I did have Avast set to repair and if failed, delete infected emails (I have since set it to delete only). The message shown in the screenshot has been trapped by my anti-spam filter. Is this the repaired remnants of an infected fake Microsoft message or is it still infected (just curious, I have no intention of allowing it through to my e-mail client)?
redman
How can avast! repair this e-mail? Does it contain any malicious code?
I’ve no idea, that’s why I’m asking the question as to what this e-mail actually is. I had a warning when it was received and the Avast log says this (see screenshot):-
redman
your file is blank???
Microsoft does not alert users of updates by email… They are mostly viruses or worms…
Well, I think I’ve read this in the avast forums a long time ago…
So, to get back to my original question - is the e-mail that is held by my anti-spam tool still infected or has Avast rendered it safe?
Yes they do, They don’t send the users the update as well, In my opinion you should just delete this email, Im sure someone who has alot more knowledge than me will help you 
Which file?
If you choose ‘OK’ on virus alert, avast should just the email be downloaded… but the code was not run (i.e., the infected file is not executed). If you choose another action, like repair, delete, send to chest… the proper action will be executed.
About Microsoft emails, sorry, I’m seeing that my assumption was wrong…
Strange, I can see it on my screen.
MS don’t send unsolicited email warning of viruses/updates, only if you have signed up to their email update notifications. So if you havent signed up be suspicious, be very suspicious.
I think from what I can tell, that Avast has deleted the attachment (if you look at the first screenshot in this thread you will see that the attachment field is blank) and allowed the main part of the e-mail since (presumably) it doesn’t contain any viral code. In any case, from the grammar in the text alone, it is clear that it is not a legitimate e-mail. Here is the e-mail header (taken from the message stored in the junk box of my anti-spam program):-
Attachment: \upgrade382.exe Virus: Win32:Swen [Wrm] Deleted
Content-Type: multipart/mixed;
boundary=“ZZEE+_=_41ec1331F4C1B5A0564A0F4CC2EBBF7B6731DA2E0”
Date: Mon, 17 Jan 2005 11:53:53 +0100 (CET)
Delivered-To: va_plusn-valencia-newsgroups@valencia.plus.com
From: “Microsoft Corporation Security Bulletin” zcrznexhq@confidence.microsoft.com
Message-Id: 20050117105353.6561C1C00239@mwinf0606.wanadoo.fr
Mime-Version: 1.0
Received: (qmail 31448 invoked from network); 17 Jan 2005 10:54:54 -0000
Received: from unknown (HELO ptb-mxcore02.plus.net) (212.159.14.216)
by ptb-mailstore04.plus.net with SMTP; 17 Jan 2005 10:54:54 -0000
Received: from smtp6.wanadoo.fr ([193.252.22.25])
by ptb-mxcore02.plus.net with esmtp (Exim) id 1CqUX8-000HJ8-6U
for newsgroups@valencia.plus.com; Mon, 17 Jan 2005 10:54:54 +0000
Received: from me-wanadoo.net (localhost [127.0.0.1])
by mwinf0606.wanadoo.fr (SMTP Server) with ESMTP id A39261C002AE;
Mon, 17 Jan 2005 11:54:53 +0100 (CET)
Received: from bzrllmhy (Mix-Lyon-302-3-153.w193-248.abo.wanadoo.fr [193.248.230.153])
by mwinf0606.wanadoo.fr (SMTP Server) with SMTP id 6561C1C00239;
Mon, 17 Jan 2005 11:53:53 +0100 (CET)
Return-Path: mairie.chamboeuf42@wanadoo.fr
Subject: [avast! - INFECTED] Latest Internet Patch
To: “Commercial Consumer” consumer-ogtdui@confidence.microsoft.com
X-Antivirus: avast! (VPS 0502-4, 16/01/2005), Inbound message
X-Antivirus-Status: Infected
X-Me-Uuid: 20050117105354415.6561C1C00239@mwinf0606.wanadoo.fr
X-Open-Relay: 193.252.22.25 is in a black list at bl.spamcop.net
X-Zzee-Translated: 1st Email Anti-Virus 4.0
X-ChoiceMail-OriginalAccount: email@valencia.plus.com
Another query related to this: If I had had Avast set to delete in the Virus options for the e-mail scanner, would that have deleted the whole message in this case or just the attachment as has happened here? (it was set to repair if fail delete when this message was received).
Just the attachment.
Thanks for the clarification.
You can subscribe to receive security news by microsoft. But if you do not request this you shoudn’t receive emails from microsoft,…if you do receive them and you did not request this,…then it is spam ;D
redman
it was set to repair if fail delete when this message was receivedYou actually answered you own question. The infected part was the exe file. Since it's not repairable it was deleted. If you had set it to delete, It would have done the same thing.