MozillaZine

Talk:Antivirus software

From MozillaZine Knowledge Base

Contents

Should we keep the list of compatible and incompatible antivirus programs?

Most of that information is three to four years out of date. While its potentially very useful if we can't keep it current perhaps we should scale back what information we provide and just focus on identifying what anti-virus programs have a long history of working or not working well with Thunderbird . Avast, AVG, NOD32, and Kaspersky seem to be safe choices, and Symantec a risky choice. Comments?

The free versions of AVG and Avast used to be recommended whenever somebody had problems with thier anti-virus program and decided it was easier to switch. Nowadays we only seem to recommend Avast. Tanstaafl 15:39, 30 October 2008 (UTC)

I made those changes. Tanstaafl 07:39, 19 November 2008 (UTC)
Both NOD32 and Kaspersky started causing major problems for Thunderbird 3.x and did so for many months. Perhaps fixed now, I'm not sure. Wsm 10:35, 28 August 2010 (UTC)

ClamMail (.sf.net) and ThunderBird/Mozilla suite mail

here is a link to current RFE to ClamMail to add support for simple account modification for ThunderBird :

http://sourceforge.net/tracker/index.php?func=detail&aid=1173082&group_id=125389&atid=702313

the author of clammail asks this because he added that functionnality for Outlook Express users in 1.2.7 (1.2.8 is latest) it was easy as outlook express stores all mail account details into registry.

it is a RFE to make integration between ThunderBird and ClamMail more user-friendly (checkboxes for each account instead of having to modify manually login, host, port, whatever)

Norton AV has it for ages, that's why i asked him to add it (for Outlook Express) and gave him details on how to do it (via registry)

so, if someone knows programmaticaly how to access to account info (login/host/port/ssl?), please help there.

Section on e-mail scanning av

I'm pulling this paragraph because the advice is dangerous and incorrect. If someone wants to rewrite it, that's fine with me:

* Even if your AV program is compatible with Thunderbird, consider turning off your AV program's e-mail scanning but not its autoprotect function. Because email scanning can result in Inbox corruption and computer slowdown or lockup and because it provides no extra protection, many independent experts advise against it, and even some antivirus vendors quietly admit that it provides no extra protection. Malware attachments are not at all dangerous as attachments, only when activated by users opening them. As long as your AV program's autoprotect function (often called "guard" or "shield") is turned on, it will effectively prevent any "infection" by malware your AV program knows about: i.e. it will not let you open and thereby install any known malware program in an e-mail attachment.

Here's what's wrong:

First, 'autprotect' features delete and corrupt inboxes. That's the whole point of this wiki page!

Second, e-mail scanning (I assume you mean a proxy) is less likely than autoprotect to corrupt Thunderbird mail; they act on data before/after it's in a Thunderbird file. In fact, scanning proxies can protect TB mail files from corruption by preventing viruses from getting there in the first place.

Finally, while what is written here about e-mail scanning an interesting idea, it's certainly not widely accepted and should not be given as advice to end users. It's the opinion of a few and belongs in their blogs or postings to forums. - Guanxi

I hope i addressed your concerns in my rewording. - American Finn

I don't think you've adequately addressed the crucial points Guanxi made above. In my experience with NAV, its autoprotect most certainly will delete/lock up your Inbox or other mailbox if it finds a virus inside, regardless of whether you open the attachment, because autoprotect kicks in whenever the mailbox file is accessed. That's why you have to switch off autoprotect to restore a quarantined Inbox. I don't see how running only with autoprotect is going to alleviate this; the only thing that will help is if infected messages are being quarantined before they reach the Inbox. No? --Wintogreen 11:34, 13 Aug 2005 (PDT)

As explained, the extra benefit of turning off email scanning is (mainly) for compatible AV programs: "Even if your AV program is compatible with Thunderbird, consider turning off your AV program's e-mail scanning but not its autoprotect function."

Also, as far as i know, *most* AV programs' autoprotect function does not do anything unless you access an infected email (even though this does not apply to NAV, as you explained), and, in fact, often only if you access its infected attachment.

