Why AvAST think Shareaza Sends mails? Is It the P2P Shield?

Avast Free Antivirus / Premium Security
1

Since I upgraded to the latest version (4.5.523) AVAST keeps showing the scaning (as if it scans for mail) every 5 min.
The icon won’t response to a rightqleft click.
The yellow tip baloon shows IP addresses.
I guess it connects to the net for something… Update maybe?
What is it?
How can I stop it?

Pic attached. Look at the red circle.

2

Here’s the file…
No mail client, messeging nothing…
Only IE.

3

It must be a local process sending or receiving email, really. Let’s see which one it is, maybe it will be an interesting discovery.

First, turn on verbose logging for the Mail Scanner. To do this, add the following line to the [MailScanner] section of \data\avast4.ini file:

Log=20

Then restart the Internet Mail provider.

Next, wait for the icon to reappear (i.e. wait for the connection to be made). Finally, go to \data\log, open the file aswMaiSv.log, and find a line with something like

–POP command REDIRECT

followed by some numbers. The last number on the line is the PID (Process ID) of the process that’s making the connection. Use the Processes tab of the Task Manager to find out which process corresponds to this PID (enable the PID column first by using the View → Select Columns command).

Hope this helps,
Vlk

4

Done it.
Found out it’s mt P2P software - Shareaza.
How come? Shareaza doesn’t use pop/smtp service in order to work…

5

Looks like Avast has a bug that when programs are using port 25, it thinks that it’s sending E-mails, even when it’s not sending E-mails. That’s the same type of problem ZoneAlarm has.

6

port 25 is assigned for use with SMTP.

I would say applications that are trying to use this port for other things are the “bugged” ones since they do not comply to international standards.

7

Well… I’ve read the FAQ and I must really say I’m surprised. Random port numbers, why not, but haven’t these guys ever heard about system (<1024) versus regular ports?

In linux, and most other Unix’es as far as I know, only root can listen to ports < 1024.

Allowing ShareaZa to listen on those ports is IMO a very bad design… :frowning:

Anyway, let’s see what we can do.

Cheers
Vlk

8

an in my opinion a very clear RFC violation >:(

hmm, as many ISP’s block port 25 for their users (except to access ISP mail server) ot might not be a good idea to use it

br
Peter