Is there any error message in the log file C:\ProgramData\AVAST Software\Avast\log\Mail.log ?
When I upgraded from Avast Version 7 to Avast Version 8 I let the Avast installation routine install the newer version over the previous one. Afterwards I was receiving error messages from my mail client TheBat! while SSL scanning was activated in Avast 8. I have looked up in the certificates database of windows if the “avast! Mail Scanner Root”-certificate was there, but it wasn’t. Then I wiped off the whole Avast installation. After a restart I deleted the programme-folders and registry entries. Then I reinstalled Avast 8. Finally the missing certificate was there in the certificates database. After I have imported the avast certificate into the address book of TheBat! I had no more error messages concerning SSL scanning.
@sanders
What does the mail log file in TheBat! say, SSL handshake error or something like that?
That is because TheBat! is missing the avast certicate.
I turned on the “check SSL” option in avast and tried to get new mail from gmail account with TLS (port 995). What I see in the Mail.log:
3/5/2013 1:44:13 PM 00000B04: ScanSSL 1 3/5/2013 1:44:13 PM 00000B04: POPs Start: 1 3/5/2013 1:44:13 PM 00000B04: POPs RedirectPort: 995 3/5/2013 1:44:13 PM 00000B04: SMTPs Start: 1 3/5/2013 1:44:13 PM 00000B04: SMTPs RedirectPort: 465 3/5/2013 1:44:13 PM 00000B04: IMAPs Start: 1 3/5/2013 1:44:13 PM 00000B04: IMAPs RedirectPort: 993 3/5/2013 1:44:13 PM 00000B04: NNTPs Start: 1 3/5/2013 1:44:13 PM 00000B04: NNTPs RedirectPort: 563
And what I see in the TheBat log:
`
05.03.2013, 13:44:23: FETCH - receiving mail messages
05.03.2013, 13:44:23: FETCH - Connecting to POP3 server pop.googlemail.com on port 995
05.03.2013, 13:44:23: FETCH - Initiating TLS handshake
05.03.2013, 13:44:23: FETCH - Certificate S/N: 3B76AC5D0000000068AA, algorithm: RSA (2048 bits), issued from 9/12/2012 11:59:40 AM to 6/7/2013 7:43:27 PM, for 1 host(s): pop.googlemail.com.
05.03.2013, 13:44:23: FETCH - Owner: US, California, Mountain View, Google Inc, pop.googlemail.com.
05.03.2013, 13:44:23: FETCH - Issuer: generated by avast! antivirus for SSL scanning, avast! Mail Scanner, avast! Mail Scanner Root.
!05.03.2013, 13:44:23: FETCH - TLS handshake failure. Invalid server certificate (The issuer of this certificate chain was not found).
05.03.2013, 13:44:24: FETCH - TLS handshake complete
05.03.2013, 13:44:24: FETCH - connected to POP3 server
05.03.2013, 13:44:24: FETCH - authenticated (plain)
05.03.2013, 13:44:24: FETCH - 0 messages in the mailbox, 0 new
05.03.2013, 13:44:25: FETCH - TLS connection completed successfully
05.03.2013, 13:44:25: FETCH - connection finished - 0 messages received`
Yes I see I need import the avast certificate into TheBat certificate storage. But the avast certificate is not in the system certificate storage.
YES, TheBat! is complaining about the missing certificate!
I could send you mine, but I am not sure if this particular certificate will work for you.
As you can see in TheBat! mail log file, you can still send and receive gmail messages, however with the error messages.
Sorry, I fogot to add that SSL scanning must be enabled too.
As you see in my avast Mail.log
3/5/2013 1:44:13 PM 00000B04: ScanSSL 1
the SSL scanning is enabled.
Did you try to refresh/restart the certmgr after you enabled SSL scanning?
Nope :-[
I guess I opened certmgr.msc when SSL scanning was disabled. Now I see the cert! 
Thank you Vojtech!
Now I imported that cert to the TheBat! storage. So I had no more error messages concerning SSL scanning.
Best regards.
TADAM!
It works now. Thanks vojtech!
So the step by step guide for TheBat! users - assuming both Mail Shield and SSL scanning are on:
[ol]- Open certmgr.msc from command prompt
- Expand the tree down to
Trusted Root Certification Authorities\Certificates, locate theavast! Mail Scanner Rootcertificate in the list - Right-click the certificate and execute
All Tasks\Export... - Go through the export wizard and export the ceryificate to any X509 (.CER) format with any file name
- Open TheBat’s address book
- Make sure the
View\Certificate Address Booksmenu item is checked - Select the
Trusted Root CAitem in the left list - Create a new contact in the selected address book, the
Edit Address Entrywindow will appear - Fill in
First Name, Middle Name, Last Namefields with any data to identify the new record in the list - Switch to the
Certificatestab and click theImportbutton - Import the previously exported certificate. After successful import the imported certificate will appear in the new contact’s list
- Close the
Edit Address Entrywindow with theOKbutton[/ol]
That’s all, now check how TheBat! works with SSL-enabled mail servers.
Best regards - Serge.
[list]
There is no need to create a new contact manually. Use “File → Import” in the main menu of The Bat!'s address book.
Have tried this first. But it says “No addresses were imported” for me. TheBat ver. 5.2.2
Best regards - Serge.
Hi!
I had the same problem (also using The Bat! as my email client) and want to suggest a possible alternative solution.
The suggested solution in this message chain is to export the avast! certificate from the Windows certificate store (where the “internal TLS” implementation cannot find it) and import it into the The Bat! address book where it can be found. This will certainly fix the problem, as has been indicated.
Please notice that WITHOUT UNDERSTANDING all the possible implications of this, I simply switched the selection in the The Bat! Options | S/MIME and TLS… dialog from “Internal Implementation (The Bat! Address Book)” to “Microsoft CryptoAPI (Windows Certificate Store)”.
I kept all the additional selections in their default values.
With this, the error message and the related error message dialog disappeared:
Account Log Before the change described above:
3/27/2013, 16:50:49: IMAP - Issuer: generated by avast! antivirus for SSL scanning, avast! Mail Scanner, avast! Mail Scanner Root.
!3/27/2013, 16:50:49: IMAP - TLS handshake failure. Invalid server certificate (The issuer of this certificate chain was not found).
3/27/2013, 16:50:55: IMAP - TLS handshake complete
Account Log After the change described above:
3/27/2013, 17:15:48: IMAP - Issuer: generated by avast! antivirus for SSL scanning, avast! Mail Scanner, avast! Mail Scanner Root.
3/27/2013, 17:15:48: IMAP - TLS handshake complete
If anyone has any remark about possible negative effects of the selection switch, I would very much like to know!
Jouni