How does Norton/Trend scan transparently

[warder]

Hi,

Recent (well the last 3 years) anti-virus tools now transparently
intercept your emails and scan them somehow without changing your mail
application options.

I.e. they intercept port 110/25 connections and scan inbound and
outbound inline.

How is this done? (i.e. I'm after Win32 API hints etc)

Also how do they hook into the file loading mechanism in windows and
intercept that too?

Unusually for me, I can't find anything just by googling, so I'm either
not using the right 'terms', or it's not out there.

Thanks!

 

[Willie Nickels]

Hi,

Recent (well the last 3 years) anti-virus tools now transparently
intercept your emails and scan them somehow without changing your mail
application options.

I.e. they intercept port 110/25 connections and scan inbound and
outbound inline.

How is this done? (i.e. I'm after Win32 API hints etc)

Also how do they hook into the file loading mechanism in windows and
intercept that too?

Unusually for me, I can't find anything just by googling, so I'm either
not using the right 'terms', or it's not out there.

Thanks!

I thought they set up a proxy server on another port, where mail is
scanned coming and going.

 

[Roger Wilco]

I thought they set up a proxy server on another port, where mail is
scanned coming and going.

That requires an optional setting like "use a proxy server" and reassigning ports so that the e-mail
client takes in from and sends out to a loopback address and the reassigned ports. The OP may
be referring to the firewall-like inspection of data being put through the normal e-mail ports. I
don't know how it is done but I suspect it is like a specialized firewall packet inspection for just
those ports.