Has AVG been misdirected and is monitoring wrong E-mail ports?

Discussion in 'other firewalls' started by harshale, Jul 27, 2004.

Thread Status:
Not open for further replies.
  1. harshale

    harshale Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    11
    Location:
    Marin County, Calif.
    Greetings to all at Wilders Security Forums,

    First off, I'll list the info that could be relevant in resolving my problem.: OS = 98SE, I.E. ver.6.0, Outlook Express ver. 6.0, ZoneAlarm firewall (free), SpyBot S&D(free), Spyware Blaster, Ad Aware, Cookie Manager, Pest Scan, RegSupreme (trial), Registry Tuneup (trial), Registry Pruner, HiJack This, CW Shredder, and AVG (free).

    I installed AVG sometime around mid-July and it really impressed me. Actually I had no experience to compare it to (I had never before had any "full-time" anti-virus software installed and just relied on periodic scans by McAfee, Panda, Housecalls,... etc. for protection) but AVG was so easy to in-stall and use that I felt it hard for anything else to out-perform it. I was surprised at the number of virii that it detected in incoming mail and put in the vault in just the first few hours.

    Not content to leave well enough alone and having too much free-time, I decided to try the Kerio firewall, I did a /clean uninstall of ZoneAlarm and installed Kerio, everything seemed to be fine, Kerio was doing it's stuff and looking good, AVG was putting it's certification note on all the imcoming and outgoing e-mail and sticking virii in the vault. Great !!, for a couple of hours, then something went really wrong and the blue screens started ( I hadn't had a blue screen in years). It was out of control. From that point on it was like dealing with a barrelful of Medusas in a room full of Hydras. I finally had to shut it down by means of the power switch.