This is an important point. Is there any vendor documentation to back this up? I.e., something like this Symantec doc for NAV [1]. --wintogreen (14 Aug)
Comment on my own comment here, hope that's not too confusing... I did a bit of testing with NAV's autoprotect using the eicar anti-virus test file [2], which I attached to a message in TB and stored in the Drafts folder. Interestingly, NAV's autoprotect did not do anything to the message or mailbox even though that mailbox was clearly being accessed by TB (when I moved other messages into/out of the folder, compacted, etc.). It only took action when I did Edit as New on the infected message (apparently because this creates a .tmp file in an AppData temp directory). So, autoprotect doesn't seem to kick in always when a file is accessed. It must have certain conditions for doing this, but I don't know what they are. Next time I get a real virus (which could be months!) I'll play around with it some more. Also, I spent a few minutes looking for some documentation about McAfee's "ActiveShield" but only came up with this user's guide (PDF), which gives only very sketchy info. --Wintogreen 01:54, 15 Aug 2005 (PDT)
What happens when you send eicar to yourself? (both with the mail folder excluded and not excluded in Norton's configuration) If you need an email with a real virus, send me a PM; there are lots of them in my junk folder. (I always keep a nice collection of junk because in the past, TB sometimes needed to be retrained.) American Finn 00:00, 16 Aug 2005 (PDT)
As expected, I can't send the test virus to myself. It always gets blocked server side on the way out (even Gmail blocked it outgoing). I also tried sending the eicar file to myself from here, but it also gets blocked server-side and never reaches me. No doubt that's why I haven't even seen a virus in the last 10 months. --Wintogreen 06:22, 17 Aug 2005 (PDT)

And even in the case of NAV, with email scanning disabled, TB makes sure that almost all infected emails end up in the junk folder and are deleted when that is emptied.

Not quite. All incoming mail passes through the Inbox, and even if it gets automatically passed to the Junk folder and then to the Trash, and then if the Trash is emptied, all those junk messages will still remain in the Inbox (merely hidden from view) until you compact folders. This still leaves the Inbox susceptible to being zapped by autoprotect -- depending, of course, on how the AV software's autoprotect works. --wintogreen (14 Aug)

As a result, the following and other serious problems caused by email scanning are avoided: continuous system drain, thousands of unnecessary scanning processes, and dozens or hundreds of potentially dangerous and completely unnecessary surgical operations within the mail folder.

These are incidental to the points Guanxi raised above, but that's OK. (1) Hogging system resources is a legitimate concern for some users, depending on their system and AV software, etc. (2) The scanning processes are "unnecessary" insofar as autoprotect will offer protection, but the real issue here is whether it's best to prevent infected messages from entering the Inbox in the first place. (3) This OE expert [3] claims that scanning incoming mail can cause problems when infected messages are removed (before they reach the mail folder, not from "within" it), due to the "fragility of the OE message store". If true, and true for TB as well as OE, then it's certainly something that users should consider. --wintogreen (14 Aug)

Emptying TB's junk folder is a much, much better way of deleting infected emails than using any AV program to find and delete these same messages, and TB identifies almost all infected emails because they are usually spam.

And in the case of almost all of these infected emails in the junk folder, since the autoprotect function of even badly designed programs like NAV doesn't kick in unless you access the junk folder, turning of email scanning is in fact also beneficial in the case of incompatible AV programs: since almost all infected email will be in the junk folder, NAV very seldom gets a chance to corrupt the inbox even if it would do so if there is no junk mail filtering and it would delete the inbox if one previews an infected email without even opening its attachment. American Finn 01:35, 14 Aug 2005 (PDT)

See what I said above about compacting folders. What happens when you turn off email scanning and allow an infected message to reach your Inbox is that, if TB automatically junks it, you now have TWO copies of the infected message in your system: one in the Inbox and one in the Junk folder. That's not a beneficial result.
As far as I can judge at this point, I can't see any strong reason to advise people to disable email scanning unless it's causing them problems -- frequent Inbox corruption, inability to download mail, severe drag on the system, etc. I don't have a problem including it in the article as an option as long as we point out that autoprotect can also zap the Inbox or other folders; disabling email scanning can't be presented unambiguously as a solution too that problem. I think this can be written up concisely, too, with links to external references where appropriate. It doesn't need a whole separate argument at end the article. --wintogreen (14 Aug)
One further comment: TB 1.5 is going to have an option to let incoming messages be downloaded first as individual files before passing them onto the Inbox, so that they can more easily be scanned (and quarantined if necessary). If AV autoprotect (not email scanning) sniffs these files before they get passed to the Inbox, that would allow autoprotect to effectively keep infected messages out of the Inbox. Let's hope that it works that way! --Wintogreen 01:54, 15 Aug 2005 (PDT)

