Jump to content
Ghost

Thunderbird POP3 and SMTP

Recommended Posts

I have gone through my settings for POP3 and SMTP on my KAV installation of 5.0.200 (Workstation) and even made all my settings "High" to try and stop viruses.

 

Unfortunately, anyone can send me viruses via email and Thunderbird downloads then with no problems at all. Same thing if I attach a ZIP-infected virus and send it out to someone. KAV will let it go just fine, even though I have it set to scan all objects and scan POP3 and SMTP.

 

Any thoughts on why this occurs? I'd obviously like to stop it from happening so I don't accidentally propagate virses to people I send emails to.

Share this post


Link to post

May be you use SMTP and POP3 connections over SSL?

Which ports do you use?

Share this post


Link to post

sorry,but i need to check this,

 

did you check box for scaning mail on 25 and 110 ?

and do you have some firewall installed on your system ?

Share this post


Link to post
I don't use software firewalls.

 

popsmtp.png

 

You know i also having the same problem on the suse linux server where virus are allowed through. Hope someone will explain

Share this post


Link to post
You know i also having the same problem on the suse linux server where virus are allowed through. Hope someone will explain

 

Hm,

i must admit that this situation is very strange,so kav

does not process e-mail's at all on your machine ?

 

have you tryed to re-install kav ?

Share this post


Link to post

It's not about reinstalling the software. It's about fixing the flaw in the software. I have installed KAV on various machines with the same result. I can use Outlook, Outlook Express and Thunderbird and every single one of them receive viruses and do NOT catch them on the way in.

 

Most of the time, but not all the time, KAV will successfully scan outbound and stop viruses from leaving my mailbox, but won't scan them on the way in and catch them.

 

It should also be changed. Catching the viruses via the SMTP scanner is less than informative. When you send it and it contains a virus, you (the sender) are not notified that you have just sent out an infected attachment.

 

The creators really need to look into this. I'm not the only one with this problem and I can reproduce it on various machines. This needs to be improved because the POP3 and SMTP capabilities for KAV are simply unacceptable.

Share this post


Link to post

i know this was asked before but are you sure you are not using some encryption for your emails (ala SSL)?

Share this post


Link to post
i know this was asked before but are you sure you are not using some encryption for your emails (ala SSL)?

Yes I am sure. I administer enterprise networks for a living, so many of the mail servers I connect to are ones that I have built for clients. I do not use SSL-based connections for client configurations, period. None of my clients have been interested in that kind of security so I don't implement it in an active state.

 

I can install Windows XP with SP1a, apply all updates, install KAV workstation 5.0.200 and set the security to HIGH, (plus) making sure the SMTP and POP3 boxes are checked for incoming and outgoing, as well as the Outlook ones.

 

I setup a single email account and have it connect to 110 for POP3 and start downloading my email. I'll see viruses come through my attachments because I'll put them there to test it on the target mail server. I open up the ZIP file and see it (the virus) sitting there. I execute the file in the ZIP and KAV detects it. It simply doesn't catch it on the way in to disinfect it. KAV lets it sit in my mailbox which I hate.

 

This happens with Outlook, OE and Thunderbird from my testing so far.

Share this post


Link to post
Same thing if I attach a ZIP-infected virus and send it out to someone.  KAV will let it go just fine, even though I have it set to scan all objects and scan POP3 and SMTP.

How can this happen? KAV should refuse to let the mail program even read an infected file - you should never even get to the point of being able to send the email?

 

Likewise when receiving an infected email KAV should alert and delete it as soon as you try to save it, even if the mail scanner doesn't catch it.

 

I use Thunderbird and Outlook and KAV Pro works fine with both.

 

Click on a message and then press ctrl-U to bring up the message source. See if there is a line "X-Kaspersky: Checked" in the header. If not then KAV didn't see it go by.

 

Perhaps you can do some testing of your setup. Download and use EtherReal to make sure that the POP3 traffic between your client and the POP server is what you think it is. Also, test your "virus" in a file to make sure KAV thinks it really is a virus, then mail it to yourself.

Share this post


Link to post

I get "X-Kaspersky: Checked" in 95% of my emails, but not all of them. Plus I don't see that line in any of the emails that are infected.

