itman 1,802 Posted March 7, 2021 Posted March 7, 2021 (edited) I made a recent comment about this in another thread. Thought it best to create a new thread. In Thunderbird email client, I have AOL IMAPS e-mail setup. Eset is not appending the scanned message to it. Thinking this might be something unique to AOL e-mail, I created a Yahoo e-mail account. I then set that up as IMAPS in Thunderbird. Same result - Eset not appending the scanned message to it. Also to rule out OAuth2 as a possible source, I changed it to password verification on the T-Bird Yahoo IMAPS account. No difference as a result of that. Since the scanned message is not being appended, I conclude that Eset is not scanning IMAPS traffic at all in Thunderbird e-mail client. Edited March 7, 2021 by itman
itman 1,802 Posted March 8, 2021 Author Posted March 8, 2021 (edited) I will also note that I did some research on how IMAPS works. Supposedly, only the e-mail header is initially downloaded to the e-mail client. The remaining e-mail body and assumed attachments are downloaded when the e-mail is read (opened) in the e-mail client. What may be occurring is Eset is appending the scanned text message to the initial downloaded header. When the e-mail body is downloaded, it is overlaying whatever Eset previously appended to the e-mail. Then there is the question of how to determine if Eset is properly scanning IMAPS e-mail at all phases; download and read. For testing, I use a web site that will append an attachment in select Eicar formats. Below is a screen shot showing an Eicar attachment for incoming IMAPS e-mail: Next is a screen shot showing this e-mail status after it has been read: Of note is the Eicar attachment no longer exists. The problem here is there is zip indication that Eset actually detected and removed the attachment. AOL uses Symantec Endpoint to scan e-mail on its servers. It appears this is what is removing the attachment prior to IMAPS body and attachment is being forwarded to my Thunderbird e-mail client. -EDIT- Finally determined no attachment is actually being sent from AOL e-mail. Had to copy the incoming e-mail to my downloads folder an open it with notepad. At the bottom of the e-mail is text inserted by Symantec just noting an attachment did previously exist. Edited March 8, 2021 by itman
Recommended Posts