Avast and email conflictions?

Hi, I wonder if you can help me. Recently I have experienced one or two problems between Avast (free edition) and my email behaviour. :cry:

This first problem was in forwarding a couple of nice emails to some friends. The Avast warning siren and message balloon bounced up, even though Avast had allowed the mail to come through in the first place. Okay, I though maybe the email was too large, so it might have upset things.

However, a day or two ago I, again, received a nice mail that I wanted to forward. This one only had a few lines of text and a very small picture. However, up shot the Avast warning and siren again. I really canā€™t understand it because if there had been any kind of virus then surely Avast would have prevented it coming into my mail programme in the first place?

Incidentally, after the initial incident, I ran a scan with Avast and all showed a clean system.

Any advice would be helpful as I am now nervous about trying to send any forwarded emails to friends (even though most of them go through without a hitch) as they also get Avast sirens when they try to look at them.

Thanks in anticipation of an early response from somebody. :-*

Is there any attached file to that email?
How many friends are you forwarding the email at once and how is Internet Mail provider security level (High or Normal)?
Which is your email program?

Hi again,

There was no attachment with the last particular mail I mentioned, merely a photograph towards the bottom of the page. (the whole thing was quite short).

I use OE to send and receive mail, but receiving comes through MailWasherPro. I thought (please correct me if Iā€™m wrong) that initially all the mail went through Avast first? Or does Mailwasher get it first and Avast only when you have accepted delivery to be sent from Mailwasher to OE - Avast therefore being ā€œthe middle manā€?

Because of this problem, I have made a point of trying to send it out purely to myself first (to see no warnings came up) before attempting to send it on. I still get the siren - even though Iā€™m sending from my inbox in OE to myself. I think the security level is set at Normal, but Iā€™ll check on that.

Thanks for your reply so far.

I think avast provider scans the email when it is being downloaded.
Iā€™m not sure it scans the preview shown into MailWasher as, there, you have only a text preview of the email. Besides, MailWasher is for inbound email and youā€™re having trouble sending them, correct?
Can you post a screenshot of the virus warning message that comes with the siren?

  • Note avastā€™s Internet Mail provider would scan the inbound email traffic to MailWasher:
    MailWasher doesnā€™t download the complete email to do its analysis, it only downloads the headers, a small part of the body, it doesnā€™t download images or attachments and it views what is downloaded in text only. Based on this I personally donā€™t feel that any negligible risk worth scanning duplication, but the choice is yours.

By editing the avast4.ini file, [MailScanner] section using a text editor like notepad. It is best to save a copy of avast4.ini to another location in case of any problem, you can then copy the original back.
[MailScanner]
IgnoreProcess=MailWasher.exe add this line if you donā€™t already have an IgnoreProcess line.
Save the changes to avast4.ini and exit, the avast self-defence module will ask are you sure about the changes, etc. answer Yes.

Hopefully I have managed to get the right size and format of picture of the Avast Warning Screen. As has been said before, I donā€™t think the problem is anything to do with Mailwasher, as this happens when Iā€™ve already got the mail in OE and I want to send it out again (to myself).

Cross fingers that the attachment is allowed in (this will only be my fourth attempt at trying to provide the picture, as requested).

It hasnā€™t anything to do with maliwasher, but the mailwasher partial downloads will be scanned by avast at best this is duplicate scanning, which as I mentioned earlier I feel is pointless. At worst, given your alert image ā€˜Partial Message Dangerā€™ I donā€™t know if this is an alert which could also occur when mailwasher only downloads part of the email. So that is the purpose of not scanning the email traffic of mailwasher, nothing more.

Back to the main problem:
So why there an alert on the outbound message if you only forwarded it (made no other changes ?) when it didnā€™t get an alert when you received the email.

I have looked at the Heuristic settings and I can see nothing that I think would generate this ā€˜Partial Message Dangerā€™ suspicious alert and it is one that I have never seen in over five years on the forums. So I really am at a loss as to what might have caused it as I cant find an option that would be checking for this.