 

KAV will also not detect the virus when the ZIP file is accessed. I have to save it somewhere and then manually scan from the context menu in order to have KAV tell me it's infected. NOD32 on the other hand, won't even let me attach it. KAV let's me attach it and send it without warning.

 

When I send a message that's infected and KAV is active, I will also not get "X-Kaspersky: Checked" in the resulting received email.

 

And yes, they are real "viruses", like Nachia, My.Tob, Nimda, etc.

 

I can install and use NOD32 on my system and it will catch every single virus going out of my system and coming into my system, whether it's from Outlook or Thunderbird. If I uninstall it and go back, KAV fails me.

 

Only thing I can think of is that there's some type of conflict because most of my time is spent with my VPN adapter. Then again even when my VPN adapter isn't being used I still have issues with KAV not detecting viruses through POP3 and SMTP.

Share this post


Link to post
I can install and use NOD32 on my system and it will catch every single virus going out of my system and coming into my system, whether it's from Outlook or Thunderbird.  If I uninstall it and go back, KAV fails me.

 

Only thing I can think of is that there's some type of conflict because most of my time is spent with my VPN adapter.  Then again even when my VPN adapter isn't being used I still have issues with KAV not detecting viruses through POP3 and SMTP.

 

The only drawback I found, with NOD32, and thunderbird, is that nod32 does not support, nor understand thunderbird mail archive files. It will spend a long time, trying to scan one, and find nothing, when there are 2 trojans in there, as attachments. KAV personal finds them, though cannot clean them...

 

I guess I have no good way to test KAV's incoming cleaning. I do know that it detected a fake paypal info scam email and deleted it. But earthlink now virus scans email, so I can't send one to myself to test.

 

Don

Share this post


Link to post

I just found a file format that would get a virus past earthlink's scanner, and kav did indeed detect it on the way in, and changed the subject to kav detected: infected.

 

This is thunderbird and kav personal, the most recent trial.

 

I am still torn between this and nod32, as well. NOD's http scanning is clearly ahead of KAV's current pre-beta.

 

I like the hourly updates though, better than I like "heuristics"...

 

Don

Share this post


Link to post

But no, outgoing smtp scanning does not seem to work.

 

After a bunch of tests, I cannot find a single case of outgoing email being scanned by KAV.

 

Of course, NOD32 never scans outgoing email.

Share this post


Link to post

in the latest versions of kav5 outgoing email scanning is disabled by default. also archive scanning (ala zip) is turned off by default for real time protection.

Share this post


Link to post
in the latest versions of kav5 outgoing email scanning is disabled by default. also archive scanning (ala zip) is turned off by default for real time protection.

 

I've got everything set to max.

 

I found the stupid disabled outgoing scanning setting immediately. It has been enabled since the day I installed KAV.

Share this post


Link to post

ok, i have test this on kav pro 5.0.372

 

1. the outgoing smtp scanning was disabled by default, so i turn in on.

2. for the test i used the three files eicar.com, eicar_com.zip and eicarcom2.zip from http://eicar.org/anti_virus_test_file.htm

3. kav outgoing smtp scanning was able to detect and delete all three emails.

4. i used thunderbird as the email client. but i think this is not that importaint since kav should intectept smtp trafic from any email clients.

Share this post


Link to post
ok, i have test this on kav pro 5.0.372

 

1. the outgoing smtp scanning was disabled by default, so i turn in on.

2. for the test i used the three files eicar.com, eicar_com.zip and eicarcom2.zip from http://eicar.org/anti_virus_test_file.htm

3. kav outgoing smtp scanning was able to detect and delete all three emails.

4. i used thunderbird as the email client. but i think this is not that importaint since kav should intectept smtp trafic from any email clients.

 

Are you sure it was the outgoing email scanning, and not the on access scanning, that prevented the sending?

 

I have done the same thing, and never get a hit.

 

Don

Share this post


Link to post

i belive i did my tests correctly (actualy i would say that i am 100% sure) since the reports (kav logs) ware from the email protection... and i also belive that kl support is wrong :)

 

but i am not able to retest it since i am now testing kav2006 .176

 

are you maybe using some other software or system that would interfeer with kav outgoing email protection... for example some other mail filtering system or maybe you use encryption or something like that?

