Norton Antivirus 2003 and Ports 110, 25

Discussion in 'Computer Security' started by Peter, Jul 21, 2004.

  1. Peter

    Peter Guest

    There's something that I don't understand about how Norton Antivirus
    interferes with e-mail in Windows.

    For some reason, when I force the Norton Antivirus service to shut down, all
    e-mail clients stop working. It becomes impossible to connect to ports 110
    or 25 in the ISP's mail server. I have even tried to telnet to the mail
    server (command "telnet [POP3 server] 110"), but this doesn't work either,
    which rules out that it is the mail client that causes the problem.

    My question is not exactly "how do I fix this", but rather:

    *What* does Norton Antivirus 2003 modify in Windows, that it gets impossible
    to connect to the ISP's e-mail ports? Does it change something the registry?
    Does it perform changes to the Windows socket? Does it have a hidden service
    running in the background, as Norton Antivirus 2000 did ("poproxy.exe")?

    This is really strange, and I am out of clues. I will appreciate any help
    you can provide.

    Regards,

    Peter
     
    Peter, Jul 21, 2004
    #1
    1. Advertising

  2. Peter wrote:
    > There's something that I don't understand about how Norton Antivirus
    > interferes with e-mail in Windows.
    >
    > For some reason, when I force the Norton Antivirus service to shut
    > down, all e-mail clients stop working. It becomes impossible to
    > connect to ports 110 or 25 in the ISP's mail server. I have even
    > tried to telnet to the mail server (command "telnet [POP3 server]
    > 110"), but this doesn't work either, which rules out that it is the
    > mail client that causes the problem.
    >
    > My question is not exactly "how do I fix this", but rather:
    >
    > *What* does Norton Antivirus 2003 modify in Windows, that it gets
    > impossible to connect to the ISP's e-mail ports? Does it change
    > something the registry? Does it perform changes to the Windows
    > socket? Does it have a hidden service running in the background, as
    > Norton Antivirus 2000 did ("poproxy.exe")?


    I'm honestly not sure how it does it nowadays - in the old days a lot of AV
    software would replace the server names with localhost to run a little proxy
    for scanning. It's more sophisticated now and actually *works*, which it
    didn't used to!

    You can disable mail scanning if you want (I don't, myself). Any reason
    you're shutting down your AV anyway?
    >
    > This is really strange, and I am out of clues. I will appreciate any
    > help you can provide.
    >
    > Regards,
    >
    > Peter
     
    Lanwench [MVP - Exchange], Jul 21, 2004
    #2
    1. Advertising

  3. Peter

    Peter Guest

    "Lanwench [MVP - Exchange]"
    <> schrieb im
    Newsbeitrag news:...
    > You can disable mail scanning if you want (I don't, myself). Any reason
    > you're shutting down your AV anyway?


    First of all, thank you for your reply.

    It is not that I want to shut down the antivirus, but sometimes I have to
    reduce the number of running programs and services to a minimum (which means
    that the antivirus software has to be shut down) in order to use
    applications that demand a high use of system resources. The problem is
    that, even after most programs and services are shut down, the e-mail
    clients should still work without the need of a shutdown.

    Still, my interest was focused more on finding the causes of this issue than
    how to fix it. Knowing the cause could provide me with other, more direct
    means of resolving the issue.

    Peter
     
    Peter, Jul 23, 2004
    #3
  4. On Thu, 22 Jul 2004 20:27:10 -0300, Peter, <> wrote:
    > "Lanwench [MVP - Exchange]"
    > <> schrieb im
    > Newsbeitrag news:...
    > > You can disable mail scanning if you want (I don't, myself). Any reason
    > > you're shutting down your AV anyway?

    >
    > First of all, thank you for your reply.
    >
    > It is not that I want to shut down the antivirus, but sometimes I
    > have to reduce the number of running programs and services to a
    > minimum (which means that the antivirus software has to be shut
    > down) in order to use applications that demand a high use of
    > system resources. The problem is that, even after most programs
    > and services are shut down, the e-mail clients should still work
    > without the need of a shutdown.
    >
    > Still, my interest was focused more on finding the causes of this
    > issue than how to fix it. Knowing the cause could provide me with
    > other, more direct means of resolving the issue.


    Here's an educated guess at how it works.

    - The normal mode of operation (without anti-virus) is that your mail
    program connects directly to your ISP's POP server (port 110) and SMTP
    server (port 25). You specified your ISP's servers in the settings menus
    of your email program.

    - You may have installed NAV as an email proxy. During the
    installation, it asked you to tell it what your ISP's POP+SMTP servers'
    names or addresses were. You would also have been told to change the
    POP and SMTP server settings in your email program to "localhost" or
    127.0.0.1. When you download email...
    1) Your mail program sends a request to the NAV proxy
    2) which forwards the request to your ISP's server
    3) Your ISP's server downloads email to NAV
    4) Which scans it on-the-fly
    5) and forwards it to your mail program

    When you send email, things flow in the other direction, and on port
    25 rather than port 110. When you shut down NAV, your email program is
    trying the send/recieve via a server that's no longer ther,

    --
    Walter Dnes; my email address is *ALMOST* like
    Delete the "z" to get my real address. If that gets blocked, follow
    the instructions at the end of the 550 message.
     
    Walter Dnes (delete the 'z' to get my real address, Jul 26, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tim

    Sophos AntiVirus Vs Norton AntiVirus

    Tim, Aug 16, 2003, in forum: Computer Support
    Replies:
    7
    Views:
    10,545
    Robert de Brus
    Aug 17, 2003
  2. Nicole Kidman
    Replies:
    1
    Views:
    3,212
    °Mike°
    Aug 16, 2003
  3. Replies:
    3
    Views:
    930
    optikl
    Jul 26, 2005
  4. alexander rickert

    symantec: norton antivirus versus norton antivirus corporate

    alexander rickert, Nov 3, 2004, in forum: Computer Information
    Replies:
    3
    Views:
    1,325
    James Baber
    Nov 3, 2004
  5. - Bobb -

    Norton Systemswork / Norton Antivirus question

    - Bobb -, Dec 4, 2005, in forum: Computer Information
    Replies:
    5
    Views:
    521
    Sjouke Burry
    Dec 4, 2005
Loading...

Share This Page