I’ve been very concerned that eM Client has been accessing webpages in the background associated with e-mails when the e-mails are received in eM Client. The e-mails are not even opened.
Bitdefender Antivirus Plus has been notifying me of this as “Suspicious web page detected”.
It identifies “mailclient.exe” (eM Client), as the program. I don’t understand why eM Client is accessing websites in e-mails upon receipt of those e-mails. This is huge security problem because of spam.
This is happening every day, with multiple notifications like this, obviously spam e-mails. All regarding mailclient.exe and websites it is accessing that I would never go to.
Maybe there is a setting in eM Client to stop this behaviour. I haven’t found it.
It identifies “mailclient.exe” (eM Client), as the program. I don’t understand why eM Client is accessing websites in e-mails upon receipt of those e-mails. This is huge security problem because of spam.
Its normal for mail clients to access anything within the email “unless you block the sender” including external url links and images etc and is not an eM Client security problem.
Your Antivirus Security program is just alerting you to url links etc within the email that might be suspicious “like most other third party antivirus programs do when scanning your incoming email”.
You can control whether the mail client accesses any senders email content via going to “Menu / Settings (Preferances) / Mail / Privacy” where by default eM Client blocks external content.
You can adjust that to suit yourself as to what external senders email is displayed including spam email. See the online documentation.
If you are getting alot of spam / Junkmail in your Inbox with content and links you don’t want and your mailbox providor doesn’t have Junkmail filtering options, then you can setup eg: Local Rules in eM Client to block them via “header, subject, body content or domain name”. See eM Client Rules documentation below.
Like I said, eM Client is accessing the URLs immediately upon receiving the e-mail and before I open it. Bitdefender is blocking it when the websites are suspicious.
From the documentation:
External Images and Other Content are objects in an email that are not directly a part of the email, but that are downloaded from an external source once you open the message.
Which is as it should be. No e-mail client should be accessing URLs in e-mails unless the e-mail is opened, but eM Client is doing it.
eM Client does not do that. The only possible visits of external urls I can think of is when downloading a favicon of the domain to be able to show the avatar in the list. If you want to disable that, you can do it in the settings.
I do not have Bitdefender myself, but in the screenshots you showed it just says:
The suspicious URLs were “detected”, but it does not say they were “accessed”
It seems like it was the downloading of avatars that was the “culprit”. After turning that off, I got no more notifications from Bitdefender. I’m assuming that it was the search for a favicon at the spamvertised websites that triggered the warnings, but …
Avatar downloading
eM Client automatically downloads and displays avatars for your contacts from the web.
We download images from Gravatar, domain icons and more.
Looking for an image from Gravatar or looking for a favicon is not a security issue, in general. Without more information, though, that “and more” is a security risk. I don’t know what else might be searched for and downloaded from spamvertised websites. Obviously images, but even image files can be designed to contain or trigger malware (like SVG). Basically, one should not obtain or open image files from untrusted sources, which a spamvertised website is most definitely. Of course, eM Client doesn’t know if the e-mail is spam or that if the websites referenced in it are trusted or not.
The avatar search and downloading is great, but it’s an all or nothing setting.
So it seems, yes.
As I mentioned, I do not have Bitdefender. It would be interesting to know if Bitdefender can actually determine the type/nature of the request.
