Avast Mac and Mail 3.2 error

First of all, I want to say that I’m very happy to have a version of Avast! that will run on my Macbook Pro! It works very well with one exception - and that’s what I’m asking about today.

As you know, when the Mac boots, it loads Avast! which then is followed by the Mail app loading. Ever few boots, I receive an error from Mail telling me that the database has a problem and that I need to quit and reopen the program to import all my messages.

This works fine - but it’s getting to get old having to constantly worry about the crash and whether the mail will indeed come back or not. Since everything else seems to be working great, I don’t KNOW that the problem is part of my Avast installation - but I do know that it didn’t exist prior to that installation.

Does anyone know if this is a known issue or something new? Does anyone know of another cause for this problem or, better yet, a solution to it?

Thanks for any and all help. :wink:

Actually there’s another. Avast seems to be remarkably blind to old MS Word macro viruses. I’ve recently sent samples and hope they will soon show up in their detection engine. It was also blind to the new DNS changer type trojans - again I’ve loaded a sample to them and I look forward to their catching these. In the meantime Avast protection should be considered basic on the Mac.

From what I’ve seen this is a known bug. There is a workaround which does indeed work - ctrl click the Avast! application and choose show package contents. Under /Contents/Resources/ there is a file GetRuleScript.txt rename or delete this file and Avast will be unable to launch Mail.

From the description I’ve seen this does not cause any harm.

There’s not a solid clue this is being caused by Avast itself. If Avast is implementing the applescript process correctly Mail should not be getting corruption from attempting to scan for viruses. All it’s supposed to do, as far as I can tell, is flag a message as red to warn us it contains a virus. I’ve yet to see flag something for me.

The corruption which sets Mail to cause to re-import the mail … isn’t well defined yet. I agree its happening far more than it used to - are you running Leopard as well?

I have to agree with Smkolins. I periodically download the DNS Changer trojans to see if they are detected. And Avast usually misses them. But if I upload to Jotti. its detected by lots of the scanners. (I put it in the CHest and mail to alwil so they have them if they ever want to add detection)

As for the Mail Database corruption I was having that problem too but it has not occurred in a while now

Actually there's another. Avast seems to be remarkably blind to old MS Word macro viruses. I've recently sent samples and hope they will soon show up in their detection engine. It was also blind to the new DNS changer type trojans - again I've loaded a sample to them and I look forward to their catching these. In the meantime Avast protection should be considered basic on the Mac.
I periodically download the DNS Changer trojans to see if they are detected. And Avast usually misses them. But if I upload to Jotti. its detected by lots of the scanners.

Is there a way to check this?

Quite frankly, if this is the case, it then becomes a deal breaker.

Hopefully, someone can provide some official clarification on this.

Well samples have been submitted to Avast but as of today they still don’t detect the macros or dnschanger samples I have. I’d be open to discuss what you want to “check this”.

Yes…I should have mentioned that - I am running Leopard on the MBP. I also run Fusion so that I can have access to SolidWorks and AutoCAD when needed. The Windows XP virtual machine is also running Avast.

Well samples have been submitted to Avast but as of today they still don't detect the macros or dnschanger samples I have. I'd be open to discuss what you want to "check this".

Forgive me, my knowledge of viruses is rather minimal.

My main concern after reading your post, is that I am unprotected against current mac threats, ie. Word macroviruses, and the DNS changers.

I was wondering if there are other (safe) test files to be found, other than the Eicar.

If the software is not protecting my computer, then why should I use it?

I switched from VirusBarrier to avast because VB doesn’t do much about windows viruses, but does protect the mac. Now, it seems I am protected against Windows threats, but not Mac threats.

There is no perfect protection against threats. Unfortunately the macro viruses are relatively common but the good news is they do little damage on Macs. Often all they do is replicate into each new office document (usually only a Word document.) Occasionally they break the file so that it wont open. There will also be minor misbehavior of things like memory sticks because it wont unmount normally. Of course if you pass it on to a Windows user and their AV doesn’t catch it… well the sky is the limit.

As for the DNS changers the news is better. First they are rare on Macs. In fact the first one is less than a year old. Even better news - you have to install it yourself. It pretends to be a video codec that let’s you view a movie but is in fact a kind of rootkit and specializes in aiming your internet queries against compromised DNS servers which can then point you to compromised versions of banks, etc. But the only exposure of this type of DNS changer trojan for the Mac comes up if you visit certain pornagraphy websites. Many of these trojans affect Windows users but the first one geared specifically to work on Macs came out last year and one syndicate is systematically pushing it through all their compromised systems. But for average people, they will never see it. It’s mostly news in that something of the type now exists where it didn’t before. And sooner or later someone will use the same style of attack on a wider scale.

Course these are just two of a small list of compromises that exist for the Mac. I don’t have any samples of the current Quicktime vulnerabilities. It would be nice to know if Avast! can detect those.

Nope. No safe ones. The idea behind my bank of viruses is I pretty much know what they do and how to handle them. I certainly don’t willy nilly use them. But it’s easy to have a file sitting on a drive and aim the scanner at the file and see what it says.

Avast detects some Mac viruses as well as many Windows viruses but this is true of most AV software. In some respects Avast has an excellent reputation - one of a short list of AV software that detects a particularly nasty javascript attack which finds your model and sends intelligently chosen attacks against your version of computer for example - and yes this nasty javascript thing know about Macs. However the Avast system on Macs doesn’t watch for javascript execution.

I’m here to see what Avast is going to grow like and see if I can help it. If they grow and grow well, all to the good. If they do something else, well then I’ve seen what Avast will do.