The ashMaiSv.exe doesn’t establish any connection, something is either downloading email (strange) or sending email (possible spambot mass mailer, especially if you weren’t using your email program ?). The avast email scanner just intercepts email traffic to scan it.
Do you have a firewall, if so what ?
Is there anything in the logs that might show the initiating program as the ashMaiSv.exe is the scanning element for the localhost proxy. It may be that something is connecting to the internet using an email port but not pop3 protocol, which is triggering ashMaiSv.exe to try and scan it.
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
i’m primarily a Linux guy, all my mail is sent through Evolution on Linux.
i mainly use windows for entertainment (Games, movies, etc), and although outlook is set up on this PC, i don’t have mail accounts created (i sync my phone on it… that’s all)
i’m not using any software firewall (apart from Windows firewall if that counts) my network is behind a hardware router, so there’s no risk of incoming external connections… it’s the outgoing stuff i need to control now.
i tried connecting to the IP on port 110… didn’t get a proper POP3 header back
as for P2P Applications, i only have BitTorrent
i just downloaded AVG Anti-Spyware, installed, updated it, and it’s doing a full system scan… so far only cookies found
will keep you posted
well i feel stupid
DavidR’s question about p2p got me thinking
i checked BitTorrent, and noticed one of the trackers it’s using is ‘tracker.ydy.com:110’
what i don’t understand, is why does the connection appear under avast’s PID rather than Bittorrent?
does Avast trap all outgoing mail connections and transparently proxy them?
No need to feel stupid, stupid would have been not to have checked, welcome to the forums.
Anything using the email ports 25, 110, 119 and 143 will be redirected to its proxy and then on to its destination. The problem of using email ports for non-standard use will cause issues as the avast Internet Mail provider is expecting that traffic to be using email protocols.
I don’t use P2P applications so I apologise for the terminology but some people use the email ports for communication. So if you can (and assume have) change the tracker/communication port to a non email port.
The reason why the connection appears under the mail providers PID I would say the netsat process isn’t smart or detailed enough to identify the originator of the request. My firewall is smart enough to show the originating program using the localhost proxy as are many others.