Hi there!
I’ve been using Avast 4 Home for a few days now, and I’m very happy with it! Despite being very light on the system, it’s incredibly effective!
I just have a technical curiosity about this…
I’ve set the Mail Scanner this way in my Windows 98 SE system (as instructed by Seand):
Flow:
Outlook Express → 127.0.0.1 (port 8110) Avast → 127.0.0.1 (port 110) Spamihilator → pop server (mail.myisp.com – port 110)
Settings in Avast4.ini
[MailScanner]
IgnoreProcess=Spamihilator.exe
Log=20
SmtpListen=127.0.0.1:25
PopListen=127.0.0.1:8110
ImapListen=127.0.0.1:1026
NntpListen=127.0.0.1:119
Trust=127.0.0.1
UseDefaultSmtp=0
DefaultPopServer=127.0.0.1:110
DefaultSmtpServer=127.0.0.1:25
ShowTrayIcon=1
AutoSetProtection=0
PopRedirectPort=110
SmtpRedirectPort=25
ImapRedirectPort=143
NntpRedirectPort=119
IgnoreAddress=
IgnoreLocalhost=1
AutoRedirect=1
This way the mail scanner is the last one in the chain, only scanning messages that have been “released” by Spamihilator as good, non-spam ones. This saves plenty of resources and time!
My curiosity is about the following: when an e-mail is scanned by Spamihilator and considered to be spam, the scanner doesn’t get it, and thus the “scanned files counter” in its menu just stands still. So far, so good…
When an e-mail is released as “good” by Spamihilator and sent to Outlook, the “scanned files counter” is incremented by 2!!!
You could think that a “double-scanning” is happening, but it’s not! One quick look at the e-mail headers shows that there’s only one ”avast! (VPS XXXX-X, YY.YY.YYYY), Inbound message X-Antivirus-Status: Clean!”.
If there’s only one “avast! (VPS XXXX-X, YY.YY.YYYY), Inbound message X-Antivirus-Status: Clean!”, it means that the e-mail got scanned only once… So why does the counter shows that it’s being scanned twice?
Here’s the log to make it even stranger:
06/17/05 12:18:26 FFEC5CC5: ->POP TOP 1 0
06/17/05 12:18:26 FFEC5CC5: sent 9(0x00000009)
06/17/05 12:18:26 FFEC5CC5: --POP: Getting file
06/17/05 12:18:26 FFEC5CC5: received 1393(0x00000571)
06/17/05 12:18:26 FFEC5CC5: received 3(0x00000003)
06/17/05 12:18:26 FFEC5CC5: --POP: File got
06/17/05 12:18:26 FFEC5CC5: Timeout handler: 0xFFEC4295
06/17/05 12:18:26 FFEC5CC5: ProcessFile entrance C:\WINDOWS\TEMP_avast4_\unp247168631
06/17/05 12:18:26 FFEC5CC5: ProcessFile 2 e-mail ‘’ De: “Nereide Machado Vallido” nereide@fulltrading.com.br, Para: malavasi@malavasi.com.br
06/17/05 12:18:26 FFEC5CC5: ProcessFile scanDlg before e-mail ‘’ De: “Nereide Machado Vallido” nereide@fulltrading.com.br, Para: malavasi@malavasi.com.br
06/17/05 12:18:26 FFEC5CC5: ProcessFile scanDlg after e-mail ‘’ De: “Nereide Machado Vallido” nereide@fulltrading.com.br, Para: malavasi@malavasi.com.br
06/17/05 12:18:26 FFEC5CC5: ProcessFile exit 1(0x00000001)
06/17/05 12:18:26 FFEC5CC5: --POP Mail is clean
06/17/05 12:18:26 FFEC5CC5: --POP Modified message to send: C:\WINDOWS\TEMP_avast4_\unp247168631
06/17/05 12:18:27 FFEC5CC5: sent 1486(0x000005CE)
06/17/05 12:18:27 FFEC5CC5: --POP AavmReleaseScanResult
06/17/05 12:18:27 FFEC5CC5: --POP AavmReleaseScanResult OK
06/17/05 12:18:27 FFEC5CC5: Delete Files
06/17/05 12:18:27 FFEC5CC5: Delete Files OK
06/17/05 12:18:28 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:28 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:28 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:28 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:28 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:28 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:28 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:28 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:28 FFEC5CC5: ->POP RETR 1
06/17/05 12:18:28 FFEC5CC5: sent 8(0x00000008)
06/17/05 12:18:28 FFEC5CC5: --POP: Getting file