Sounds great. But i think i still won't allow my AV to scan email, neither incoming messages nor ones already in the inbox or the new temporary folder. First of all, this new option doesn't eliminate the problem of new malware being identified and removed later when it's passed into the inbox. In any case, any outside program messing around in TB is prone to make mistakes. Even if such mistakes will then usually be restricted to the newest messages being downloaded, i can't risk losing even a single important email. Also, i wouldn't want even a single important email to be unnecessarily deleted just because it has a virus attachment. The AV's job is to prevent idiots from opening unannounced attachments, and it will do that even with mail folder exclusion and with email scanning disabled. TB's junk filter and the delete button are the only really safe ways of getting rid of suspicious and/or infected email.

I hope i addressed your other points by my changes in and additions to the article.

One more comment though. The main reason people switch to Thunderbird is security. Users will feel seriously betrayed if the result of switching to a safer program results in important mail being destroyed. That's *very* bad security for most users, much worse than most ever experienced with OE (even though email download scanning and autoprotect monitoring of mail folders can cause problems in OE too), since most users do not know how to get something out of quarantine (even if this article is rewritten well), and most don't have backups of their mail folders, and most of even the ones that do will lose at least some new mail, which is always felt to be the most important mail at the time. The feeling of betrayal is well founded if users were not warned that possible inbox corruption can be safely and easily avoided. These are very strong reasons to *not* wait until people lose mail before telling them about the solution, especially because we are dealing with a Microsoft-like attitude towards users and their security on the part of the AV industry, including unscrupulous marketing that places profits, bells, and whistles much higher than customer interests and security and that makes (very bad) software design decisions. (Another one comes to mind: not including the extra code needed to safely and easily remove malware from system volume information and instead forcing users to senselessly delete all their restore points, which shows that most of the AV industry is apparently just as amateur and sloppy as MS.)

As far as i understand, not letting email being scanned during downloading *and* not letting autoprotect snoop in the mail folder are 100% effective in preventing inbox corruption and other AV program problems with email. This seems to be completely safe because autoprotect will apparently not let malware be loaded into memory even if one tries to launch it from a folder that the AV is configured to not monitor for malware. American Finn 20:45, 15 Aug 2005 (PDT)

If, by "not letting autoprotect snoop in the mail folder", you mean the Inbox, then yes I agree that this should prevent the Inbox from becoming deleted/quarantined or corrupted, since the AV software won't ever have its hands on the TB Inbox at all. (This assumes the Inbox is also excluded from any periodic system scans that a user might do, of course.) Mail folders other than the Inbox could still run into trouble, though, unless they are similarly excluded from AV activity. FWIW, I see that my version of NAV has OE's .dbx files excluded from autoprotect by default.
On a side note, I'm not sure there's significant risk of TB Inbox corruption (as opposed to it being deleted/quarantined) due to routine AV activity. The link I gave above [4] is talking about OE, and even there it's just as assertion that we have to take on faith because the person is supposedly an OE expert. I can't say I've seen many clear cases of this is the forums, and I've read and replied to thousands of forum posts. Would like to see some good evidence that this is an actual problem (like the deleted Inbox problem) and not just a problem in theory. --Wintogreen 06:22, 17 Aug 2005 (PDT)
Here's a credible reference (with Bugzilla links) about AV problems with TB/Mozilla Mail, which I just happened to stumble upon. --Wintogreen 05:43, 20 Aug 2005 (PDT)

---

I am trying to fairly and respectfully address the controversial changes, and I appreciate the author's good will and effort, but I think this has gone too far:

Despite the best of intentions, most of the article is now one person's unusual ideas and long discussions of viruses and antivirus software; much of it is somewhat off topic and, in my opinion as an IT manager for over 10 years, I think almost any IT professional would say it is erroneous and dangerous to end users who might follow it.

I'm not criticizing the author for making the arguments -- the common wisdom has been wrong before -- but innovative ideas and debate belong in the authors' blog or Slashdot or Mozillazine's forums, not in a wiki authored by many people and designed to support end users.

I suggest the following: Revert the article to the version before the changes were made. Propose and discuss the ideas in Mozillazine's forums. Once/if they get general agreement there, post them here in final form (concise, clear and to the point) and we can come to some agreement at that time. - Guanxi 01:00, 25 Aug 2005 (EDT)

---

Guanxi, calling for a removal of everything one author has contributed is not "trying to fairly and respectfully address" the info and help that author provided, especially since the newest form of the article addresses all your objections with information that backs up my claims and advice and shows why your objections and fears are unfounded. You, on the contrary, have not reacted to the new contents i presented in addressing your objections.

