Can NOD32 Beta4 Protect ssl secured pop2 email

Discussion in 'NOD32 Early v2 Beta' started by sean200, Apr 28, 2003.

Thread Status:
Not open for further replies.
  1. sean200

    sean200 Guest

    My email provider uses SSL encryption to protect both incomming and out going email usinf port 995, can NOD32 still scans this with the email scanner
     
  2. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi,

    sorry, this is not possible. :)

    Cheers,

    jan
     
  3. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    ...i suppose because SSL encryption is a matter between your mail client and the server, in other words all information that leaves the client (and passes the port you mentioned) is encrypted and will get decrypted only in the server application - and vice versa, so any scanner in between can only access an encrypted ciphertext stream...

    So, it's not a weakness specific to any particular scanner...

    (The only workaround would be to insert your scanner as an SSL "man-in-the-middle", i.e. your mailclient would communicate with the scanner via SSL and the scanner would communicate with the server - but then the SSL certificates that server and client use are not transparent (Proxomitron offers to function in this way using a third-party library for SSL https).)

    CU,
    Andreas
     
Thread Status:
Not open for further replies.