Norton Antivirus 2003 and Ports 110, 25

Discussion in 'Computer Security' started by Peter, Jul 21, 2004.

  1. Peter

    Peter Guest

    There's something that I don't understand about how Norton Antivirus
    interferes with e-mail in Windows.

    For some reason, when I force the Norton Antivirus service to shut down, all
    e-mail clients stop working. It becomes impossible to connect to ports 110
    or 25 in the ISP's mail server. I have even tried to telnet to the mail
    server (command "telnet [POP3 server] 110"), but this doesn't work either,
    which rules out that it is the mail client that causes the problem.

    My question is not exactly "how do I fix this", but rather:

    *What* does Norton Antivirus 2003 modify in Windows, that it gets impossible
    to connect to the ISP's e-mail ports? Does it change something the registry?
    Does it perform changes to the Windows socket? Does it have a hidden service
    running in the background, as Norton Antivirus 2000 did ("poproxy.exe")?

    This is really strange, and I am out of clues. I will appreciate any help
    you can provide.

    Regards,

    Peter
     
    Peter, Jul 21, 2004
    #1
    1. Advertisements

  2. I'm honestly not sure how it does it nowadays - in the old days a lot of AV
    software would replace the server names with localhost to run a little proxy
    for scanning. It's more sophisticated now and actually *works*, which it
    didn't used to!

    You can disable mail scanning if you want (I don't, myself). Any reason
    you're shutting down your AV anyway?
     
    Lanwench [MVP - Exchange], Jul 21, 2004
    #2
    1. Advertisements

  3. Peter

    Peter Guest

    "Lanwench [MVP - Exchange]"
    First of all, thank you for your reply.

    It is not that I want to shut down the antivirus, but sometimes I have to
    reduce the number of running programs and services to a minimum (which means
    that the antivirus software has to be shut down) in order to use
    applications that demand a high use of system resources. The problem is
    that, even after most programs and services are shut down, the e-mail
    clients should still work without the need of a shutdown.

    Still, my interest was focused more on finding the causes of this issue than
    how to fix it. Knowing the cause could provide me with other, more direct
    means of resolving the issue.

    Peter
     
    Peter, Jul 23, 2004
    #3
  4. Here's an educated guess at how it works.

    - The normal mode of operation (without anti-virus) is that your mail
    program connects directly to your ISP's POP server (port 110) and SMTP
    server (port 25). You specified your ISP's servers in the settings menus
    of your email program.

    - You may have installed NAV as an email proxy. During the
    installation, it asked you to tell it what your ISP's POP+SMTP servers'
    names or addresses were. You would also have been told to change the
    POP and SMTP server settings in your email program to "localhost" or
    127.0.0.1. When you download email...
    1) Your mail program sends a request to the NAV proxy
    2) which forwards the request to your ISP's server
    3) Your ISP's server downloads email to NAV
    4) Which scans it on-the-fly
    5) and forwards it to your mail program

    When you send email, things flow in the other direction, and on port
    25 rather than port 110. When you shut down NAV, your email program is
    trying the send/recieve via a server that's no longer ther,
     
    Walter Dnes (delete the 'z' to get my real address, Jul 26, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.