SSL/TLS Connection

system · June 25, 2012, 6:06am

I looked at the sticky and since this seems to be a different problem, I made a different topic.

The warning just popped up randomly. So is this a hiccup with Avast!, or was someone trying to hack my system? I Googled the address and it’s somewhere in Taiwan. Should I be concerned?

JanGahura · June 25, 2012, 1:13pm

Hi,

The message says that there was an encrypted connection to a mail server which the mail shield can’t inspect because of the encryption. What email service do you use? Which email client do you use?

There’s certainly nothing to be worried about.

Regards,
Jan

system · June 25, 2012, 3:38pm

I use Mail to connect to my ISP’s server. I live in the US and for some reason the connection is in Taiwan. So is this a out going or incoming connection? Is this malware trying to phone out that Avast didn’t detect?

tumic · June 25, 2012, 5:09pm

outgoing

There is definitively some process, that is connecting to the address/port shown on the popup. You can find out more info (at least the originating process) using network diagnostic tools such as wireshark or netstat.

system · June 26, 2012, 7:24am

Thanks for the suggestion. I downloaded Wireshark. Unfortunately, I can’t figure out how to use it.

tumic · June 26, 2012, 9:49am

To get the process name/PID, run the folowing command as root:

lsof -i TCP

and look for pop3s (995). Note, that the process must be connected at the time you run the command.

Wireshark can be then used to log the communication to see what is send/received, but the communication will be probable encrypted.

Pondus · June 28, 2012, 7:10am

NO…avast is just telling you that your mail account is using SSL/TLS encrypted secure connection… http://en.wikipedia.org/wiki/Transport_Layer_Security
like Gmail / Yahoo mail and many others

so for avast to scan your mail, you must sett your account to normal POP3 and let avast do the SSL connection

These tutorials are for the PC version… so guessing it is done the same way on Mac ?

How to
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=842

how to video
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=917&nav=0,616,617

anyway, many mail providers have there own protection on there mail server so the mail is already scanned for virus/spam when you recive it

system · July 6, 2012, 9:52pm

tumic post:6:

To get the process name/PID, run the folowing command as root:
lsof -i TCP
and look for pop3s (995). Note, that the process must be connected at the time you run the command.

Wireshark can be then used to log the communication to see what is send/received, but the communication will be probable encrypted.

It doesn’t happen often, but it happened earlier today. This time it goes to Norway. I plugged in the command into Terminal (I hope that’s what I was supposed to do, you weren’t clear on that) and didn’t see anything with port 993. I run it as root, because I don’t know what that means.

Could it be picking up TOR? It happend three times so far. The first time was during a TOR session and so I ignored it. The second time (the first I reported here) was not. The third was.

In this case, no it doesn’t.

SSL/TLS Connection

Announcements