Jump to content

lack of scanning in thunderbird unless connect via plain text


Recommended Posts

So I have been using nod32 with outlook for a number of years, I am scanning emails using the outlook plugin.


I however want to migrate to thunderbird, the first problem I noticed was that there is no plugin.


I googled and nod32 decided to drop support way back in v5 for vague reasons, which seemed to be summed up as they couldnt be bothered to maintain the plugin anymore.  Even when pointed out there is a long term support version of thunderbird which lasts a year with no feature changes eset seeminly refuse to support it.  Yet of course they advertise on their commercial product they scan email traffic for viruses.


So I enabled pop/imap protocol scanning (and ssl pops/imaps), now it is worth pointing out at this point there is 3 ways to connect to a email server.


1 - plain text, very bad idea, especially when using plan login auth method.  Many providers even outright block this.

2 - legacy implicit ssl, this is now considered legacy aka deprecated, some providers no longer support this, especially on smtp.

3 - explicit ssl, aka STARTTLS, this is the modern reccomended way of connecting to mail servers for all 3 of smtp,imap and pop.


Now the nod32 protocol scanning options have the ability to enable for plain connections and implicit, explicit is nowhere to be seen but its possible by design it is supposed to work when using the pop/imap vs pops/imaps settings.  What I discovered was this.


1 - plain, scans as expected.

2 - legacy implicit, no scanning, this surprised me as its clearly optional in the settings, but nope no eset signature and eicar attachment no popup from nod32.

3 - explicit ssl, I was hopeful, but no scanning.


Now if this was some guy on his own offering free code, I would be understanding.  But this is a commercial product which I have paid for, and from where I sit as the customer its not my concern if it is hardwork for eset's developers to maintain a thunderbird plugin.  It should be a "deal with it" situation.


The plugin is my preffered solution but if they can make the protocol filtering work with STARTTLS then I would accept that as well.


So please eset fix this or stop advertising email scanning support.


Now I am still using v8, after some sleep, and maybe when the weather cools down a bit so I have more energy I will try v10 beta on a spare machine with thunderbird to see if that works.


Also to add, if it is to be done via protocok filtering eset, need to make sure they keep up with modern encryption standards, gcm/chacha ciphers, pfs, dane, key pinning etc.  Also wise to point out interception of encrypted traffic goes against the principles of TLS, so by far a plugin is the preffered solution.

Edited by chrcoluk
Link to comment
Share on other sites

  • 3 weeks later...
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...