Help! avast with Thunderbird error

[berryracer]

Everytime I open Thunderbird I get this error

I am using GMAIL in my Thunderbirdie

What shall I do?

[Brocke]

just set your security to none on both incoming and outgoing settings in accounts

[funkydude]

Quote:

Originally Posted by Brocke

just set your security to none on both incoming and outgoing settings in accounts

That's the worst idea ever. I can't believe Avast would even suggest this. Horrible.

This is similar to saying please don't use an SSL secure version of your bank because we can't scan the data stream for viruses. Encryption is more important than your AV client scanning data a few milliseconds faster. By disabling encryption you're basically inviting anyone to read any and all of your email in transit to you, as well as be able to man-in-the-middle for whatever purpose.

You're not suddenly going to get infected because you're using a secure connection, the data still needs to land on your hard drive at which point it will be scanned anyway. This really is "security" software removing security from the user...

[Vladimyr]

Quote:

Originally Posted by funkydude

That's the worst idea ever. I can't believe Avast would even suggest this. Horrible.

This is similar to saying please don't use an SSL secure version of your bank because we can't scan the data stream for viruses. Encryption is more important than your AV client scanning data a few milliseconds faster. By disabling encryption you're basically inviting anyone to read any and all of your email in transit to you, as well as be able to man-in-the-middle for whatever purpose.

You're not suddenly going to get infected because you're using a secure connection, the data still needs to land on your hard drive at which point it will be scanned anyway. This really is "security" software removing security from the user...

If I may make a suggestion. Read before you rave.

[Vladimyr]

Quote:

Originally Posted by berryracer

Everytime I open Thunderbird I get this error

I am using GMAIL in my Thunderbirdie

What shall I do?

Brocke is on the right track. Changing Thunderbird SMTP from 'SSL/TLS' to 'None' (I've also changed to port 25 but this may not be necessary any more) will mean that avast! will make the secure connection with GMail and scan messages on the way out (like the message says).

[hamlet]

I am not weighing in on the merits of the two viewpoints expressed above, but if you decide to leave SSL on for your email, there is a setting in Avast's mail shield to simply turn off the detection of such connections. I am not at my computer with Avast at the moment, so I cannot tell you explicitly how to change it, but there is a section in the advanced settings for the mail shield that will let you disable that message.

[Vladimyr]

Quote:

Originally Posted by hamlet

I am not weighing in on the merits of the two viewpoints expressed above, but if you decide to leave SSL on for your email, there is a setting in Avast's mail shield to simply turn off the detection of such connections. I am not at my computer with Avast at the moment, so I cannot tell you explicitly how to change it, but there is a section in the advanced settings for the mail shield that will let you disable that message.

It's a bit like taking the batteries out of a smoke alarm because you don't want be disturbed by any loud noises but yes, it will stop the messages.

[fax]

Quote:

Originally Posted by Vladimyr

Brocke is on the right track. Changing Thunderbird SMTP from 'SSL/TLS' to 'None' (I've also changed to port 25 but this may not be necessary any more) will mean that avast! will make the secure connection with GMail and scan messages on the way out (like the message says).

This will make your e-mails travelling (gmail server --> you and vice versa) in clear text. Any node in-between may be able to sniff the e-mail content. If you don't mind about it then you are fine

[hamlet]

I am asking this because I really don't know. What is the benefit of allowing Avast! to check the email as it flows in (i.e., disabling SSL) versus the option of leaving SSL on and just having the av check the mail when it is opened? Is that even the point of contention in the discussion above? What about sending email? Is there a difference in the merits when it comes to sending?

[berryracer]

Ok now Im confused, shall I ditch avast because of this?

Does NOD32 scan SSL properly or is it not compatible with the new Thundebirds

what would y'all do if you were in my shoes

[Vladimyr]

Quote:

Originally Posted by fax

This will make your e-mails travelling (gmail server --> you and vice versa) in clear text. Any node in-between may be able to sniff the e-mail content. If you don't mind about it then you are fine

No. It makes no difference to the security of the message as it travels. GMail's servers are SSL only! Turning off SSL in Thunderbird (or Live Mail, Outlook Express, etc) without avast! Mail Shield installed will stop you sending or receiving anything.
The difference is where the Secure Socket is established. Allowing avast! to make the SSL connection upstream (IMAP/POP) or downstream (SMTP) of the email client means that avast! Mail Shield negotiates SSL and scans the unsecured stream between the SSL connection and your email client, i.e. in the case of incoming mail, before it even gets to your inbox.

