Jetico + Kaspersky email issues

Hi,

I have Kaspersky Personal Pro 5.0, with realtime email (POP3) protection enabled. I am using Jetico 1.0.1.58 firewall. It seems that Kaspersky somehow hijacks the TCP connection of my Thunderbird email client, to scan the content. The method used by Kaspersky is conflicting with Jetico, because Jetico is unable to identify the application doing the communication. This results in blocking the POP3 connection in the firewall. Is anybody using Jetico + Kaspersky + POP3? Is there some tricky setting to resolve the issue? Well, except disabling the email protection in Kaspersky.

-hojtsy-

 

KAV sets up a proxy that listens on ports 1110 and 1125. When I was using Jetico, I gave KAV rights to communicate with ports 110 and 25 TCP outbound and mail went just fine. Try making a rule that treats KAV as a mail client.

 

The component doing this mail proxy stuff seems to be kavmm.exe, just because it keeps the 1125 and 1110 listening ports open. I have already given this application rights to open whatever TCP conncetions. (including mail client connections) But it does not help. My log show blocked outgoing packets (to remote port 110) with the IP rule "Block All not processed IP packets". The blocked packets are sent from source port 1359, and Jetico does not know who uses this port: it is not displayed as open in the Applications tab during these errors. No learing popups are displayed, and I don't have any other rule to block this communication: if I would have it would appear in the log. My mail client keeps open local port 1358, trying to communicate with same remote 110. It seems that KAV modifies the packet content on the fly and increases local port number in it. This makes Jetico go crazy.

-hojtsy-

 

I know you do not want to disable Kav's mail protection, but if your mail provider scans the mail, and many do now, turning mail scan off is a reasonable option. My present and former ISP's scan mail and I have not seen an infected email in about three years.

Giving KAV a response of mail client table, ftp client table and browser table allowed it to work for me. You may have rules that are too restrictive. Just try the Jetico pre made rules and see what happens.

 

i also met this problem today. kav pro 5.0.327 + jetico 1.0.0.60

here are my rules, which work on my system.
Action:accept
Log: disabled
Protocol: TCP/IP
direction: outbound
application: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
local address: any
remote address: any
local port: any
remote port: 110

Action: accept
Log: disabled
Protocal: TCP/IP
direction: outbound connection
application: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
local address: any
remote address:127.0.0.1
local port: 1024:5000
remote port: 1024:5000

ps: i don't let kav scan out-going mails.

 

IMHO this rule should be set to INBOUND(?). Kav email scanner is listening on this ports range!

 

yes, it is inbound.