Malware in FOSSAMail?

[DazzaRPD]

I've just installed FOSSAMail on my laptop, and everything went well with the install until FOSSAMail tried to connect to the internet.

It was then that Comodo Personal Firewall (x64) flared up with this message.



Now I know it says its only 'possible' malware, but I was wondering if you knew what this could be? All the other 'unknown' x64 software (Pale Moon, Waterfox, PDF XChange viewer) have installed with no mlware message, it's just a bit worrying that Comodo found FM to potentially have Malware in it, so just thought I'd raise it with yourselves

Kind Regards,
DazzaRPD

[back2themoon]

False alarm, once again. Not to worry. Tell Comodo about it so they can fix the wrong alert.

[MozillaUser233]

I've just installed FOSSAMail on my laptop, and everything went well with the install until FOSSAMail tried to connect to the internet.

It was then that Comodo Personal Firewall (x64) flared up with this message.



Now I know it says its only 'possible' malware, but I was wondering if you knew what this could be? All the other 'unknown' x64 software (Pale Moon, Waterfox, PDF XChange viewer) have installed with no mlware message, it's just a bit worrying that Comodo found FM to potentially have Malware in it, so just thought I'd raise it with yourselves

Kind Regards,
DazzaRPD

This is considered a loopback connection. The program talks to itself this way. Thunderbird does the same thing.
https://support.mozillamessaging.com/en ... connection

Since it stated it should not be disabled, I could not find anything by disabling this, but I ran across a few links stating it cannot be disabled hence the above link. I've also read that the loopback connection should be not blocked and is not a security problem.

[Moonchild]

Loopback connections are normal in many applications. It's not a security risk of any kind. Connecting to 127.0.0.1 is NOT conecting to the internet so the message is wrong.
Loopback connections should NEVER be blocked by a firewall. The fact that it even pops up makes me think the firewall must have some strange or paranoid defaults.

Anything to or from 127.0.0.1 should be allowed by default. Denying such connections can seriously break intra-application communication and may crash it or make it do unexpected things, or leave the program in an undetermined state with open listening ports waiting for input, which actually makes it less secure and makes it vulnerable to attack.

I actually use Comodo firewall myself, although an older standalone version that is less bloated. The setting for loopback connections is under Firewall -> Firewall behavior settings -> alert settings -> enable alerts for loopback connections. If it's checked, I strongly recommend you uncheck it; it's pointless warning a user about loopback, can make them make wrong choices, and prevents confusion and threads like this one.

[MozillaUser233]

I actually use Comodo firewall myself, although an older standalone version that is less bloated. The setting for loopback connections is under Firewall -> Firewall behavior settings -> alert settings -> enable alerts for loopback connections. If it's checked, I strongly recommend you uncheck it; it's pointless warning a user about loopback, can make them make wrong choices, and prevents confusion and threads like this one.

Big headache saver!