gmail

Discussion in 'NOD32 version 2 Forum' started by quicko, Jan 14, 2005.

Thread Status:
Not open for further replies.
  1. quicko

    quicko Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    32
    Does anybody know if the the new version of NOD32's IMON will protect against viruses using SSL port 995 for the POP3?
    Thanks to u all.
     
  2. .....

    ..... Guest

    SSL cannot be scanned, due to encyrption.
     
  3. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi,

    why NOD32 don't use openssl library to decrypt on-the-fly the incoming encrypted Emails over the SSL POP3 or SSL IMAP protocol?

    Or is that impossible?

    thx and best regards,

    iNsuRRecTiON
     
  4. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    If SSL allowed the e-mail to be decrypted by an outside application, then that would violate one of the basic motivations for encryption... to make sure that no outsider can read the contents. If this were possible, then SSL would fail its function of protecting data.

    Think about it. If NOD32 could decrypt SSL, then what is to stop spyware from doing the same?
     
  5. tuatara

    tuatara Registered Member

    Joined:
    Apr 7, 2004
    Posts:
    772
    If your emailclient can do SSL , why should it not be possible to
    let NOD32 work as an SSL emailclient? and later on give the decrypted data
    over to the (real) emailclient via the POP protocol. (or even new SSL connection)?

    So, yes it can be done!

    :>)
     
  6. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    No it can't be.
    SSL is an encryption protocol which enables only two point communication (sender-reciever). If you put NOD32 IMON between sender and reciever you break the chain (sender-IMON-reciever). Thats the same like intercepting someone else SSL connection and decrypting it on-the-fly while he is downloading his/her mail over SSL. Where would be point in that?
    So no,it can't be done without breaking the chain.
     
  7. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It is theoretically possible only with MS Outlook and EMON installed which would pass received email in a decrypted form via MAPI to EMON.
     
  8. iNsuRRecTioN

    iNsuRRecTioN Registered Member

    Joined:
    Sep 5, 2003
    Posts:
    303
    Location:
    Germany
    Hi,

    ok I see, it is only possible if IMON is modified in that way, that he function as an email client and you can enter your email data and port, username, password and so on, all from the email app into IMON and then IMON can recieve that emails decrypt them, scan them and save the emails in the email app format and dir ;-)

    But so you don't need a email app anymore, or only for viewing emails.

    Then IMON is near to an complete and real email application ^^ (Email app with integrated Virusscanner, sounds cool, a new product..*gg*)

    thx and best regards,

    iNsuRRecTiON
     
Thread Status:
Not open for further replies.