Jump to content

Recommended Posts

I made a recent comment about this in another thread. Thought it best to create a new thread.

In Thunderbird email client, I have AOL IMAPS e-mail setup. Eset is not appending the scanned message to it.

Thinking this might be something unique to AOL e-mail, I created a Yahoo e-mail account. I then set that up as IMAPS in Thunderbird. Same result - Eset not appending the scanned message to it. Also to rule out OAuth2 as a possible source, I changed it to password verification on the T-Bird Yahoo IMAPS account. No difference as a result of that.

Since the scanned message is not being appended, I conclude that Eset is not scanning IMAPS traffic at all in Thunderbird e-mail client.

Edited by itman
Link to post
Share on other sites
Posted (edited)

I will also note that I did some research on how IMAPS works.

Supposedly, only the e-mail header is initially downloaded to the e-mail client. The remaining e-mail body and assumed attachments are downloaded when the e-mail is read (opened) in the e-mail client. What may be occurring is Eset is appending the scanned text message to the initial downloaded header. When the e-mail body is downloaded, it is overlaying whatever Eset previously appended to the e-mail.

Then there is the question of how to determine if Eset is properly scanning IMAPS e-mail at all phases; download and read. For testing, I use a web site that will append an attachment in select Eicar formats. Below is a screen shot showing an Eicar attachment for incoming IMAPS e-mail:

Eicar_1.thumb.png.79d9215f95f68cc810d7f7085a143798.png

Next is a screen shot showing this e-mail status after it has been read:

Eicar_2.thumb.png.be5103a3129aa1f5a27c2eb443cc6a62.png

Of note is the Eicar attachment no longer exists.

The problem here is there is zip indication that Eset actually detected and removed the attachment. AOL uses Symantec Endpoint to scan e-mail on its servers. It appears this is what is removing the attachment prior to IMAPS body and attachment is being forwarded to my Thunderbird e-mail client.

-EDIT- Finally determined no attachment is actually being sent from AOL e-mail. Had to copy the incoming e-mail to my downloads folder an open it with notepad. At the bottom of the e-mail is text inserted by Symantec just noting an attachment did previously exist.

Edited by itman
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...