AVG Personal Email Scanner

[bozzzza]

Not for the first time today I am a bit confused!

I am using the AVG Personal Email Scanner with Thunderbird.

I understand the AVG listens on port 10110 and 10025 for pop3 and smtp
mail.

How come I don't need to change Thunderbird to use port 10110 and
10025?

It's still set on 110 and 25.

How does AVG intercept the email traffic when it is not even listening
on port 110 or 25?

 

[James Egan]

How come I don't need to change Thunderbird to use port 10110 and
10025?

It's still set on 110 and 25.

Did you remember to change the mail server ip address in Thunderbird
to localhost (or 127.0.0.1)?

Sounds like you are bypassing the anti-virus software and going
straight to your ISP's mailservers


Jim.

 

[bozzzza]

On 7 Jun 2005 13:45:41 -0700, (e-mail address removed) wrote:

SNIP
Did you remember to change the mail server ip address in Thunderbird
to localhost (or 127.0.0.1)?

Sounds like you are bypassing the anti-virus software and going
straight to your ISP's mailservers

That's why I am confused, I have done none of that and it works!

I don't understand why?

 

[James Egan]

That's why I am confused, I have done none of that and it works!

I don't understand why?

I'm not an AVG user so I don't know what changes to your configuration
the installation program makes but generally speaking if you were
doing it all manually, you would change your email client settings so
the pop server is "localhost" or 127.0.0.1 on port (say) 10110. Then
set up your email scanner to listen on port 10110 for connections and
also configure it with your ISP's mailserver details. Then when you
check for mail, the mail client, on seeing that the mailserver is on
the same pc (localhost) passes the request onto the email scanner
which then collects the mail from your ISP, filters it in accordance
with whatever settings you have, and passes it on to the email client.

So if your email client still has settings for your ISP then you are
simply bypassing the email scanner and connecting to your ISP as you
were before the email scanner was installed.


Jim.

 

[Spacen Jasset]

Not for the first time today I am a bit confused!

I am using the AVG Personal Email Scanner with Thunderbird.

I understand the AVG listens on port 10110 and 10025 for pop3 and smtp
mail.

How come I don't need to change Thunderbird to use port 10110 and
10025?

It's still set on 110 and 25.

How does AVG intercept the email traffic when it is not even listening
on port 110 or 25?

I haven't looked the the latest incarnation of avg, but some av products
use the Layered Service Provider to filter traffic on given ports.

 

[Sam]

Spacen Jasset said ...

I haven't looked the the latest incarnation of avg, but some av products
use the Layered Service Provider to filter traffic on given ports.

Was using AVG recently and also thought it surprising that I didn't have
to reconfigure my email client as I used to have to do with AVG6.
However, AVG was clearly intercepting email downloads and checking them
for viruses because when there was a virus present (I set this up my
emailing myself a copy of eicar.zip) AVG found it in the email and also
modified the email header. Of course NAV also manages to do this so
it's nothing new as far as I can see. EZ Antivirus also does this. It
makes life a lot easier.

 

[bozzzza]

SNIP


So if your email client still has settings for your ISP then you are
simply bypassing the email scanner and connecting to your ISP as you
were before the email scanner was installed.


Jim.

Yes I have done things like that in the past for other AV S/W.

I know its working because I ran the telnet command:-

telnet myispmailserver.com 110

Instead of getting the isp mail server I got the AVG Proxy server, and
I got a popup window by the system tray telling me that the AVG scanner
was connected to my ISP's mail server!

I wonder how they do this?

 

[bozzzza]

Ok thanks, I will have a look and get more info on the Layered Service
Provider.

 

[kurt wismer]

That's why I am confused, I have done none of that and it works!

I don't understand why?

at a guess, you've just discovered why email scanning is redundant -
avg's on-access scanner may be picking up the incoming malware without
help from the email scanner...

 

[James Egan]

at a guess, you've just discovered why email scanning is redundant -
avg's on-access scanner may be picking up the incoming malware without
help from the email scanner...

It appears that the email scanner is in use and automatically
intercepting requests by LSP from the email client without needing to
know the (unchanged) email client configuration. Whether it only works
for ports 25 and 110 without some additional configuration, I don't
know.


Jim.

 

[Norman L. DeForest]

I haven't looked the the latest incarnation of avg, but some av products
use the Layered Service Provider to filter traffic on given ports.

Just out of curiosity, does AVG also monitor IMAP sessions?

IMAP seems to be less prone to problems than POP3 when users' inboxes are
over-quota (With POP3: "Help! I keep on getting the same email over and
over again.") so setting up Thunderbird to use IMAP instead of POP3 is
recommended by my ISP (ie. me, since I'm a user-support volunteer here).

IMAP seems much more capable of properly deleting messages from the users'
inboxes when they are over-quota. The users can also view the headers of
messages and delete large ones they don't want without having to download
the entire messages.

However, if AVG (or other antivirus software) can't monitor IMAP sessions,
I would need to know of an alternate way for users to get their email
scanned when they use IMAP.

(*Most* worms or viruses are detected and removed by my ISP's antivirus
filter (and legitimate attachments with legitimate executables are also
"disinfected" by the paranoid filter) so mail scanning is not a really
great priority but I have had a couple of new worms sneak through the
filter and land in my inbox in the past.)