    I restarted in DOS, ran Scandisk thorough, and got into Safe-Mode,...did the step by step confirmation,... MSconfig,...selective... etc.... the whole drill. Finally, I was back up and operating. No firewall though, Kerio was just showing a flat line....uninstalled Kerio and reinstalled ZoneAlarm, at least I was familiar with it. AVG had become corrupted somewhere along the way, so I uninstalled and reinstalled AVG. Somewhere in this chaos I had a dialogue panel on screen which had 2 slots (along with a lot of other stuff which I never got to), one of these slots indicated that my outgoing mail (SMTP) port had been changed to 5000, the other slot indicated that my incoming mail (POP3) port had been changed to 5001.. It was "stated" in the following way: 25 -> 5000 New, in 1 slot and 110 -> 5001 New in the 2nd slot. Knowing that the proper ports for OE were 25 and 110, I went to OE >Tools > Accounts,...etc and things were a mess. The incoming mail server had something like: 127.000.0 instead of; POP.pacbell.yahoo.com and the outgoing also had a 127.something instead of; SMTP.pacbell.yahoo.com. I got OE straightened out with the proper addresses and ports and then went back to the panel with the port changes shown, at the bottom of the panel was a "Modify" button, I selected one of the slots, hit Modify and reversed the order of it so it now said; 5000 -> 25 New, made the appropriate modification to the 2nd slot and then started to look at the rest of the panel contents to see what it was all about, at that instant the panel disappeared, never to be seen again.
    So, the situation at that point is, I've got a fresh and operational ZoneAlarm firewall, a fresh and operational (I thought) AVG, and OE is back to a proper configuration. Everything is functioning, I'm accessing and surfing the internet, e-mail is coming and going, everything seems right. It was a few days later that I realized that whenever I looked in the AVG Vault it was always empty, but I figured that nothing carrying a virus had come in. It was then that I noticed also that my incoming was not carrying the AVG "confirmation" note at the bottom of the mail. I went to Deleted Items and saw that none of the incoming since the fresh AVG installation had the confirmation on it. A look at the contents of Sent Items revealed the same thing. I checked in AVG and made sure that Confirmation Notice was enabled for both in and out e-mail. About that time in comes that bogus MS look-a-like "Security Update" thing which I know is carrying a virus because AVG had impounded one the last time it had arrived. So as soon as I saw it in the Inbox I went to the AVG Vault...no virus...obviously AVG is no longer screening my E-mail.
    So. hoping it was just a faulty AVG install, I uninstalled and reinstalled AVG, still no e-mail screening. I tried to find the mysterious panel that had disappeared (I had assumed it was part of AVG) but since it's no where to be found, it must have been part of Kerio.
    I thought I'd been invaded by something so I've run McAfee, Panda, Housecall, PestScan, and probably more. Everyone of them says my system is clean.
    SpyBot S&D, Spyware Blaster, Ad Aware, etc all report nothing. ShieldsUp gives me 100% on the All Service Ports scan.
    I have conjured up one possible explanation for the failure of AVG to screen my e-mail. Assume for the purpose of this discussion; The mystery panel belonged to Kerio, I had modified the port values to what they should be, but I never got to the point of hitting "Apply" or "OK" (which would "set" my modifications before the panel disappeared), thus leaving the ports being monitored by AVG as 5000 and 5001. Accepting that premise, forces the conclusion that the Kerio uninstall have not been "clean". Well, I know that to be a fact, in that after the uninstall of Kerio I had done a "Find > Files and Folders > Named...etc." and there were a number of Kerio items left to be removed manually. The same held true for AVG, there were remnants of it left after each uninstall. ZoneAlarm was the same but I found that you can add a "/clean" switch to the ZoneAlarm uninstaller target address which gives a clean uninstall. A couple of days after the Kerio uninstall and the manual removal of it's left-behind remnants, I ran across some Kerio stuff in the registry while I was mucking about in there, I removed them.
    Back to my point; each new install of AVG has been a good one and AVG is OK. But some un-uninstalled Kerio configuration files or registry entry(s) which both the uninstaller and I have missed are still there; and making it appear to AVG that the e-mail ports are 5000 and 5001. This scenario would have the fresh AVG watching ports 5000 and 5001 while the mail traffic is on ports 25 and 110. Not inconceivable, because my Find > Files and Folders searches are limited to what I know of Kerio file names . Next to nothing. Who knows what the Kerio e-mail port designation files are named,? or where they are at? I don't. They may be in the registry and named Kerio, but Find > Files and Folders...etc. ain't gonna find them there. And while I may have stumbled across a couple of Kerio registry entries, I can't be certain that I found them all. Am I on to something or should I talk to a shrink?
    So, I'm operational across the board, firewall is doing it's thing properly, everything is OK, except AVG, it is doing it's scheduled system scans, etc, the AVG Control Panel says everything is A-OK including the e-mail checking, but in reality it isn't doing the e-mail task.

    Well, there it is, hopefully someone can provide some meaningful advice or help. Thanks for your time and patience.
    Harshale
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi harshale,

    I do have to move your post out of the Test forum, but wondering where it will get the best attention. From what you've written, it sounds like everything was working smoothly until you installed Kerio, and even after Kerio's removal, things are not running the way they were prior. This sounds more like a firewall install/uninstall issue, so I'll move your thread over into the Other Firewall's forum.

    Regards,

    snap
     
  3. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Hi harshale

    I run AVG 7 Pro on my computer and it is scanning both my incoming and outgoing mail. I understand from your post you are concerned about ports 5000 etc with reference to OE (these are correct and do not be alarmed by them)

    This is actually the 'personal' e-mail scanner function within AVG which is set up a little different from other AV's. I use Outlook so my ports are configured 5200 / 5201 etc I manually configured these for AVG in order to activate the personal e-mail scanner 127.0.0.1 5200 etc I understand that this is now completed by a wizard and is more automated than having to change each port and server manually (it was tedious as I was new to this process)

    When your mail arrives with you it will have gone through the PE scanner and if there happens to be a virus in an attachment etc this will be removed and quarantined *before* it arrives in your inbox. In order to do this it has to go through these AVG ports and not the normal direct to your inbox ports. Personally I like this reassurance but still am cautious and scan any attachments again. I have never had a virus to let me see how it actually deals with this but a friend had and he received the e-mail but in the body AVG told him that a virus had been removed in the PE scanner.