[fax]

Quote:

Originally Posted by berryracer

what would y'all do if you were in my shoes

Keep SSL, e-mail will be screened anyway on-access.

As a matter of principle SSL is there to prevent anything and anybody from being able to make any sense of the data being transmitted with that connection, other than the sending program and the receiving program.

I would not allow any software (not even security related) to workaround this protection and "break" this secure chain (with various methods). Who can ensure that this can be also be profited by malware?

Cheers,
Fax

[fax]

Quote:

Originally Posted by Vladimyr

No. It makes no difference to the security of the message as it travels. GMail's servers are SSL only! Turning off SSL in Thunderbird (or Live Mail, Outlook Express, etc) without avast! Mail Shield installed will stop you sending or receiving anything.
The difference is where the Secure Socket is established. Allowing avast! to make the SSL connection upstream (IMAP/POP) or downstream (SMTP) of the email client means that avast! Mail Shield negotiates SSL and scans the unsecured stream between the SSL connection and your email client, i.e. in the case of incoming mail, before it even gets to your inbox.

Ok, clear. Not using AVAST so didn't know. So I guess AVAST automatically "translate" the message to get it to gmail properly. If that is the case, the settings you are suggesting looks safe

[funkydude]

Quote:

Originally Posted by Vladimyr

No. It makes no difference to the security of the message as it travels. GMail's servers are SSL only! Turning off SSL in Thunderbird (or Live Mail, Outlook Express, etc) without avast! Mail Shield installed will stop you sending or receiving anything.
The difference is where the Secure Socket is established. Allowing avast! to make the SSL connection upstream (IMAP/POP) or downstream (SMTP) of the email client means that avast! Mail Shield negotiates SSL and scans the unsecured stream between the SSL connection and your email client, i.e. in the case of incoming mail, before it even gets to your inbox.

So Avast! is proxying all email? Are you supposed to configure the email security settings in Avast then, or how does it choose which security features to use?

[Cimmerian]

As far as I know, Gmail already scans for malware on it's own servers. Since Thunderbird is accessing them directly, to send or receive, wouldn't that make using an additional av mail scanner a bit redundant? Whether you're sending or receiving email, it goes through Gmail anyway. I think most webmail works pretty much the same, though I'm not 100% certain of that.
I use Thunderbird at home, and access an IMAP Gmail account for my job with that, plus a POP account from Verizon. I've always kept the email scanner off, or excluded when my av at the time would allow.

[TheWindBringeth]

Quote:

Originally Posted by hamlet

I am asking this because I really don't know. What is the benefit of allowing Avast! to check the email as it flows in (i.e., disabling SSL) versus the option of leaving SSL on and just having the av check the mail when it is opened? Is that even the point of contention in the discussion above? What about sending email? Is there a difference in the merits when it comes to sending?

Good question. There are several ways a local AV program could have a look at email:

1) Inserting itself as a proxy between the email client and server
2) Being directly or indirectly called upon by the email client via virus scanning APIs
3) Being triggered by the email client's file system activity

#3 can be problematic unless the email client cooperates by writing emails to disk and then reading them back. IIRC, Thunderbird has a setting related to this. Other email clients may not and there are likely some that don't assure file system activity before processing incoming or sending outgoing

#2 can be problematic unless the email client uses a well known API to call upon registered scanners or the AV program is aware of your email client's special approach to that. There are surely some email clients which don't attempt to call upon an AV and which AV programs don't or can't hook themselves into.

#1, at least when it is forced by lower level redirection to a local proxy, can grab traffic without the email client's cooperation and in that sense has an advantage I think. Such redirection causes problems for some firewalls/OS combos (the Comodo Firewall/Windows7, etc scenarios) though. With Avast Mail Shield you don't configure Avast to use specific login credentials; it expects them to be passed in the clear by the email client. You don't want login credentials to leave your machine in the clear and touch an untrusted network. So you have to be careful about configuring and enabling/disabling things. If your email client is configured to pass things in the clear and for whatever reason Avast doesn't translate things to a secure connection or block the connection attempt, you will leak those credentials and then have to change them immediately. If you rely upon Avast to scan your email in this way you should carefully check its mail related settings and also test its strength in terms of handling secure connections properly. There are certificate related checks, warnings, etc that are part of establishing a secure connection.

[hamlet]

Thanks for the info Wind. So, if I or any other user don't have super computer knowledge to check the things you talk about in item #1, are we fine in just leaving SSL on, turning off the Avast! popup warning about SSL connections, and relying on our ISP's email scan (Yahoo/Norton in my case) and Avast!'s file scanner to protect against malicious emails and attachments? I am a pretty safe user and when Avast! works on my computer (not much lately) I use this setup.

