Jetico + Kaspersky email issues

Discussion in 'other firewalls' started by hojtsy, May 6, 2005.

Thread Status:
Not open for further replies.
  1. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    Hi,

    I have Kaspersky Personal Pro 5.0, with realtime email (POP3) protection enabled. I am using Jetico 1.0.1.58 firewall. It seems that Kaspersky somehow hijacks the TCP connection of my Thunderbird email client, to scan the content. The method used by Kaspersky is conflicting with Jetico, because Jetico is unable to identify the application doing the communication. This results in blocking the POP3 connection in the firewall. Is anybody using Jetico + Kaspersky + POP3? Is there some tricky setting to resolve the issue? Well, except disabling the email protection in Kaspersky.

    -hojtsy-
     
  2. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    KAV sets up a proxy that listens on ports 1110 and 1125. When I was using Jetico, I gave KAV rights to communicate with ports 110 and 25 TCP outbound and mail went just fine. Try making a rule that treats KAV as a mail client.
     
  3. hojtsy

    hojtsy Registered Member

    Joined:
    Dec 28, 2003
    Posts:
    351
    The component doing this mail proxy stuff seems to be kavmm.exe, just because it keeps the 1125 and 1110 listening ports open. I have already given this application rights to open whatever TCP conncetions. (including mail client connections) But it does not help. My log show blocked outgoing packets (to remote port 110) with the IP rule "Block All not processed IP packets". The blocked packets are sent from source port 1359, and Jetico does not know who uses this port: it is not displayed as open in the Applications tab during these errors. No learing popups are displayed, and I don't have any other rule to block this communication: if I would have it would appear in the log. My mail client keeps open local port 1358, trying to communicate with same remote 110. It seems that KAV modifies the packet content on the fly and increases local port number in it. This makes Jetico go crazy.

    -hojtsy-
     
  4. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I know you do not want to disable Kav's mail protection, but if your mail provider scans the mail, and many do now, turning mail scan off is a reasonable option. My present and former ISP's scan mail and I have not seen an infected email in about three years.

    Giving KAV a response of mail client table, ftp client table and browser table allowed it to work for me. You may have rules that are too restrictive. Just try the Jetico pre made rules and see what happens.
     
  5. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    i also met this problem today. kav pro 5.0.327 + jetico 1.0.0.60

    here are my rules, which work on my system.
    Action:accept
    Log: disabled
    Protocol: TCP/IP
    direction: outbound
    application: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
    local address: any
    remote address: any
    local port: any
    remote port: 110

    Action: accept
    Log: disabled
    Protocal: TCP/IP
    direction: outbound connection
    application: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
    local address: any
    remote address:127.0.0.1
    local port: 1024:5000
    remote port: 1024:5000

    ps: i don't let kav scan out-going mails.
     
  6. marceli7

    marceli7 Registered Member

    Joined:
    May 6, 2005
    Posts:
    33
    IMHO this rule should be set to INBOUND(?). Kav email scanner is listening on this ports range!
     
  7. shek

    shek Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    342
    Location:
    SE CHINA/NYC USA
    yes, it is inbound.
     
Thread Status:
Not open for further replies.