    I hope I have understood your dilemma correctly and if so rest assured AVG does use alternative ports and the mail.xxx.xxx is removed and replaced by the various number depending on how many e-mail accounts you have. If you watch your task bar as mail is arriving you will noted the little AVG icon spinning round - this is the pre-scan of your mail prior to reaching your inbox.

    Please post back if you need clarification or if I have misunderstood your post. I do not think the blue screen is related to AVG as I have been running it for approx 1yr without any blue screens.

    HTH
     
  4. harshale

    harshale Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    11
    Location:
    Marin County, Calif.
    Greetings to you, Robyn

    You have hit it right on the head. This is one more example of "a little bit of knowledge is a dangerous thing"....I knew just enough about OE to get alarmed about the port designations and mail server addresses, knowing not a thing about how AVG worked, I let that "alarm" get me started on a course of "corrective" action which has put me in the jack-pot I now find myself in.

    Now the question is; what's to be done in order by way of getting things back to what they should be? Fortunately, I am safe and secure in terms of firewall, operational in terms of e-mail being sent and received, all is well except the automatic AVG scanning for and removal of virii.

    My first thought is; uninstall and re-install AVG. This I intend to do, a fresh installation of AVG should "set anew" the port designations and other settings which I have messed up with my little bit of knowledge. But first, let me run a few things by you which come to mind; 1- I'm not sure, but I think I have un-installed and re-installed AVG since I got back up and operational. If so, I would think that the fresh installation would "re-write or over-write" the settings which I had mistakenly "corrected". It's no problem doing another AVG installation, but that brings to mind a point I made in my original post. A totally clean uninstall does not seem to happen, with ZoneAlarm I got a full and clean uninstall only after a rt. click on "Uninstall ZA", this brings up a menu which includes "Properties", ckicking on Properties brings up the uninstaller panel, the "Target Address" is in Quotes, outside the quotes I; hit the space bar, then add /clean That gives a full uninstall of ZA.

    I just went to "Uninstall AVG" and ran that routine, the Target address displayed is in quotes and then there is a "space/uninstall" outside the quotes. It is very tempting to add a "/clean" to that.

    I propose; Do an uninstall as it stands and then reinstall AVG. If I then find my OE ports, etc. properly set for AVG and my mail traffic is being auto-scanned, Great!!!...if not, then do another uninstall but after adding the /clean to the target address. What is there to lose?...perhaps control again, but I've been there and can deal with it. This I suppose, is the question I put to you, if you have the time and patience to look into it.

    From here on the questions could be just a cut above "mere curiousity". I seem to recall at some point in the process of installing Kerio, but before the actual execution, being made aware that if I intended using AVG, it must be installed prior to the Kerio installation....my thought at that point was "Fine, AVG is already installed", and moved on with the process. The "mystery panel" that came up; I should have considered as being "Informational" and left alone. But my little bit of knowledge had me making the "corrections" that proved fatal and started the blue screen chaos. I'll not make that mistake again.

    Actually I'm very happy with ZA, it does a great job as a firewall, but while Kerio was running it really looked great, so if I can get AVG reinstalled properly again I am tempted to go for another installation of Kerio. I know it's probably stupid to make a change for the simple reason that it "looks great", but there also seems to be a tie-in between AVG and Kerio software, so why not go to a set-up where the software producers are "linked"? Further as I said in my original post, "having too much free time", doing the change would fill some of that time and perhaps put me on another adventure. When you are 72, adventures are rare, all of mine these days on on this machine.

    Well, I've probably taken more of your time than I should so I'll cut you loose and hope for some commentary and advice' from you in particular' and also from anyone else on the forum who cares to hop on this ride.

