanned. Are these normal POP3 mail servers you are connecting to or are you using a program that is converting Webmail (like Yahoo or Hotmail) to POP3?

system · May 2, 2006, 9:38pm

Yes, i will try this. Thx.

No I’ve tested AVAST with THUNDERBIRD on a second WINXP (same as the other, but additional installation). And … what wonder … AVAST will scan and insert the message. Fine … it’s great.

But now … where is the problem with THE BAT! Version 2.x?

Mail servers:
That are common mail servers for POP3/SMTP connection via mail client and/or via web interface.

alanrf · May 2, 2006, 9:42pm

Have you recently converted the problem machine from another antivirus product? Are you possible running two antivirus products at the same time?

system · May 2, 2006, 9:51pm

Yes, there was installed ANTIVIR PE before. But this program is cleaned out completely (de-/installation was checked by additinal tools and registry cleaning).

I’ll think that THE BAT! will be the source of this problem. But why?

system · May 2, 2006, 10:41pm

Now I’ve deinstalled AVAST and reinstalled again … with the special plugin for THE BAT!. And what happens now? The same as before … no scanning … no message. ???

Lisandro · May 2, 2006, 10:56pm

Does the plugin is allowed to connect the Internet?
Which firewall do you use?

system · May 2, 2006, 11:05pm

This plugin will connect to the internet? It doesn’t ask to do so.

Using KERIO firewall running in auto mode.

THE BAT! will initialize the Plugin correctly (log). But no scan information and no message entry. Really mysterious. I will look tomorrow for new informations … when there are new spam and phing mails.

system · May 2, 2006, 11:26pm

So … newest info. Looks like the plugin will scan. Can’t test with a virus because my provider will not do so.

Looks like the plugin is the only ‘scanner’ for AVAST. The real ‘mail scanner’ itself (MailShield) will not scan THE BAT!. Hmmm …

Lisandro · May 3, 2006, 12:52am

Auto mode, this is the answer for the question: This plugin will connect to the internet? It doesn’t ask to do so..

Which spam killer application are you using?

Lisandro · May 3, 2006, 12:53am

Sure… this is the reason for existing a specific plugin

alanrf · May 3, 2006, 12:55am

I just downloaded TheBat v 2.12.04 installed it with all the default options and set up my main pop3 account (provided by my ISP). I did not install the plugin.

I then downloaded all the mail sitting out on the server using TheBat. When I checked the source of the messages every one had the X-Antivirus headers inserted by avast and the Internet Mail scanner showed the subject line of the last message downloaded by TheBat.

So, if you find yourself in the situation again of trying to use TheBat without the plugin then I would strongly recommend the Log=20 option I proposed earlier and let us see what is going on between avast and TheBat in your system.

system · May 3, 2006, 9:15am

Hello

Thx for this information. This will descripe the working method like I’ll see it and like I’ve understand it.

Looks like the problem is the installation of AVAST on this specific WINXP.

Ok … lets have a try to log THE BAT! and AVAST.

The plugin method will scan and function. But this is NOT really something I’ll find a good solution. There is a lot what AVAST MailShield will do and the plugin will not.

system · May 3, 2006, 9:27am

@Tech

SPAM killer? Nothing except the one of THE BAT!: BAYES IT

The virus protection plugin of AVAST doesn’t need an internet connection.

system · May 3, 2006, 10:56am

The log of an email fetch.

