Jump to content

Recommended Posts

Posted (edited)

I made a recent comment about this in another thread. Thought it best to create a new thread.

In Thunderbird email client, I have AOL IMAPS e-mail setup. Eset is not appending the scanned message to it.

Thinking this might be something unique to AOL e-mail, I created a Yahoo e-mail account. I then set that up as IMAPS in Thunderbird. Same result - Eset not appending the scanned message to it. Also to rule out OAuth2 as a possible source, I changed it to password verification on the T-Bird Yahoo IMAPS account. No difference as a result of that.

Since the scanned message is not being appended, I conclude that Eset is not scanning IMAPS traffic at all in Thunderbird e-mail client.

Edited by itman
Posted (edited)

I will also note that I did some research on how IMAPS works.

Supposedly, only the e-mail header is initially downloaded to the e-mail client. The remaining e-mail body and assumed attachments are downloaded when the e-mail is read (opened) in the e-mail client. What may be occurring is Eset is appending the scanned text message to the initial downloaded header. When the e-mail body is downloaded, it is overlaying whatever Eset previously appended to the e-mail.

Then there is the question of how to determine if Eset is properly scanning IMAPS e-mail at all phases; download and read. For testing, I use a web site that will append an attachment in select Eicar formats. Below is a screen shot showing an Eicar attachment for incoming IMAPS e-mail:

Eicar_1.thumb.png.79d9215f95f68cc810d7f7085a143798.png

Next is a screen shot showing this e-mail status after it has been read:

Eicar_2.thumb.png.be5103a3129aa1f5a27c2eb443cc6a62.png

Of note is the Eicar attachment no longer exists.

The problem here is there is zip indication that Eset actually detected and removed the attachment. AOL uses Symantec Endpoint to scan e-mail on its servers. It appears this is what is removing the attachment prior to IMAPS body and attachment is being forwarded to my Thunderbird e-mail client.

-EDIT- Finally determined no attachment is actually being sent from AOL e-mail. Had to copy the incoming e-mail to my downloads folder an open it with notepad. At the bottom of the e-mail is text inserted by Symantec just noting an attachment did previously exist.

Edited by itman
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...