Norton Antivirus 2003 and Ports 110, 25

There's something that I don't understand about how Norton Antivirus
interferes with e-mail in Windows.

For some reason, when I force the Norton Antivirus service to shut down, all
e-mail clients stop working. It becomes impossible to connect to ports 110
or 25 in the ISP's mail server. I have even tried to telnet to the mail
server (command "telnet [POP3 server] 110"), but this doesn't work either,
which rules out that it is the mail client that causes the problem.

My question is not exactly "how do I fix this", but rather:

*What* does Norton Antivirus 2003 modify in Windows, that it gets impossible
to connect to the ISP's e-mail ports? Does it change something the registry?
Does it perform changes to the Windows socket? Does it have a hidden service
running in the background, as Norton Antivirus 2000 did ("poproxy.exe")?

This is really strange, and I am out of clues. I will appreciate any help
you can provide.

Regards,

Peter

Peter

Peter wrote:
> There's something that I don't understand about how Norton Antivirus
> interferes with e-mail in Windows.
>
> For some reason, when I force the Norton Antivirus service to shut
> down, all e-mail clients stop working. It becomes impossible to
> connect to ports 110 or 25 in the ISP's mail server. I have even
> tried to telnet to the mail server (command "telnet [POP3 server]
> 110"), but this doesn't work either, which rules out that it is the
> mail client that causes the problem.
>
> My question is not exactly "how do I fix this", but rather:
>
> *What* does Norton Antivirus 2003 modify in Windows, that it gets
> impossible to connect to the ISP's e-mail ports? Does it change
> something the registry? Does it perform changes to the Windows
> socket? Does it have a hidden service running in the background, as
> Norton Antivirus 2000 did ("poproxy.exe")?

I'm honestly not sure how it does it nowadays - in the old days a lot of AV
software would replace the server names with localhost to run a little proxy
for scanning. It's more sophisticated now and actually *works*, which it
didn't used to!

You can disable mail scanning if you want (I don't, myself). Any reason
you're shutting down your AV anyway?
>
> This is really strange, and I am out of clues. I will appreciate any
> help you can provide.
>
> Regards,
>
> Peter

Lanwench [MVP - Exchange]

"Lanwench [MVP - Exchange]"
< ahoo.com> schrieb im
Newsbeitrag news:...
> You can disable mail scanning if you want (I don't, myself). Any reason
> you're shutting down your AV anyway?

First of all, thank you for your reply.

It is not that I want to shut down the antivirus, but sometimes I have to
reduce the number of running programs and services to a minimum (which means
that the antivirus software has to be shut down) in order to use
applications that demand a high use of system resources. The problem is
that, even after most programs and services are shut down, the e-mail
clients should still work without the need of a shutdown.

Still, my interest was focused more on finding the causes of this issue than
how to fix it. Knowing the cause could provide me with other, more direct
means of resolving the issue.

Peter

Peter

On Thu, 22 Jul 2004 20:27:10 -0300, Peter, <> wrote:
> "Lanwench [MVP - Exchange]"
> < ahoo.com> schrieb im
> Newsbeitrag news:...
> > You can disable mail scanning if you want (I don't, myself). Any reason
> > you're shutting down your AV anyway?
>
> First of all, thank you for your reply.
>
> It is not that I want to shut down the antivirus, but sometimes I
> have to reduce the number of running programs and services to a
> minimum (which means that the antivirus software has to be shut
> down) in order to use applications that demand a high use of
> system resources. The problem is that, even after most programs
> and services are shut down, the e-mail clients should still work
> without the need of a shutdown.
>
> Still, my interest was focused more on finding the causes of this
> issue than how to fix it. Knowing the cause could provide me with
> other, more direct means of resolving the issue.

Here's an educated guess at how it works.

- The normal mode of operation (without anti-virus) is that your mail
program connects directly to your ISP's POP server (port 110) and SMTP
server (port 25). You specified your ISP's servers in the settings menus
of your email program.

- You may have installed NAV as an email proxy. During the
installation, it asked you to tell it what your ISP's POP+SMTP servers'
names or addresses were. You would also have been told to change the
POP and SMTP server settings in your email program to "localhost" or
127.0.0.1. When you download email...
1) Your mail program sends a request to the NAV proxy
2) which forwards the request to your ISP's server
3) Your ISP's server downloads email to NAV
4) Which scans it on-the-fly
5) and forwards it to your mail program

When you send email, things flow in the other direction, and on port
25 rather than port 110. When you shut down NAV, your email program is
trying the send/recieve via a server that's no longer ther,

--
Walter Dnes; my email address is *ALMOST* like
Delete the "z" to get my real address. If that gets blocked, follow
the instructions at the end of the 550 message.

Walter Dnes (delete the 'z' to get my real address)