What is the sensitivity of the Internet Mail shield ?
Have you tweaked any other settings in that shield ?

I see that there is a Subject structure check in Heuristics, but that as far as Iā€™m aware only checks the structure of the Subject and not the structure of the email.

Now images in some emails are embedded (part of the email) and others are simply links to the site where the image is located and this remote image location could potentially have a malicious purpose, so again I donā€™t know if that is the cause. It is the actual ā€˜Partial Message Dangerā€™ message that is throwing me for a loop as I have never seen this before and I canā€™t see what check might trigger the alert.

So I think it will need some input from one of the avast developres.

Hello, David, Thanks for your reply. Like you say, perhaps Iā€™ll have to wait to see if any of the Avast techies can advise. With regard to tweaking any settings? No, I donā€™t do things like that simply because I donā€™t particularly understand them so I always let the programmes use their default suggestions (unless I am given very good, easy-to-follow advice from 2 ā€œspecialistā€ in that given field).

Regarding this last particular mail that I tried to send - I really cannot see that there would be any kind of problem, re: virus, malware, etc as the person who it came from is an IT consultant and Administrator of a very busy forum.

I can quite easily ask on the forum (as it has a pc room with lots of knowledgeable folk) but I normally believe in going straight to the manufacturer/provider if I seem to have a problem with their hardware/software to see what they advise first.

Iā€™ll check back in a day or so to see if there are any more answers.

The alert isnā€™t saying Virus, just that the heuristic checks find something suspicious (so it isnā€™t a cast iron detection).

No, I realise it isnā€™t saying it IS a detection - Iā€™d be happy enough about it if it WAS detecting something. Itā€™s because Iā€™m pretty sure there isnā€™t a problem that Iā€™m getting annoyed at Avast shooting up the warning.

No answer from one of the techies yet, then? Iā€™ll check back in a while.

Thanks, David, for your previous interest.

Tech: You asked for a screen shot and I have provided one. However, you havenā€™t posted anything in response. Excuse me asking, because I donā€™t know the set-up on here, but are you one of the technical people/advisors for Avast? If you are, then could you please give me any advice on the screenshot provided.

Thanks very much.

I donā€™t know if this is related at all, but I have noticed (when testing a new email account) that Avast! deletes outgoing messages if they contain only the text ā€œtestā€ in the header or body. There is no notification, the message is logged as having been sent (Iā€™m using OE7), it just does not get sent out. I wonder if this is an anti-spam measure? It would be a good idea if Avast! were to alert the user whenever it does anythig like this

Youā€™re welcome.

As for your previous attached screenshot, I doubt there is much more that Tech can add or I believe he would have. Tech is an avast user like you and I, albeit a very experienced one, but we need input from someone from the Alwil team or Moderator (that is what you usually see in their profile information).

Personally, I donā€™t know what this ā€œPartial messageā€ is or whatā€™s the associated danger - I can only guess that the check was implemented to fulfill this.

Thanks Igor,

If it is for this:

FAILED Test #24: Test for the "Partial (Fragmented) Vulnerability". This does not include Eicar virus, but your mail server still must block this since it can break a virus into multiple emails and reassemble it in your inbox.

Then it is strange, given that the email was already in her system and she sent it to herself again. Also I guess this check is also in the ā€˜Normalā€™ sensitivity given the potential of the of the vulnerability.

@ Lyndy33
Check the avast! Log Viewer (right click the avast ā€˜aā€™ icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe

  • Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.

Though I donā€™t know if there will be any more information there or even if this ā€˜suspicionā€™ would be recorded or not, since it isnā€™t a virus detection.

Thanks to all who have had the courtesy to respond - even though I seem to have presented you with something nobody knows how to deal with. I only know that the siren going off is somewhat startling and, what is embarrassing to me, is that my friends are receiving mail from me which gives them a virus alert.

I have, therefore, uninstalled Avast from my system in favour of a less intrusive anti-virus program.

Thanks anyway, guys.