Trying to disqualify information provided by referring to one's personal qualifications and job and/or the majority of IT professionals are not valid arguments and not responses to the new contents. In addition, the majority of IT professionals are not a good reference because most are lazy and still only interested in following the pack in saying that the best solution is using exclusively MS products (and checking for updates every 15 minutes). Therefore, using the majority of IT professionals as an argument in a Mozilla forum at best proves the opposite of what you're trying to say. (BTW, i guess everyone realises that i do not consider you lazy or any of the other critical things i'm saying about your colleagues because otherwise you obviously wouldn't be active in a Mozilla project.)

I am no expert, but i quoted experts; it is simply incorrect to claim that the article's current content is "one person's unusual ideas and long discussions of viruses and antivirus software". Didn't you read the quoted security experts and AV manufacturers at the links i provided? The majority of *IT professionals* may disagree with what i wrote about AV program settings (and the reasonableness of using exclusively MS products and not using FF or TB), but that does not make them right, and more importantly, the majority of _independent_ *security and malware experts* probably support my views, not yours.

I'm willing to have the "controversial", minimalist, and efficient (i.e. Mozilla-like) approach to email malware i presented moved to a separate section at the end, which only interested readers will read, but people with the intelligence and courage to choose open source software have the right to hear (and most want to hear!) about a sane and no-nonsense approach to email attachments that frees them of the drug addict mentality and hysteria fostered by the AV industry.

Once we agree on the contents, i am of course also willing to shorten and reorganise the text considerably and am thankful for any help in doing that. American Finn 22:15, 25 August 2005 (PDT)

---

I do not reject the changes; I suggested a process by which they could be included (see my last paragraph, above): They require a lot of discussion and the KB wiki is not the place for it. Have the debate elsewhere and, if consensus is reached, they can be included.

The burden is on the contributor to get consensus support: Nobody can demand space in our shared wiki to advocate their ideas. I have my own ideas; can I demand space too? What about every other KB contributor? What if my ideas disagree with someone else's? What about previous contributors whom A.F. contradicts? Each believes in their ideas just as American Finn believes his.

I also don't think anyone can demand that the rest of us take time to read long treatises. If you think you have something important enough to interrupt everyone else, be respectful of their time and be brief, succinct, and clear. If someone will post that (in a forum, not here) I will read it and respond. - Guanxi 10:01, 26 Aug 2005 (EDT)

---

Guanxi, the reason this article (temporarily!) got so long is because it was necessary to incorporate info to show that your objections and fears about the original short (one-paragraph) addition were unfounded. Once we agree on the content, the additions can be considerably shortened. Two paragraphs are probably enough. And placed at the beginning, they will save most readers the bother of reading through the lengthy and complicated technical details that this article originally consisted of and that would frustrate and put off most users.

All that most users need are simple instructions that remind them what kind of attachments are dangerous even if they have email download scanning and profile folder enabled and simple instructions on how to keep their AV programs from messing around in the profile (both during and after email downloading). Since even many people who know quite a bit about security issues will erroneously think that such settings are dangerous, we will also need to add a short explanation at the end of the article pointing out that AV programs do not permit access to infected attachments even if they are configured to not scan the profile folder.

Guanxi, you have still not responded to the facts presented. This article and others in this wiki should not be about my or your ideas or even about majority opinion but about facts and the advice offered by real experts, i.e. independent email security experts and not generalist IT professionals. You have not presented anything to disprove the facts and the validity of the expert opinions i quoted or presented.

Please don't waste others' and your own time by beating around the bush. Talk about the contents and the facts, not the style or the length or the presentation. I have provided facts and expert opinions for my proposed additional info. You, on the contrary, have not provided any reasons for your proposed removal of the important new info except that you and the majority of IT professionals don't agree. Since the majority of IT professionals also advocate using only MS products, their opinions on how to deal with email malware is not credible, especially in a Mozilla knowledge base. American Finn 02:03, 27 August 2005 (PDT)

How to fix this page

I don't know if I'll have the time to do this myself any time soon, but here are some ideas on what to do with this article (which, I think we can all agree, is something of a mess in its present form). --wintogreen 05:42, 16 October 2005 (PDT)