05/03/06 12:32:55 000000A8: Started as service, Log = 20
05/03/06 12:32:55 000000A8: Build 4.7.827
05/03/06 12:32:55 000000A8: Windows XP Workstation (Service Pack 2)
05/03/06 12:32:55 000000A8: Using WinSock 2.0
05/03/06 12:32:55 000000A8: PID = 2028
05/03/06 12:32:57 000000A8: AutoRedirect settings changed 1
05/03/06 12:32:57 000000A8: IgnoreAddress set
05/03/06 12:32:57 000000A8: IgnoreProcess set
05/03/06 12:32:57 000000A8: IgnoreProcess set avast.setup,winroute.exe,ccEvtMgr.exe,ccPxySvc.exe,ccProxy.exe,ccApp.exe,ccPwdSvc.exe,ccSetMgr.exe,ccLgView.exe,
SMPROXY.EXE,isafe.exe,TMPROXY.EXE,EMULE.EXE,WEBPROXY.EXE,NAVAPW32.EXE,SYMPROXYSVC.EXE,NETMONSV.
EXE,CRAXY.EXE,CZDCPlusPlus.exe,ABC.EXE,mpftray.exe,bitcomet.exe,V3P3AT.EXE,ypager.exe
05/03/06 12:32:57 000000A8: IgnoreProcess set avgemc.exe
05/03/06 12:32:57 000000A8: IgnoreLocalhost settings changed 1
05/03/06 12:32:57 000000A8: POP Start settings changed: 1
05/03/06 12:32:57 000000A8: POP Listen settings changed: 127.0.0.1 12110
05/03/06 12:32:57 000000A8: POP Listening daemon starting
05/03/06 12:32:57 000000A8: POP Listen handler: 0x000002E4
05/03/06 12:32:57 000000A8: POP RedirectPort: 110
05/03/06 12:32:57 000000A8: Redirect set 110->127.0.0.1:12110
05/03/06 12:32:57 000000A8: IgnoreLocalAddresses set 110
05/03/06 12:32:57 000000A8: POP Listening daemon started
05/03/06 12:32:57 000000A8: SMTP Start settings changed: 1
05/03/06 12:32:57 000000A8: SMTP Listen settings changed: 127.0.0.1 12025
05/03/06 12:32:57 000000A8: SMTP Listening daemon starting
05/03/06 12:32:57 000000A8: SMTP Listen handler: 0x000002EC
05/03/06 12:32:57 000000A8: SMTP RedirectPort: 25
05/03/06 12:32:57 000000A8: Redirect set 25->127.0.0.1:12025
05/03/06 12:32:57 000000A8: IgnoreLocalAddresses set 25
05/03/06 12:32:57 000000A8: SMTP Listening daemon started
05/03/06 12:32:57 000000A8: IMAP Start settings changed: 1
05/03/06 12:32:57 000000A8: IMAP Listen settings changed: 127.0.0.1 12143
05/03/06 12:32:57 000000A8: IMAP Listening daemon starting
05/03/06 12:32:57 000000A8: IMAP Listen handler: 0x00000314
05/03/06 12:32:57 000000A8: IMAP RedirectPort: 143
05/03/06 12:32:57 000000A8: Redirect set 143->127.0.0.1:12143
05/03/06 12:32:57 000000A8: IgnoreLocalAddresses set 143
05/03/06 12:32:57 000000A8: IMAP Listening daemon started
05/03/06 12:32:57 000000A8: NNTP Start settings changed: 1
05/03/06 12:32:57 000000A8: NNTP Listen settings changed: 127.0.0.1 12119
05/03/06 12:32:57 000000A8: NNTP Listening daemon starting
05/03/06 12:32:57 000000A8: NNTP Listen handler: 0x0000032C
05/03/06 12:32:57 000000A8: NNTP RedirectPort: 119
05/03/06 12:32:57 000000A8: Redirect set 119->127.0.0.1:12119
05/03/06 12:32:57 000000A8: IgnoreLocalAddresses set 119
05/03/06 12:32:57 000000A8: NNTP Listening daemon started
05/03/06 12:32:57 000000A8: Ignored PIDs: 2028 188
05/03/06 12:32:57 000000A8: Ignored Addresses: 192.168.0.10:119 127.0.0.1:119 192.168.0.10:143 127.0.0.1:143
192.168.0.10:25 127.0.0.1:25 192.168.0.10:110 127.0.0.1:110 72.3.135.203:80 193.243.128.78:80
193.243.128.76:80 62.132.1.234:80 198.200.173.74:80 198.200.173.139:80 127.0.0.1:80
05/03/06 12:32:57 000000A8: Ignored Processes: avgemc.exe forx.exe FXMadeEasy.exe aoltpspd.exe waol.exe ypager.exe V3P3AT.EXE bitcomet.exe mpftray.exe ABC.EXE CZDCPlusPlus.ex CRAXY.EXE NETMONSV.EXE SYMPROXYSVC.EXE NAVAPW32.EXE WEBPROXY.EXE EMULE.EXE TMPROXY.EXE isafe.exe SMPROXY.EXE ccLgView.exe ccSetMgr.exe ccPwdSvc.exe ccApp.exe ccProxy.exe ccPxySvc.exe ccEvtMgr.exe winroute.exe avast.setup

Mailscan without function

Announcements