Should I disable e-mail scanning within AVG (Free) anti-virus software?
I am new to Thunderbird and after initially not being able to receive e-mails into Thunderbird Inbox, I found that by disabling the e-mail scanning within my AVG (Free) anti-virus (V17.4.3014, apparently only updated today), that e-mails then came through fine.
In addition to the “Scan inbound mail (POP3, IMAP4)” tab under AVG's "Main Settings" (the one I un-ticked to enable e-mails to be received) there is also another tab:- “SSL Scanning” which has just the one option “Scan SSL connections” (ticked). (A note there advises:- The e-mail protection will scan your mail even when SSL/TLS security is enabled in you e-mail client. If your e-mail client uses its own certificate store, the SSL scan feature will require you to export the Email Protection certificate to a file and then import it to your mail client.)
WHAT I AM UNCERTAIN ABOUT THOUGH IS WHETHER FOR THIS LATTER OPTION TO WORK, WHETHER THE “Scan inbound mail (POP3, IMAP4)” OPTION NEEDS TO ALSO REMAIN TICKED??
I exported the Email Protection certificate (as above) within AVG to my Desktop and then tried the “Manage Certificates” / “Your certificates” tab within Thunderbird and tried to import the “Mailshield.der” file but got message:- “This personal certificate can't be installed because you do not own the corresponding private key which was created when the certificate was requested”. I then tried the same on the “authorities” tab and got the message “This certificate is already installed as a certificate authority”.
DOES THIS MEAN THAT I DO NOT THERFORE NEED TO IMPORT ANY CERTIFICATE??
I have also looked at the AVG advice “How to set up AVG e-mail protection to scan encrypted e-mails” which advises :- In some special cases, you must manually specify the incoming and outgoing mail servers in AVG Email Protection. A typical example is when you use secure communication (SSL). This article outlines how to set up AVG Email Protection to scan encrypted emails by manually specifying an incoming or outgoing mail server.
HOWEVER I SUSPECT THAT THIS ADVICE APPLIED TO AN EARLIER VERSION OF AVG INTERFACE AND HAS POSSIBLY BEEN SUPERSEDED BY THE INCLUSION WITHIN AVG OF THE "SSL SCANNING" TAB.
I hope the above all makes sense! If not, please bear in mind that I am new to this forum - apologies if I have included too much under one thread (but to me it all seemed "related")
All Replies (3)
I have since also raised query with AVG through their Community Forum.
AVG have confirmed that unless the “Scan inbound mail (POP3, IMAP4)” box under AVG's "Main Settings" is ticked, incoming mail will NOT be scanned by AVG - irrespective of whether the “Scan SSL connections” tab box is ticked.
They also sent me a diagnostic tool and will be advising further after they have analysed the data this tool gathered from my PC.
I will update this thread as and when anything further comes to light.
Modified
I found that by disabling the e-mail scanning within my AVG (Free) anti-virus ..., that e-mails then came through fine.
It is recommended not to let antivirus software scan incoming and outgoing messages. It creates more problems and has no benefit. See https://wiki.mozilla.org/Thunderbird:Testing:Antivirus_Related_Performance_Issues#AVG
DOES THIS MEAN THAT I DO NOT THERFORE NEED TO IMPORT ANY CERTIFICATE??
AVG acts like a Certificate Authority and generates certs on the fly for the email server(s) you connect to. The AVG cert therefore will have to be imported into 'Authorities'. If it's already there, you don't need to import it again.
The problem with AVG scanning SSL/TLS traffic, this breaks up end-to-end security. I.e. AVG connects to the mail server on your behalf. That means AVG can not only see the contents of your messages, but also your password. After all, scanning SSL/TLS traffic is exactly like a man-in-the-middle attack.
how to set up AVG Email Protection to scan encrypted emails
I have no idea about AVG. In any case, the wording is misleading, as the messages you send are not encrypted. What's encrypted is the connection to the server, so encryption is only for messages 'in flight', but not for messages 'at rest'.
Modified
Thanks for your advice and clarification which further confirms the conclusion I was coming to that I would not use the AVG e-mail scanning option.
(In answer to my enquiry on the AVG forum, despite having had the results on me running their SysInfo tool on my PC, AVG technicians had also asked me to allow them remote access to my PC to "troubleshoot" the issue - which I was not inclined to allow anyway)
Modified