06/17/05 12:18:28 FFEC5CC5: received 8192(0x00002000)
06/17/05 12:18:28 FFEC5CC5: received 8186(0x00001FFA)
06/17/05 12:18:28 FFEC5CC5: received 8186(0x00001FFA)
06/17/05 12:18:28 FFEC5CC5: received 8186(0x00001FFA)
06/17/05 12:18:28 FFEC5CC5: received 8186(0x00001FFA)
06/17/05 12:18:28 FFEC5CC5: received 8186(0x00001FFA)
06/17/05 12:18:28 FFEC5CC5: received 8186(0x00001FFA)
06/17/05 12:18:28 FFEC5CC5: received 6110(0x000017DE)
06/17/05 12:18:28 FFEC5CC5: --POP: File got
06/17/05 12:18:28 FFEC5CC5: Timeout handler: 0xFFE9D431
06/17/05 12:18:28 FFEC5CC5: ProcessFile entrance C:\WINDOWS\TEMP_avast4_\unp240279598
06/17/05 12:18:28 FFEC5CC5: ProcessFile 2 e-mail ‘’ De: “Nereide Machado Vallido” nereide@fulltrading.com.br, Para: malavasi@malavasi.com.br
06/17/05 12:18:28 FFEC5CC5: ProcessFile scanDlg before e-mail ‘’ De: “Nereide Machado Vallido” nereide@fulltrading.com.br, Para: malavasi@malavasi.com.br
06/17/05 12:18:28 FFEC5CC5: ProcessFile scanDlg after e-mail ‘’ De: “Nereide Machado Vallido” nereide@fulltrading.com.br, Para: malavasi@malavasi.com.br
06/17/05 12:18:28 FFEC5CC5: ProcessFile exit 1(0x00000001)
06/17/05 12:18:28 FFEC5CC5: --POP Mail is clean
06/17/05 12:18:28 FFEC5CC5: --POP Modified message to send: C:\WINDOWS\TEMP_avast4_\unp240279598
06/17/05 12:18:29 FFEC5CC5: sent 8192(0x00002000)
06/17/05 12:18:29 FFEC5CC5: sent 8192(0x00002000)
06/17/05 12:18:29 FFEC5CC5: sent 8192(0x00002000)
06/17/05 12:18:29 FFEC5CC5: sent 8192(0x00002000)
06/17/05 12:18:29 FFEC5CC5: sent 8192(0x00002000)
06/17/05 12:18:29 FFEC5CC5: sent 8192(0x00002000)
06/17/05 12:18:29 FFEC5CC5: sent 8192(0x00002000)
06/17/05 12:18:29 FFEC5CC5: sent 6164(0x00001814)
06/17/05 12:18:29 FFEC5CC5: --POP AavmReleaseScanResult
06/17/05 12:18:29 FFEC5CC5: --POP AavmReleaseScanResult OK
06/17/05 12:18:29 FFEC5CC5: Delete Files
06/17/05 12:18:29 FFEC5CC5: Delete Files OK
06/17/05 12:18:29 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:29 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:29 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:29 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:29 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:29 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:29 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:29 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:29 FFEC5CC5: ->POP DELE 1
06/17/05 12:18:29 FFEC5CC5: sent 8(0x00000008)
06/17/05 12:18:29 FFEC5CC5: --POP Before ReadFromPop
06/17/05 12:18:29 FFEC5CC5: received 21(0x00000015)
06/17/05 12:18:29 FFEC5CC5: --POP ReadFromPop …
06/17/05 12:18:29 FFEC5CC5: <-POP +OK Message deleted
06/17/05 12:18:29 FFEC5CC5: sent 21(0x00000015)
06/17/05 12:18:30 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:30 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:30 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:30 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:30 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:30 FFEC5CC5: received 1(0x00000001)
06/17/05 12:18:30 FFEC5CC5: ->POP QUIT
06/17/05 12:18:30 FFEC5CC5: sent 6(0x00000006)
06/17/05 12:18:30 FFEC5CC5: --POP Before ReadFromPop
06/17/05 12:18:30 FFEC5CC5: received 22(0x00000016)
06/17/05 12:18:30 FFEC5CC5: --POP ReadFromPop …
06/17/05 12:18:30 FFEC5CC5: <-POP +OK Everything done.
06/17/05 12:18:30 FFEC5CC5: sent 22(0x00000016)
06/17/05 12:18:30 FFEC5CC5: received 0(0x00000000)
06/17/05 12:18:30 FFEC5CC5: --POP Finishing connection handler
You can see that the e-mail got processed, and then it’s processed all over again (starting on line 06/17/05 12:18:28 FFEC5CC5: ->POP RETR 1)!!!
And it happens all the time!
Any ideas?
By the way, sending messages works perfectly (they are scanned only once and the “scanned files counter” is incremented accordingly)
Regards
Leonardo