My computer is working properly in every respect but one.  This started a few days ago.  At times, e-mail messages take a very long time to open when using an IMAP account.  At times, they open normally,  Its as though malware may be using port 995 for something.  That is my speculation, but I don't know if that makes much sense.

I checked my computer with Malware bytes, Emsisoft (spelling) Emergency Kit and Windows Defender and no malware is found.  But this odd behavior makes me wonder if something that is hard to detect is present.

Before going through the expense and inconvenience of having my computer checked by a tech, I decided to ask a bout the problem here.

Thanks for discussion.

Gene

The probability that this is malware, given what you've stated you've done, is virtually zero.

If this has been going on for several days you might want to contact support for the email service provider.  Something could very well be wrong on their end.
--

Brian - Windows 10, 64-Bit, Version 22H2, Build 19045

There are two novels that can change a bookish fourteen-year-old's life: The Lord of the Rings and Atlas Shrugged.  One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world. The other, of course, involves orcs.

    ~ John Rogers

Its GMail and I may do that but is it plausible that I would have a problem and no one else would have mentioned it yet on the list?

Gene

On 11/18/2022 2:08 PM, Brian Vogel wrote:

The probability that this is malware, given what you've stated you've done, is virtually zero.

If this has been going on for several days you might want to contact support for the email service provider.  Something could very well be wrong on their end.
--

Brian - Windows 10, 64-Bit, Version 22H2, Build 19045

There are two novels that can change a bookish fourteen-year-old's life: The Lord of the Rings and Atlas Shrugged.  One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world. The other, of course, involves orcs.

    ~ John Rogers

On Fri, Nov 18, 2022 at 03:10 PM, Gene wrote:

Its GMail and I may do that but is it plausible that I would have a problem and no one else would have mentioned it yet on the list?

-
Plausible, absolutely.  Probable, less so.  But there are instances where a very limited number of users can be affected by any given issue.

If this is IMAP, as you say, you could also just nuke the account and set it up again.  Everything should still come back since all storage long term is on the server side, and what's "relatively fresh" will be downloaded immediately, and if you try to access something old its message body would get fetched on demand.
--

Brian - Windows 10, 64-Bit, Version 22H2, Build 19045

There are two novels that can change a bookish fourteen-year-old's life: The Lord of the Rings and Atlas Shrugged.  One is a childish fantasy that often engenders a lifelong obsession with its unbelievable heroes, leading to an emotionally stunted, socially crippled adulthood, unable to deal with the real world. The other, of course, involves orcs.

    ~ John Rogers

Hello Gene,

It is more likely an issue with your email program, your connection, your firewall, or your email provider. I can't tell you which without running some diagnostics, but you can troubleshoot this yourself by doing some or all of the following.

* Run a speedtest and check your connection

* Remove your email account and its data and re-add it, and retest

* Disable any firewall, hardware or software, temporarily and check again

* Disable any security programs temporarily

* Try a different email client and see if the issue persists

* If you have access to a different connection, try that.

Thanks.

On Fri, Nov 18, 2022 at 11:10 AM Gene <gsasner@...> wrote:

My computer is working properly in every respect but one.  This started
a few days ago.  At times, e-mail messages take a very long time to open
when using an IMAP account.  At times, they open normally,  Its as
though malware may be using port 995 for something.  That is my
speculation, but I don't know if that makes much sense.

I checked my computer with Malware bytes, Emsisoft (spelling) Emergency
Kit and Windows Defender and no malware is found.  But this odd behavior
makes me wonder if something that is hard to detect is present.

Before going through the expense and inconvenience of having my computer
checked by a tech, I decided to ask a bout the problem here.

Thanks for discussion.

Gene

--

Best,

Nimer Jaber

Check out and subscribe to BlindTechAdventures in podcast audio form on YouTube for the latest happenings in tech.

You can follow @nimerjaber on Twitter for the latest technology news.

Thank you, and have a great day!

I'll see what happens for a day or two longer. The account is working
properly now.

Gene

On 11/18/2022 2:19 PM, Brian Vogel wrote:

On Fri, Nov 18, 2022 at 03:10 PM, Gene wrote:

Its GMail and I may do that but is it plausible that I would have
a problem and no one else would have mentioned it yet on the list?

-
Plausible, absolutely. Probable, less so. But there are instances
where a very limited number of users can be affected by any given issue.