I do appreciate all the knowledge and advice that flows through this forum!

[TheWindBringeth]

IMO the user has to double check their email server settings no matter what. Some software has autoconfiguration support, but that can result in settings that aren't quite right. So anyone who isn't comfortable checking those settings in Thunderbird or Avast should do some reading, etc to become comfortable and/or have someone go over that with them.

As for the certificate checks, one thing you can do is compare what if any certificate warnings Thunderbird gives you to what if any certificate warnings Mailshield gives you. There shouldn't be any certificate issues to begin with and thus you shouldn't get any warnings from either. However, email server certificate issues can occur and I have in the past heard of Avast not catching some. Perhaps it has been improved <shrug>.

I don't know how fine you would be Hamlet, because 1) I don't know how tightly configured, up to date, etc your provider's email scanner is (relative to Avast's), and 2) I've never tried to get to the bottom of Avast email protection when using Thunderbird with and without MailShield in the path. I'd want to review Thunderbird's behavior WRT #1 and #2 #2 and #3 above and see if there are any Avast side issues before bypassing MailShield.

I'm inclined to think such a bypass would be OK for incoming if you enable Security->Anti-Virus->Allow anti-virus clients to quarantine individual incoming messages, check View->Message Body As->Plaintext, and uncheck View->Display Attachments Inline. I don't recall ever reading that Thunderbird will write a message to disk and read it back prior to sending it. Attachments should be opened and scanned when they are inserted, so if you only send plain text and don't send the EICAR test string, I suspect outgoing should be OK too. However, again, I'd want to do some homework before counting on that.

[0strodamus]

Quote:

Originally Posted by berryracer

Ok now Im confused, shall I ditch avast because of this?

Does NOD32 scan SSL properly or is it not compatible with the new Thundebirds

what would y'all do if you were in my shoes

No, you shouldn't ditch Avast because of this. Do what Avast is telling you if you want to use the email scanning feature.

Neither NOD32 or any other AV is going to be able to scan SSL because the data is encrypted.

[Marcos]

Quote:

Originally Posted by 0strodamus

Neither NOD32 or any other AV is going to be able to scan SSL because the data is encrypted.

This is not true, ESET can scan SSL communication provided that the feature is enabled and the client accepts the root certificate.

[berryracer]

Quote:

Originally Posted by Marcos

This is not true, ESET can scan SSL communication provided that the feature is enabled and the client accepts the root certificate.

how can I do that? can you please provide me with step by step instructions I am a n00bie to this

[Marcos]

Quote:

Originally Posted by berryracer

how can I do that? can you please provide me with step by step instructions I am a n00bie to this

For instructions for enabling SSL scanning, refer to this KB article. Should you need further assistance, feel free to make a post in the ESET forum here at Wilders' or contact Customer care.

[0strodamus]

Can someone explain how the ESET method is any different from the AVAST instructions as pictured in the original post? I didn't think encrypted files or, in this case, network packets could be scanned for viruses. The AVAST prompt confirms this. I'm confused.

[Vladimyr]

Quote:

Originally Posted by 0strodamus

Can someone explain how the ESET method is any different from the AVAST instructions as pictured in the original post? I didn't think encrypted files or, in this case, network packets could be scanned for viruses. The AVAST prompt confirms this. I'm confused.

The ESET method is exactly the same as AVAST.

There are differences only in the way interception & scanning of SSL traffic is invoked.
With ESET, settings are made by the user. (POP only)
With AVAST, settings are configured automatically (and can be adjusted manually if necessary) when SSL is turned off in the email client. (POP & IMAP)

As I wrote earlier (now amended to include ESET)

Quote:

Originally Posted by Vladimyr

No. It makes no difference to the security of the message as it travels. GMail's servers are SSL only! Turning off SSL in Thunderbird (or Live Mail, Outlook Express, etc) without avast! Mail Shield installed will stop you sending or receiving anything.
The difference is where the Secure Socket is established. Allowing avast! (IMAP/POP) or ESET (POP) to make the SSL connection upstream or downstream (SMTP) of the email client means that AVAST/ESET negotiates SSL and scans the unsecured stream between the SSL connection and your email client, i.e. in the case of incoming mail, before it even gets to your inbox.

[TheWindBringeth]

Then what was Marcos referring to when he said:

Quote:

Originally Posted by Marcos

This is not true, ESET can scan SSL communication provided that the feature is enabled and the client accepts the root certificate.

The bold part makes it sound as though ESET uses the certificate trick to MITM the SSL connection between client and server.