  1. Completely remove the "Reasons for disabling email scanning and profile folder scanning" section and put it in a separate page (e.g., Antivirus software: to scan, or not to scan?). This separate article can discuss differing "theories" on or approaches to email scanning, so that users can make an informed choice. Where appropriate, the main article will link to this new article.
  2. Get rid of the "Notes" at the bottom of the page. Reduce each note to a pithy sentence or two and move that text up into the article.
  3. Cut down on the superlatives ("ridiculously low") and get rid of the conspiratorial talk about the AV industry.
  4. Reduce the number of links to kb-external sites. Except in the "List of compatible and incompatible antivirus programs" section, those links add a lot of visual clutter but little info that is contextually critical. Perhaps create an "External links" section at the end of the article and put some of those interesting but not crucial links down there.

---

I removed the notes completely -- in case somebody doesn't agree with the suggestions in the text, we may need to put some of the information and arguments that were in the notes back into the text.

Not sure that the information provided at the links would be as helpful at the end. Most users don't want to go jumping back and forth between the text and links at the end. Much of the information provided at the links is apparently quite unknown to even advanced users, and they would like and need these very necessary references to realise that the text is not proposing anything strange or idiosyncratic, just things they haven't heard. --American Finn 09:55, 21 October 2005 (PDT)

Yeah, you're probably right about the links; it was just an idea. Anyway... I've made some other changes. (1) I got rid of the "eliminate" - "prevent" - "limit damage" scheme and instead made it app-centered. (2) I labelled the tips related to Email scanning - pros and cons as being for advanced users because it makes for neater organization (all the detailed explanations can go into the other page) and because, well, they are for users who are relatively advanced. Someone who tries those things but winds up doing them wrong (excluding the wrong folder from scanning, turning off autoprotect, etc.) could make a real mess for themselves. (3) I've greatly trimmed down the text explaining those "advanced" tips, but will try to put some/most of it into the other article, where it seems to fit better anyway. Just trying to make the main article cleaner and easier to read. --wintogreen 07:10, 22 October 2005 (PDT)
Great editing job, but i disagree that disabling email scanning is only for advanced users. Excluding mail folders from autoprotect and from system scans is more difficult, but clicking on email scanning and choosing Disable is easy even for beginners and definitely easier than recovering a quarantined or corrupted mail folder or inbox, which is a major catastrophe for most users. --American Finn 13:28, 30 October 2005 (PST)
I suppose this could be a matter of splitting hairs, but our discussion at Talk:Email scanning - pros and cons (in the "What to exclude from scanning" section) seems evidence enough that setting AV excusions is indeed an "advanced" affair. If it were so non-advanced and straightforward, we wouldn't need to have that kind of discussion in the first place! As I've noted on that other Talk page, even though you seem to think that excluding a folder from autoprotect is "not dangerous", my own testing with NAV suggests quite the opposite, which at the very least should serve as an indication that setting AV exclusions is tricky business. People who don't know what they're doing can end up making themselves more susceptible to malware, hence the "advanced" flag. --wintogreen 19:54, 30 October 2005 (PST)
That discussion section is not talking about scanning email being received or sent, and i tried to also make the distinction between that and the exclusion of folders in scans or autoprotect in the previous comment above. --American Finn
(Apologies for chopping up your post; it's easier to reply this way...) OK, I see what you mean. You were talking only about email scanning, and I was talking about the 3 bulleted items together (only 1 of which is about email scanning). --wintogreen
Most AVs have an entry called email scanning in the UI, and it's usually easy to click on that and to choose Disable. This leaves the user with the exact same level of protection as with it turned on if they have autoprotect turned on, as even said by AV manufacturers. -- American Finn
True, it's a snap to disable email scanning, and while it's true that doing so still leaves users protected, they're protected in a somewhat different way -- one that doesn't mean their Inbox won't get zapped by autoprotect or system scanning. That's the "advanced" understanding that users need to have before switching off email scanning. --wintogreen
Just to be sure, this advice should be in a different section that does not even talk about the ideas of disabling autoprotect or scans of certain folders. In addition, users should be warned that they only have the same level of protection despite disabling email scanning if their AV has an autoprotect function since some AVs do not have this. --American Finn 01:48, 31 October 2005 (PST)
Yes, I think we can make the presentation clearer than it is now (even that Symantec article is confusing with its loose wording). But for the reason I've noted above, we do need to make certain to explain the part about email scanning in relation to the bits about autoprotect, system scans, and exclusions, because we don't want people to casually switch of email scanning without understanding the other ways their Inbox could get quarantined. I was actually thinking about that earlier myself but wasn't sure how best to do it. Well, we are making progress here anyway... one step at a time! --wintogreen 05:14, 31 October 2005 (PST)

