I’ve seen several similar issues here, but there are some differences so I need to see if I can get a precise answer for this exact situation.
In the past couple of days, a new trojan seems to have become widespread and it’s showing up every few minutes in my domain’s email in-box (I average 2000+ emails daily for my domain, although 95% of those are spam messages). When an email with the trojan is detected on my MailWasher machine, it is not performing any silent behavior and instead it is popping up this message dialog:
Even though the recommended action says “Delete”, the dialog’s default button is actually configured for “No Action”. That seems fairly dangerous to me. I’ve almost accidentally had it selected via the Enter key before and since that would allow the trojan on my system unrestricted, I’d say it’s a very poor choice for a default button. But anyway, if I do make sure to choose “Delete”, then it comes up with this confirmation message dialog:
I’m interested in finding out how to automate the responses to those two message dialogs so that the first one automatically chooses the “Delete” option and the second one automatically confirms the “Delete Files Permanently” activity. I’ve seen the stuff about the silent option and whether it automatically chooses “OK”, but I’m not sure “OK” would be what I’m looking for here - if it just actuates the default button, then it would not. Is there some way to actually stipulate that silent mode should choose “Delete”? And then also confirm the deletion??
Since this is from email rather than the result of a scan, not being able to automate this is causing any other pending email to wait to be serviced on the particular system that’s popped the message dialog. And since this happens on my MailWasher machine (as well as all my others - I have 10 licenses), it means that my other machines (several different machines all receive email from the same mail server source) end up filling up with spam which would be getting filtered out if the MailWasher machine weren’t being held up by these dialogs. And when there are nearly 2000 spam messages each day, that’s a ton of undesired spam that I’m seeing until I can figure out how to automate those avast! 4.8 Pro choices.
In Home version you can check the option “Don’t show this window again” as soon as the first virus warning appears, and click on “No action” button. This way, nothing will be done and you will be presented the results at the end (and you can perform actions from there).
On version 5 things will be different.
You can use Silent Mode on version 4:
Left click the ‘a’ blue icon.
It will start On-access protection
Do the same for the and Outlook/Exchange plugin.
The answer Yes in Silent Mode keeps the virus in the file or into the message (attach) and continue the scanning. You can’t configure ‘delete the infected file’ in the Home version.
You can do the same for Standard Shield provider, but it won’t be a good idea…
Silent mode in the case of the WebShield provider simply means that avast will keep pressing the “Abort connection” button for the user automatically.
Note avast’s Internet Mail provider would scan the email traffic to MailWasher:
MailWasher doesn’t download the complete email to do its analysis, it only downloads the headers, a small part of the body, it doesn’t download images or attachments and it views what is downloaded in text only. Based on this I personally don’t feel that any negligible risk worth scanning duplication, but the choice is yours.
By editing the avast4.ini file, [MailScanner] section using a text editor like notepad. It is best to save a copy of avast4.ini to another location in case of any problem, you can then copy the original back.
[MailScanner]
IgnoreProcess=MailWasher.exe add this line if you don’t already have an IgnoreProcess line.
Save the changes to avast4.ini and exit, the avast self-defence module will ask are you sure about the changes, etc. answer Yes.
That should stop avast alerting on partial mailwasher email downloads and allow for the deletion by mailwasher of all the spam first, before handing off to your email client to download the remainder. At that point if there are any that weren’t flagged and deleted by mailwasher, but were infected, avast would only then alert.
Okay, I’ve been running in this Silent Mode and things seem to working. Thanks. But you have shown that the only automated choice seems to be to send the infected file to the chest (and yes, I’m using Pro, as indicated in the thread title). So where do I see these chest emails? When I go through all the normal chest entries that I can find, they seem to just be for regular virus files that were found during a drive scan. Where do all the email virus files go when they are sent to the chest by this automated mechanism? I cannot find them anywhere but there must be hundreds of them according to the log viewer. ???