    My thanks to you and my thanks to snapdragin for getting my post in the proper spot, and to Wilders Security, Thanks for being there and keep on doing what you all have been doing so very well for so very long.

    Sincerely, Harshale

    Odd, I did not receive an e-mail notification of the replys to my post and I do have "Instant email notification" up in my Notification Type slot. Another adventure?...Why not?

    Update on all this; It's some 6 or 8 hours later, I did a normal uninstall, but before I did, I ran a Find> Files & Folders > Named > AVG Grisoft. That brought up 64 items (some of them were just short-cuts, etc.) I wrote down every last one. Then I hit WE and located all of them, just to get a look at them and their size etc. Closed WE down and did the standard uninstall, after it was complete, I did the Find > Files and Folders, etc. again. 22 items showed up, obviously not a full and proper uninstall, I manually got rid of all of them. I then did a fresh down load and install, it aborted at about 90%, I did another Find > Files etc. The aborted install had only managed to stick an icon file in Temp Internet/IE5 Content, etc. I got rid of that. Cleared away the executable from the desktop and started anew, another download, another registration number (it's always the same) and did a new install. It ran thru to completion. Once installed the wizard says it's going to take me thru three steps, the 2nd being the creation of an AVG Recovery Disk, it further states you can hit "Skip It" on any one of the 3 steps and do it later. I hit proceed, it did step 1 and never offered step 2 . The only time it ever offered 2 was on the initial installation way back when?...every installation since then, the wizard has skipped 2 by itself. I sent out a test e-mail and then checked the content in Sent Items, the Virus Free confirmation was not there,...I went to OE and checked the configurations, they were still the standard OE settings....the wizard had not made the required amendments to OE. As I see it, I now have 3 options; 1st - Live with it and forego the E-mail monitoring. 2nd - Try the "/clean" uninstall and run the whole gamut again.
    3rd - Do an uninstall and download the full 30 day trial version and see if that will do the job as it should be done. I don't like that approach because I feel like I'm misrepresenting myself as being a potential purchaser when I'm not. It's a simple matter of economics...the money ain't there, and it ain't gonna be there in 30 or 60 or 90 days....Like I say "you can't spend what you ain't got....etc." However I assume I would have access to AVG support during that 30 day period and with that support, get to the core of this thing.
    I just took a moment to do a Find > Files etc. and this time it shows 50 items.
    I'd be interested in any thoughts you may have. Harshale
     
    Last edited: Jul 29, 2004
  5. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Hello again

    Apologies for only getting back to your post now but I have been trying to fix a few thing on my laptop (which also required me going out for a very strong cup of coffee this morning ;) )

    First of all AVG will be 'attending' to your e-mails and the only difference is that AVG will intercept any virus when you actually attempt to open the e-mail and not in its own little personal scanner which is configured to the various ports 5100 etc

    It is possible to 'manually configure these ports as this is the way I set mine up but it can be daunting at first (once you configure one it seems to be easier) It does require you changing the POP3 port in you OE configs and also going to the e-mail scanner with in AVG and selecting the OE plugin and then - use PE scanner - properties. You will then be able to 'Add' your various accounts and AVG should allocate the first port as it was before.

    I had a few trials and errors but in the end was able to configure the ports in AVG and in my Outlook settings and do have the certified note on my incoming and outgoing mail. One thing to note here I was just using OE on my laptop and only see the certified report on my incoming mail even though I have is configured both ways. I do know that it does go through the PE scanner.

    If you click on the server tab - select Fixed Host and this is were you add your ISP mail.xx.xx or whatever is allocated in your OE ports just now. The server type will be the local port 5100 and each time you add an account AVG will add the port number.
    After you have done this you will then have to change the corresponding ports within your OE accounts and take out your ISP defined replacing with 5100 etc do this for each account.

