Last checked:

Avira Mail Protection blocks SSL/TLS/STARTTLS-connections

Out of security reasons, Avira Antivirus Premium, Avira Internet Security and Avira Professional Security are blocking incoming Emails via SSL/TLS/STARTTLS secure connections, if they were configured on standard ports. Other ports that fall back on encryption may also be affected.

This usually happens, when for example, the option SSL (TLS/STARTTLS), whenever possible is active in the Email client and the SSL/TLS/STARTTLS is set to use the standard port.

In such a case, an error message appears:

SSL (TLS/STARTTLS)-connection detected. Incoming mails are blocked.


Usually, when sending and receiving Emails through an encrypted connection, Avira Mail Protection is unable to scan them. However, if the standard port is set, Avira product performs the scan and issues the error message mentioned above.

To get the Email traffic working again, you have to check and correct the settings in the Email client. Because there are many Email programs and since their configuration varies, please note the following general rules:

  • Deactivate the option for using encrypted SSL/TLS/STARTTLS connections for incoming and outgoing server

  • Make sure not to use the ports 25 (SMTP), 143 (IMAP) and 110 (POP3) for SSL/TLS/STARTTLS connections


If you usually need to receive Emails via SSL/TLS/STARTTLS connections, you can change the product's installation, to deactivate Avira Mail Protection.

  1. Click on Start → Settings → Control Panel → Add or Remove Programs (or Programs and Features) → the installed Avira product

  2. Press Change, select Modify and click Next

  3. Remove the check-mark for Avira Mail Protection and press Next until Finish

Note:
This completely removes the Avira module for Email scanning, Avira Mail Protection, and it can no longer be used! This means that Emails are no longer scanned before they arrive in your Email client.

  • Affected products
  • Avira Professional Security
  • Avira Antivirus Premium 2013
  • Avira Antivirus Pro
  • Avira Internet Security
  • Avira Internet Security Suite
  • Avira Family Protection Suite
  • Avira Ultimate Protection Suite

Comments

I have used successfully AVIRA for a long time along with my ISP e-mail client in OUTLOOK which reqiuired the use of SSL ports. However, the recent conflict between my ISP required SSL ports and the inability of AVIRA to no longer scan such ports requires me to disable mail scanning in AVIRA. I tried the suggestions in this article without success unless I disable mail scanning in AVIRA. Accordingly, I feel less protected than before and see no option but to abandon my paid AVIRA license and go to another anti-virus program.

This article is worded very strangely. Avira isn't blocking encrypted email traffic to enhance security; this doesn't make any sense. The actual issue is that Avira can't scan encrypted traffic at all, and it blindly looks at traffic on specific port numbers, then can't handle it when it encounters something other than unencrypted traffic.

And disabling encryption on email is "correcting the settings?" I don't think so!

Avira really needs to implement a main-in-the-middle (MITM) solution. Insert a local certificate so you can scan encrypted email traffic, rather than forcing customers to choose between encrypting their email traffic and being able to scan email traffic with Avira. Other AV vendors have been using a MITM solution for years.

I know all about the people who feel that scanning email is unnecessary. I could not care less. It should be an option.

Disabling email encryption just to enable AV scanning of this traffic is a terrible trade-off. I will choose encryption every time (even though I use a VPN).

Please fix this, Avira.

Hi Maurizio,

because it is encrypted with SSL it is not readable for humans and computers. This is why Avira can't scan this port and it is blocked to protect you.
If you are forced to use SSL please uninstall the email protection or remove the port from the configuration. Because Avira uses a multiple security features (realtime protection, web protection) you are still safe.

I agree with @crank above
While I understand that encryption is exactly not being able to read the content, there should be some option that email is scanned for example after decrypted, or any other solution.
You can not just leave us with option to either use SSL but no antivirus protection, or no SSL with antivirus protection. A workaround must exist and be in place.

Add new comment

Your report was successfully sent.
There was an error! Please, try again later!