-- In the context of the current issues with McAfee attachment scanning (ref: [5]), there still seems to be fundamental issues with this section "Antivirus program settings" which I assume relate to the discussion above, which I am loath to read. AIUI, the current wisdom is that scanning of incoming messages is problematic, that AV often break or that vendors have trouble making things work correctly, and that it makes more sense to have AV scan messages when they are opened. Is that incorrect?

not opening attachments for a day

This advice may prevent viruses, but I think it's problematic:

In addition, it is a good idea to wait at least one day before opening any attachment that has been forwarded to give your AV program's manufacturer a chance to provide a perhaps necessary new update.

I think for most people, and especially most working people, that's just impractical. My friends and co-workers would be a little unhappy!

Absolutely. "Sorry, boss, but I can't open that file you sent until the next virus definitions come out. Tomorrow at the earliest." Repeat twice/day. Lose job. --Wintogreen 11:40, 13 Aug 2005 (PDT)

As explained, this extra protection advice applies only to forwarded emails with attachments and only from unknown senders. American Finn 01:18, 14 Aug 2005 (PDT)

I'll try to edit for clarity when I have time. --Wintogreen 14:22, 14 Aug 2005 (PDT)
Sorry for the delay -- work and family keep me busy. The solution will work, but I do not think many would follow the advice. If they want to open it, they want to open it now, no matter where it's from. We could suggest asking someone more knowledgable before opening it, and provide a list of extensions to avoid (.exe, .scr, etc) - Guanxi 22:23, 24 Aug 2005 (EDT)

Thanks, please do. So far, i've only had time to add information, not to shorten, streamline, or clarify it. American Finn 00:21, 15 Aug 2005 (PDT)

I might just let it sit for now, esp. since Guanxi hasn't chimed in yet and since it's going to need rethinking anyway for the 1.5 release, which I hope isn't too far off. --Wintogreen 02:06, 15 Aug 2005 (PDT)

"The solution will work, but I do not think many would follow the advice. If they want to open it, they want to open it now, no matter where it's from." This is a completely illogical argument. Just because some or even many won't follow some advice is no reason whatsoever to not give that advice. If the advice works, we can and should give it. We are, in fact, morally obligated to not keep this information to ourselves, especially since it is effective, as even Guanxi admits. American Finn 22:37, 25 August 2005 (PDT)

Using Thunderbird GMail and AVG

While GMail and Thunderbird Configuration is available through Google, ensuring your email is protected from viruses isn't as straight forward. Below are the configuration options I used to get AVG's POP3 Proxy working with GMail and Thunderbird. Instructions are provided for Thunderbird 1.06 and the latest version of AVG Free Edition

Thunderbird Settings

Below are the settings used for Thunderbird. Notice that these settings are nothing like what Google list for GMail This is because we want it all to run through AVG's POP3 Proxy

Incoming (POP3) Configuration

Server Type: POP Mail Server

Server Name: 127.0.0.1 Port: 995

User Name: username@gmail.com

Server Settings

Use secure authentication: unchecked
Use secure authentication: unchecked

Outgoing (SMTP) Configuration

Outgoing Server

Server Name: 127.0.0.1 Port: 587

Use name and password: checked

User name: username@gmail.com

Use secure connection: NO


AVG Settings

In order to add this configuration you must do the following

  1. Open the AVG Control Center
  2. Click on Email Scanner
  3. Click on Properties
  4. Click on the Servers tab
  5. Click on Add

Incoming Server Configuration

Server Type:

POP3 - Protocol for receiving email messages

Connection:

Type of login
Fixed Host: pop.gmail.com
Additional Settings
Local port: 995
Use APOP if available - unchecked
Connection: Secure to dedicated port(TLS)

Activate this server and use for sending/receiving email - checked

Outgoing Server Configuration

Server Type: SMTP - Protocol for sending email messages

Connection

Relay Host: smtp.gmail.com
Detail Settings
Local Port: 587
Queue processing: Automatic
Connection: Secure to regular port (STARTTLS)
Administrative Server
Send administrative messages to server port: 995/pop.gmail.com

Activate this server and use for sending/receiving email - checked