Something odd - no notes, no action notification

system · 2007-08-01T23:45:57.000Z

I just realized that Avast has not been inserting the “Clean” message on either my inbound or outbound mail. As I browse my Inbox, it appears that it quit some time in mid May. I also have just noticed that the little scanning notification does not pop up at the botton my screen when a message is coming in.
Both options are turned on in the Internet Mail settings area.

I am not 100% sure that it is scanning all of my email, either. I sent some test messages and they do not show up as the “Last scanned.”

I use Outlook Express 6 and have all Windows updates installed. My ISP (AT&T DSL) did do a security upgrade within the last couple of months where we have to now sepcify a secure port in our email settings. That is about the only change I can think of.

Any ideas? Do I need to reinstall Avast? Do I need to change the Redirected Ports??

I love Avast and want to make sure that it is working properly with regards to my email.

PK

alanrf · 2007-08-02T00:38:36.000Z

Yes,

the change you made to your AT&T account caused this.

Secure connections cannot be scanned by avast, any other antivirus. That is the whole point of secure connections, they cannot be monitored.

avast does not (and cannot) scan the ports you are now using and cannot insert the “clean” messages. Do not attempt to force avast to do so - you simply will not be able to connect.

There is an alternative however that will allow you to connect securely and still have avast scanning the emails and inserting the “clean” messages.

See this thread:

http://forum.avast.com/index.php?topic=27602.msg238395#msg238395

system · 2007-08-02T00:49:53.000Z

Yeah, I have been doing some research on the forum and have discovered this.

This really ticks me off. It would have been nice if AT&T let us know that there would be issues with OE and our AV after the change. Does this only affect OE? Not Outlook? Will this affect ALL AV programs as well?

I guess I will have to look into this Stunnel program.

PK

DavidR · 2007-08-02T01:18:02.000Z

It effects every email client as you have to change the ports and any AV that operates ‘outside’ of the email client including avast as Alan mentioned. That is the whole point of secure email to keep prying eyes out.

MS Outlook (not express) can use the Outlook/Exchange plug-in, which means avast is effectively inside the email program and can scan the email.

system · 2007-08-02T02:37:35.000Z

What a pain.

In my opinion, this is a major step backwards in security. As someone else mentioned in another post, how many AT&T users don’t know that their AV scanners do not work after the “upgrade?” I consider myself to be rather computer savvy, and even I just noticed. Now, granted, we should not rely solely on an AV program to protect us and should use basic internet safety guidelines. However, it is nice to have an AV program scanning just in case.

Is this a growing trend among ISP’s? Are AV program developers going to be able to accomdate for this trend?

So I wonder if I should mess with the Stunnel program or just install Outlook?

PK

DavidR · 2007-08-02T12:49:31.000Z

As I keep saying this isn’t really an issue with anti-virus programs, the whole point of SSL is to stop people poking around in your email. It is encrypted so to scan it you would have to decrypt it and that either requires a key or a lot of processing power to break it and you wouldn’t want to be going through this just to check scan your email.

So it is a step in security for ISPs (that is the only one they are interested in) and for you in that your email is secure during transmission and receipt. But the consequences of that action by the ISP could be less security unless you take further steps.

As I said avast has a plug-in for MS Outlook which allows it to work inside the email program with SSL email. Effectively it would require avast to have a plug-in for every email client out there, an unreasonable option, even if you considered only the major email clients this would be a large task. With the avast email scanner operating outside the email program it will work with almost all email programs that conform to the email standards and protocols. Remember I’m just an avast user like you and have no input in what avast does.

Personally I believe you should choose the email client that suits your needs and if that requires the use of STunnel then so be it, once set-up and running you can forget it.

system · 2007-08-03T11:48:12.000Z

I am not really pointing a finger at AV programs. I put the blame on AT&T. I am sure that they think they have good reason to do what they are doing (and they may). My main gripe is the fact that they did not give users a head’s up that this would affect their e-mail scanner, rather than let us find out 2 months later out of pure happenstance.

I see your point about Avast developers not being able to adapt to all clients, however, if this becomes a trend among ISP’s, if they (and other AV developers) don’t do something, then won’t the whole concept of email scanning become obsolete? Unless, of course, you utilize some third party app like STunnel? I guess it just bothers me that it is the end user’s resposibility to research a solution to a problem that is entirely not his fault. Some disclosure would be nice.

Anyway, I chatted with an AT&T rep last night and asked him what solution they offered to this issue. As expected, the response was that they scan messages for viruses at the server and there is really no need for a local e-mail scanner. I had done some research previously and found this: http://helpme.att.net/article.php?item=6126
so I knew that was going to be the answer.

I guess this eases my mind a bit. Them scanning at the server is better than nothing. I still would rather be in control, though. I may or may not mess with the Stunnel program. We will see.

PK

Lisandro · 2007-08-03T12:52:00.000Z

Allochthonous post:1:

I am not 100% sure that it is scanning all of my email, either.

To see if avast! is scanning emails, check one of these points:

Is the avast icon (the special one of email scanning) be shown in the system tray?
Is your email header with the lines X-Antivirus: avast! (VPS XXXXXX-X, XX/XX/2007), Inbound message and X-Antivirus-Status: Clean? (Right click the message, choose Properties and Details)
Are clean notes added at the bottom of the email? (Internet Mail provider settings)

[b]You can test the security of your email system here: http://www.gfi.com/emailsecuritytest/[/b]

To see the Standard Shield and other protection:

Is the ‘a’ blue icon swirling?
Right click the icon once and see what are the ‘last scanned files’…
Use eicar virus test.

Allochthonous post:1:

Do I need to change the Redirected Ports??

Do you use any spam tool?

Allochthonous post:5:

Are AV program developers going to be able to accomdate for this trend?

SSL connections are safe and encrypted… if it could be scanned, it would be read and then won’t be safe and encrypted.

Allochthonous post:5:

So I wonder if I should mess with the Stunnel program or just install Outlook?

Stunnel works like a charm. I have SSL, Outlook Express, Redirection into avast settings and my email is being scanned.

Announcements