    On the configuration tab you will see the stamp verification which should appear when the mail is received (I have stamps both ways with Outlook) You may find a little spinning and rejection to log in at first but I can assure you that once it is configured it does work.

    If I want to do a clean install I uninstall the program and then power down my computer, when I boot again I find any files/folders belonging to AVG/Grisoft and delete - I then run my registry cleaner - fix anything found - reboot and then do a string search in the registry and remove any extras - I am then assure on my re-install I really do not have any trace of an old configuration.

    Regarding your firewall (I am not familiar with Kerio or ZA) but as with all installs I would make sure to be offline and disable the firewall prior to installing my AV. I do not think it is plausible to install an AV before a firewall unless it is a new install completely given that you may wish to change your AV at a later date when your firewall is already there. One thing you may wish to do if you do install afresh is to remove any rules for AVG in your firewall and let them be re-created on the fresh install.

    I hope this helps as I am a bit hurried when typing as someone has called to see me :rolleyes: )
     
  6. harshale

    harshale Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    11
    Location:
    Marin County, Calif.
    Thanks for your reply,

    There is certainly no need for any sort of apology. I'm well aware that most of you folks out there have livliehoods, and all the rest of the impedimentia of getting thru a typical day in your lives. I'm fortunate in that in my old age, live has become much simpler and I've got a lot of free-time for this sort of thing. As for the "strong cup of coffee"...same here, a really enjoyable start each day.

    To the issues, After going thru most of the various routines I had outlined in my last post (including the addition of the /clean switch to the AVG uninstaller target), I now have the following: I'm getting confirmation on my out going but not on my incoming. I'll settle for that, I don't have much mail coming in from sources that I'm not familiar with, making it easy to for me do my own screening.

    In your para. 3, you make reference to "PE scanner" in the email scanner > properties. I have as yet been unable to locate PE scanner. Perhaps that's due to the fact that I am using AVG, ver. free. However, the "read me.txt" describes down-loading AVG Personal E-Mail Scanner as a separate item. and gives various installation instruction, but all of the involve accessinsg the e-mail scanner properties page, the referencec to options or configs or parameters, are just not available to due to the fact that E-mail Scanner > Properties is not to be found. Anyway, I'll not burden you with vague description such as this, vague in that I feeling my way and can't come up with better info for you. So let this one go and take care of your own stuff. You gave me the clues I needed in order to get on the right track and I'll see how far I can get from here.

    Again, thanks, things are much better now than they were just a few days ago thanks to your input.

    If something really interesting shows up along the way, I'll let you know as an FYI.

    Take care, Harshale

    Oddly, this last installation has left my OE settings intact.
     
  7. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Hello again

    This makes sense now as the Personal e-mail scanner is on of the components in AVG Pro 7 and does have to be downloaded as a component to the free version 6. I have never used the free version therefore I am not quite sure what way it is set up but think it does not require much in the way of configuration by the user. The Pro version has more scope for configuring the various components which is one of the 'extras' given although the scanning engine is the same (which is the most important)

    The outgoing verification is the default as I know when a magazine reviews AVG this is one of the options to choose the stamp or not. As the PE scanner has to be downloaded separately then this would be the time when it would scan your incoming mail before it reaches your inbox. Even though you do not have this with the version and setup you are running 'if' and I am sure you would be like myself and be very cautious about opening any attachment even if it is from a known source. (I always save and scan again) AVG would alert you when you attempt to open the attachment in your inbox and quarantine anything nasty this way.

    If I find anything further out about the PE you need to download I will certainly post back with the information. Just to confirm AVG 6 is the totally free version - AVG 7 Pro is the registered version if yours is reading AVG 7 then I think you may be using or have used the trial version and this is why the ports were configured on your first install (I hope this makes sense!)

    Take care and well done at 72 for having so much knowledge. My dad is nowhere near 72 and he will not even touch my computer ;)
     
Loading...
Thread Status:
Not open for further replies.