If this is IMAP, as you say, you could also just nuke the account and
set it up again. Everything should still come back since all storage
long term is on the server side, and what's "relatively fresh" will be
downloaded immediately, and if you try to access something old its
message body would get fetched on demand.
--

Brian -Windows 10, 64-Bit, Version 22H2, Build 19045

*There are two novels that can change a bookish fourteen-year-old's
life: The Lord of the Rings and Atlas Shrugged. One is a childish
fantasy that often engenders a lifelong obsession with its
unbelievable heroes, leading to an emotionally stunted, socially
crippled adulthood, unable to deal with the real world. The other, of
course, involves orcs. *

~ John Rogers

Now, I've had many E-mail providers hang for a while either sending or getting mail. Sometimes depending on the client it can take so long that it gives you a clue.
ie if its outgoing email it says words to the effect, your smtp server has not responded in xx seconds and gives you the option to wait or cancel. The same can be true in the Imap incoming server of course, sometimes you find things like your log in failed or something, but mostly I find its a big attachment that is taking time to come in. I do wish people who have large files to send would shove it on Dropbox or whatever and just send the link.
Brian

On Nov 18, Gene wrote:

an IMAP account.  At times, they open normally,  Its as though malware may be using port 995 for something.

That's not how it works.

Port 995 is the target port for POP3-SSL. I assume you mean 993, the target port for IMAP-SSL, but it's still not how it works.
(For purposes of discussion, I am subsuming TLS within SSL.)

The target port, 993 or 995 in this case, is the port the remote server is listening on.

On your machine, the port the traffic goes out, will be one of the many large number ports available--usually a five digit port like 45372 or some such. It's assigned by your IP stack when you need a port for something. It has no relation to the kind of service using it.

And, if malware is using a port, you will just use a different port then you otherwise would have when opening the IMAP connection, which will seem no different than if Malware had not been using the port but, say, the web browser was using it for a persistent HTTPS connection.

Now, if all your outgoing possible ports were in use, you might have a delay here while one was waited on to become free; but that is so highly unlikely as to be not worth talking about.

If you're seeing 993 or 995 open on your machine, you would likely be running a mail server of some kind yourself. But then, were that the case you would know it. The likely standalone mail servers that a user might run--for example the Proton mail secure gateway--use alternative open ports to avoid port numbers lower than 1024.

As to what might really be going on, see the various other messages.

This networking lesson was brought to you by the letters I and P, and the number FF.

Luke

Gene wrote:

One thing I was wondering while I was thinking about whether I have malware is what makes ports either outgoing or incoming.

Simple. If your computer is acting as a client, it will open ports for outgoing traffic. If it is acting as a server, it will open them for incoming traffic (listeners, waiting for connections).

In most cases, your computer is a client to some server somewhere.

Want to check mail? Your computer, the client, asks the server (E.G. Gmail) if there is any mail, by opening a couple random local ports, connecting to Gmail's IMAP (993) and SMTP (465 or 587) ports, and transacting mail.

Want to read a web page? Your computer, the client, asks a server (E.G. en.wikipedia.org) for the page, by opening a local port (let's say 60000, but it's random), and connecting through it to Wikipedia's web services port (80), and transacting page requests.

All of these are outgoing ports, and connect to the server's incoming ports.

Perhaps try to think of it from the network's point of view. If you were a network, watching what was happening on yourself, you would see traffic suddenly appear from a port on one computer (your computer), going to some distant place So it's outgoing. You would see that traffic going somewhere, and going in to another port on some other computer--an inbound port.

Most of the time, your computer initiates the connection to somewhere else, which makes the port outgoing.

Only if you are hosting services, do you have incoming ports.
In the context of your local network, you have several incoming ports, because you are hosting services, whether you know it or not.

Most likely, you have file sharing active, and in order for another machine on your network to know that you have shared folders, it needs to be able to ask. In that context, one of your computers is the client, and the other is the server. Which ever one connects to the other first, is the client in that context, and has the outgoing port, while the other has the incoming.

If you want or need incoming ports on your computer to receive connections from the internet (instead of just your local network), which is usually a bad idea, you generally need to give incoming traffic permission to pass your firewall on those ports. Otherwise the incoming traffic (which is outbound from some other computer) will hit your firewall and never make it to the incoming ports on your computer.

You might do this if you are running a game server for your friends; doing some kinds of file sharing (the P2P kind); allowing direct NVDA Remote sessions to connect; or in certain other specialized cases.

But mostly the few incoming ports you will have open, are supposed to be reachable only by the local network. Your firewall is there to make that happen, and facilitate exceptions.

HTH.

Luke