Hi, I wonder if you can help me. Recently I have experienced one or two problems between Avast (free edition) and my email behaviour.
This first problem was in forwarding a couple of nice emails to some friends. The Avast warning siren and message balloon bounced up, even though Avast had allowed the mail to come through in the first place. Okay, I though maybe the email was too large, so it might have upset things.
However, a day or two ago I, again, received a nice mail that I wanted to forward. This one only had a few lines of text and a very small picture. However, up shot the Avast warning and siren again. I really canāt understand it because if there had been any kind of virus then surely Avast would have prevented it coming into my mail programme in the first place?
Incidentally, after the initial incident, I ran a scan with Avast and all showed a clean system.
Any advice would be helpful as I am now nervous about trying to send any forwarded emails to friends (even though most of them go through without a hitch) as they also get Avast sirens when they try to look at them.
Thanks in anticipation of an early response from somebody. :-*
Is there any attached file to that email?
How many friends are you forwarding the email at once and how is Internet Mail provider security level (High or Normal)?
Which is your email program?
There was no attachment with the last particular mail I mentioned, merely a photograph towards the bottom of the page. (the whole thing was quite short).
I use OE to send and receive mail, but receiving comes through MailWasherPro. I thought (please correct me if Iām wrong) that initially all the mail went through Avast first? Or does Mailwasher get it first and Avast only when you have accepted delivery to be sent from Mailwasher to OE - Avast therefore being āthe middle manā?
Because of this problem, I have made a point of trying to send it out purely to myself first (to see no warnings came up) before attempting to send it on. I still get the siren - even though Iām sending from my inbox in OE to myself. I think the security level is set at Normal, but Iāll check on that.
I think avast provider scans the email when it is being downloaded.
Iām not sure it scans the preview shown into MailWasher as, there, you have only a text preview of the email. Besides, MailWasher is for inbound email and youāre having trouble sending them, correct?
Can you post a screenshot of the virus warning message that comes with the siren?
Note avastās Internet Mail provider would scan the inbound email traffic to MailWasher:
MailWasher doesnāt download the complete email to do its analysis, it only downloads the headers, a small part of the body, it doesnāt download images or attachments and it views what is downloaded in text only. Based on this I personally donāt feel that any negligible risk worth scanning duplication, but the choice is yours.
By editing the avast4.ini file, [MailScanner] section using a text editor like notepad. It is best to save a copy of avast4.ini to another location in case of any problem, you can then copy the original back.
[MailScanner]
IgnoreProcess=MailWasher.exe add this line if you donāt already have an IgnoreProcess line.
Save the changes to avast4.ini and exit, the avast self-defence module will ask are you sure about the changes, etc. answer Yes.
Hopefully I have managed to get the right size and format of picture of the Avast Warning Screen. As has been said before, I donāt think the problem is anything to do with Mailwasher, as this happens when Iāve already got the mail in OE and I want to send it out again (to myself).
Cross fingers that the attachment is allowed in (this will only be my fourth attempt at trying to provide the picture, as requested).
It hasnāt anything to do with maliwasher, but the mailwasher partial downloads will be scanned by avast at best this is duplicate scanning, which as I mentioned earlier I feel is pointless. At worst, given your alert image āPartial Message Dangerā I donāt know if this is an alert which could also occur when mailwasher only downloads part of the email. So that is the purpose of not scanning the email traffic of mailwasher, nothing more.
Back to the main problem:
So why there an alert on the outbound message if you only forwarded it (made no other changes ?) when it didnāt get an alert when you received the email.
I have looked at the Heuristic settings and I can see nothing that I think would generate this āPartial Message Dangerā suspicious alert and it is one that I have never seen in over five years on the forums. So I really am at a loss as to what might have caused it as I cant find an option that would be checking for this.
What is the sensitivity of the Internet Mail shield ?
Have you tweaked any other settings in that shield ?
I see that there is a Subject structure check in Heuristics, but that as far as Iām aware only checks the structure of the Subject and not the structure of the email.
Now images in some emails are embedded (part of the email) and others are simply links to the site where the image is located and this remote image location could potentially have a malicious purpose, so again I donāt know if that is the cause. It is the actual āPartial Message Dangerā message that is throwing me for a loop as I have never seen this before and I canāt see what check might trigger the alert.
So I think it will need some input from one of the avast developres.
Hello, David, Thanks for your reply. Like you say, perhaps Iāll have to wait to see if any of the Avast techies can advise. With regard to tweaking any settings? No, I donāt do things like that simply because I donāt particularly understand them so I always let the programmes use their default suggestions (unless I am given very good, easy-to-follow advice from 2 āspecialistā in that given field).
Regarding this last particular mail that I tried to send - I really cannot see that there would be any kind of problem, re: virus, malware, etc as the person who it came from is an IT consultant and Administrator of a very busy forum.
I can quite easily ask on the forum (as it has a pc room with lots of knowledgeable folk) but I normally believe in going straight to the manufacturer/provider if I seem to have a problem with their hardware/software to see what they advise first.
Iāll check back in a day or so to see if there are any more answers.
No, I realise it isnāt saying it IS a detection - Iād be happy enough about it if it WAS detecting something. Itās because Iām pretty sure there isnāt a problem that Iām getting annoyed at Avast shooting up the warning.
No answer from one of the techies yet, then? Iāll check back in a while.
Tech: You asked for a screen shot and I have provided one. However, you havenāt posted anything in response. Excuse me asking, because I donāt know the set-up on here, but are you one of the technical people/advisors for Avast? If you are, then could you please give me any advice on the screenshot provided.
I donāt know if this is related at all, but I have noticed (when testing a new email account) that Avast! deletes outgoing messages if they contain only the text ātestā in the header or body. There is no notification, the message is logged as having been sent (Iām using OE7), it just does not get sent out. I wonder if this is an anti-spam measure? It would be a good idea if Avast! were to alert the user whenever it does anythig like this
As for your previous attached screenshot, I doubt there is much more that Tech can add or I believe he would have. Tech is an avast user like you and I, albeit a very experienced one, but we need input from someone from the Alwil team or Moderator (that is what you usually see in their profile information).
Personally, I donāt know what this āPartial messageā is or whatās the associated danger - I can only guess that the check was implemented to fulfill this.
FAILED Test #24: Test for the "Partial (Fragmented) Vulnerability". This does not include Eicar virus, but your mail server still must block this since it can break a virus into multiple emails and reassemble it in your inbox.
Then it is strange, given that the email was already in her system and she sent it to herself again. Also I guess this check is also in the āNormalā sensitivity given the potential of the of the vulnerability.
@ Lyndy33
Check the avast! Log Viewer (right click the avast āaā icon), Warning section, this contains information on all avast detections. C:\Program Files\Alwil Software\Avast4\ashLogV.exe
Or check the source file using notepad C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log and copy and paste the entry.
Though I donāt know if there will be any more information there or even if this āsuspicionā would be recorded or not, since it isnāt a virus detection.
Thanks to all who have had the courtesy to respond - even though I seem to have presented you with something nobody knows how to deal with. I only know that the siren going off is somewhat startling and, what is embarrassing to me, is that my friends are receiving mail from me which gives them a virus alert.
I have, therefore, uninstalled Avast from my system in favour of a less intrusive anti-virus program.