Share this post


Link to post
I just found a file format that would get a virus past earthlink's scanner, and kav did indeed detect it on the way in, and changed the subject to kav detected: infected.

 

This is thunderbird and kav personal, the most recent trial.

 

I am still torn between this and nod32, as well.  NOD's http scanning is clearly ahead of KAV's current pre-beta.

 

I like the hourly updates though, better than I like "heuristics"...

 

Don

I'm currently using NOD32 and it grabs viruses coming in like crazy on my laptop. It really is light on its resources as well. My laptop operates faster than it ever has with KAV.

 

But no, outgoing smtp scanning does not seem to work.

 

After a bunch of tests, I cannot find a single case of outgoing email being scanned by KAV.

 

Of course, NOD32 never scans outgoing email.

NOD32 may not scan outgoing email, but when I try to add an infected file, NOD32 immediately stops me from attaching it or accessing it. KAV does not do this. With NOD32, I can single-click a ZIP file (for instance) and NOD32 will alert me if it's infected. With KAV, I can physically open a ZIP and KAV still won't tell me it's a virus. If I try to open the virus in the ZIP, KAV will finally tell me that it's infected.

 

Answer from support@us.kaspersky.com:

-------- Original Message --------

From: Dmitry Shmerkovich <dmitry.shmerkovich@kaspersky.com>

Subject: RE: Support request. Kaspersky Anti-Virus Personal 5.0.

Date: Wed, 29 Jun 2005 14:37:17 -0400

 

Hi Don,

 

Our Anti-Virus does scan the outgoing messages in Outlook/Outlook Express.

In terms of thunderbird, it will catch viruses that are coming in, but it

won't check outgoing messages. You computer is still going to be fully

protected. Let me know if you have further questions.

Thanks,

Dmitry Shmerkovich

Technical Support Engineer

Kaspersky Lab USA

Yeah...I understand what he wrote, however I am still able to send email viruses out. I can set my KAV protection to HIGH and make a new email message through Thunderbird and then attach the My.Tob virus in a ZIP file and send it out with no problems whatsoever.

 

So how is my computer still "Fully Protected"??? Threats are still being propagated through SMTP, so I don't agree with the above statement.

Share this post


Link to post

I agree with you, that this is not good.

 

I think the tech may be wrong, as well. I think it is supposed to scan all outgoing email, if set to do so.

 

Don

Share this post


Link to post
I agree with you, that this is not good.

 

I think the tech may be wrong, as well.  I think it is supposed to scan all outgoing email, if set to do so.

 

Don

Yeah, I won't disagree with you. It's not that people haven't tried to contribute to the thread with good ideas - they have; and I appreciate that. It's just that KAV isn't responding the way I think it should. I've gone through manual procedures and even taking the recommended ones and just loading up the HIGH settings with POP3 and SMTP boxes checked.

 

I don't understand what's so hard about this - I really don't. And for the people whom it's working great for, that's fine, but it sure isn't working reliably for me.

 

I can install NOD32, Symantec Corporate (ick!), McAfee, etc. and all of them scan my mail just fine. KAV is the only one that isn't. At least take that into the equation. Every AV scanner that I try works from a POP3 and SMTP standpoint, but KAV doesn't work as seamless as I think it should. Nor is it detecting viruses the way it should through Thunderbird. I've had viruses sent to me constantly lately but KAV won't detect them unless I manually save them to disk and then scan them. Makes no sense. Now that you understand that other AV's work so seamlessly, it really wouldn't appear that it's something that I'm "obviously" missing, especially taking into consideration that I've contacted my KAV rep and he couldn't understand either.

 

The equation involved to get KAV to scan ZIP files through email isn't difficult. Have them post it here. I've done it already - it doesn't work for me. So...whats next?

Share this post


Link to post

Corrections: Our anti-virus will scan any outoging and incoming emails. I misunderstood derway..I thought he was talking about our anti-spam product.

 

 

Dmitry

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.