I added the managed server client to a server we have in our dmz zone. It cannot communicate with the server in our internal network. What ports would I open in the firewall between dmz and internal to allow this communication so I can manage that server with the ADNM.
The basic requirement is that the application server (running avast antivirus) must be able to access the AMS (in DMZ) on ports tcp/16111 (for regular communication) and tcp/5033 (for fetching of the updates)
ok I’ll open those ports. No mail was coming through the smtp server until I stopped the avast services. Does it need this communication in order to allow mail through?
No, it shouldn’t do anything like that. Do you have the “Internet Mail” provider running on the server? It shouldn’t be, it’s not meant for servers (it’s for workstations only).
Thanks
Vlk
yes i believe I do have internet mail provider. I opened the ports it still doesn’t turn the icon green. Mail still doesn’t come through. After a bit avast pops up a dialoge with title “Avast! Connection timeout” then in the body it says “Internet connection timeout elapsed. Continue waiting? (–> 172.16.31.221:25)” and Yes or No.
Just for fyi the 172.16.31.221 is the ip for the internal mail server. This server is 172.16.31.180
What is the best way to remove providers? Re-spin the .msi?
Just disable the provider in the computer group’s properties… (assign a different on-access task)
Of course, this assume the communication between the machine and the AMS does work.
yea doesn’t seem like that communication is happening… crap
Try telnet.
From the machine with managed avast, try
telnet <name_of_AMS_machine> 16111
Do you get a connection error?
ok i had 1611 instead of 16111…
so its nice and green now but still get that connection timeout and no mail goes in or out…
internet mail provider should be gone.
I’m not getting the connection error anymore but still no mail is getting through with all the avast services started on there. I’ll try to narrow down the exact service.
ok its fine until I start the avast mail scanner service…
Why would you start it? It’s part of the “Internet Mail” provider I was talking about previously. It should have a startup type of “Manual”.
BTW is this a mailserver? If so, which MTA are you using?
Thanks
Vlk
Oh ok. I removed the provider i though the associated service would go away. Since that was there I thought it was used for the smtp provider since there is no smtp service from avast.
No, this is simply an smtp relay server that relays to our internal exchange 2003 server.
Even though it was set to manual it used to start when I started the avast antivirus service but I guess since I disabled the provider it won’t do that…
Exactly, the provider is responsible for starting/stopping the service. It shouldn’t start the service if it’s disabled.
BTW so you’re using the IIS SMTP service to do the relaying? Are you using the MS SMTP 2000/2003 avast provider then?
Yes. The providers currently checked for this server are:
Script Blocking
MS SMTP 2003
P2P Shield
Instant messaging
Network Shield
Standard Shield
web shield
Is there a place I can find a clear definition of what each provider protects against and which have an associated service?
The description for each of those is in the avast help file.
Only two of them have a separate service - Internet Mail and WebShield.
Normally, on a server (unless it’s a terminal server), you’d only run the Standard Shield, Network Shield and MS SMTP 2003. The rest is more or less designed to work on workstations (or on terminal servers).
So for my normal servers (not smtp and not exchange servers) I should just use the standard and network shields? That will be sufficeint?
If these are really used just as servers (i.e. you log on to them pretty much only to do some admin stuff), then yes, that should be sufficient.
Yep that’s it… thanks for all your help, two servers down three to go… (not today though).