avast's Outlook add-in will rename attachments! How to disable this?

system · 2015-08-20T11:01:12.000Z

Hello, I’ve been using avast! free (version: 10.3.2225) on a Windows XP desktop running Outlook 2010.

I experience some bad bad behavior from avast!, namely it will rename attachments to: “Untitled attachment NNNNN.ext” where NNNNN is a 5-digit number (prefixed with zeros if needed) and .ext it’s the original file’s extension (phew!).

Example case:
Suppose, I expected to receive an e-mail containing many PDF attachments one of which would have been something like MonthlyReport.pdf. Unfortunately I would have to find out, using certainly non-productive means, which file is which thus rendering the use of !avast if this goes on, inappropriate.

I’ve tried to disable the e-mail protection from within !avast which did not work and I think that for now I will disable Outlook’s add-in permanently.

Is this something that this is how it was designed to be?
Am I missing some combination of options?

Asyn · 2015-08-20T11:15:41.000Z

There’s no Outlook add-in in the free version, afaik.
Could you post a screenshot…!?

system · 2015-08-20T12:42:11.000Z

%ProgramFiles%\AVAST Software\Avast\asOutExt.dll
5BF2103692FB302AE0C0D65E8C08AFF397FC19CD

Asyn · 2015-08-20T12:50:16.000Z

XP… (32/64 Bit…? - which SP…?)
Other security related software installed…?
Which AV(s) did you use before Avast…?

system · 2015-08-20T12:55:32.000Z

Asyn post:4:

XP… (32/64 Bit…? - which SP…?)

XP 32Bit, SP3

Asyn post:4:

Other security related software installed…?

PrivateFirewall

Asyn post:4:

Which AV(s) did you use before Avast…?

MSE → ZA → !avast

Plus the previously mentioned dll is registered to Class ID:
{B342E21B-AD7E-4568-AE3F-D0D844537A7A}
and the registration date matches the date of !avast’s installation.

Asyn · 2015-08-20T13:00:43.000Z

First, be sure to get rid of all remnants of your prior installed AV(s)…!!
→ https://www.avast.com/faq.php?article=AVKB11#artTitle

Then:

Download Avast Free Antivirus: https://files.avast.com/iavs9x/avast_free_antivirus_setup.exe
Follow instructions: https://www.avast.com/uninstall-utility (Run this tool for all prior installed Avast versions…!!)
Reinstall Avast with the downloaded installer from point 1.
Reboot.

system · 2015-08-20T13:06:33.000Z

The question still remains:
Is that .dll (see: Reply #2) known to be getting installed coming along with !avast free, or not?

Asyn · 2015-08-20T13:09:38.000Z

See: Reply #1

Michael529 · 2015-08-20T18:46:41.000Z

My (32 bit) Outlook 2010 running under Win 7 x64 with free Avast .2225 has this add-in. But it doesn’t change the name of attachments.

system · 2015-08-21T05:50:11.000Z

Asyn post:2:

There’s no Outlook add-in in the free version, afaik.
Could you post a screenshot…!?

I’ve posted a SHA1SUM of the .dll in question.
I’ve also added that the .dll in question, has been registered the same date !avast free was installed, to which you reply again, that this is not part of the normal !avast free installation, suspecting this .dll is malicious I’ll proceed to a complete uninstallation and re-installation of !avast free and keep detailed installation logs which I will post back here.

A screenshot of what?
There are numerous settings for e-mail protection in !avast’s settings.
Namely in: Settings → Active Protection → E-mail Shield.

Michael529 post:9:

My (32 bit) Outlook 2010 running under Win 7 x64 with free Avast .2225 has this add-in. But it doesn’t change the name of attachments.

Is it possible that you could supply a SHA1SUM of your .dll or at least could you confirm it matches the one I’ve posted?

Asyn · 2015-08-21T07:06:35.000Z

olspookishmagus post:10:

I’ll proceed to a complete uninstallation and re-installation of !avast free and keep detailed installation logs which I will post back here.

OK, report back…

Michael529 · 2015-08-21T08:45:07.000Z

olspookishmagus post:10:

Michael529 post:9:

My (32 bit) Outlook 2010 running under Win 7 x64 with free Avast .2225 has this add-in. But it doesn’t change the name of attachments.

Is it possible that you could supply a SHA1SUM of your .dll or at least could you confirm it matches the one I’ve posted?

Not sure about how to generate a SHA1SUM (but willing to try with guidance). For what it is worth, the file asOutExt.dll is digitally signed by Avast and reports size as 462,328 bytes, with size on disc as 462,848 bytes. As in your case, the time and date stamp is consistent with the other files in the directory. My memory - which is very fallible - is that there has always been an Avast add-in in my Outlook.

system · 2015-08-21T10:20:36.000Z

Michael529 post:12:

Not sure about how to generate a SHA1SUM (but willing to try with guidance).
…

Try:
onlinemd5.com

Michael529 post:12:

…
For what it is worth, the file asOutExt.dll is digitally signed by Avast and reports size as 462,328 bytes, with size on disc as 462,848 bytes. As in your case, the time and date stamp is consistent with the other files in the directory. My memory - which is very fallible - is that there has always been an Avast add-in in my Outlook.

A filesize and a datestamp is NOT a unfalsifiable way to identify a series of bytes, in our case a file.
A not yet proven breakable hash is.

Asyn post:11:

OK, report back…

Will do. Did the clean-up(s) and the installation is under way.

Michael529 · 2015-08-22T16:00:08.000Z

Did the file asOutExt.dll reappear when you reinstalled Avast free?

Do you still have problems with attachments being renamed? You will remember that wasn’t a problem that I have here. I wondered if the new version of the file asOutExt.dll on your system was the same SHA1SUM as the old, or whether the previous one might have been corrupted? If it was corrupted my SHA1SUM wouldn’t match yours.

system · 2015-08-25T06:58:15.000Z

Michael529 post:14:

Did the file asOutExt.dll reappear when you reinstalled Avast free?

Yes. After permorming a clean-up and a re-installation (version: 10.3.2225) it did re-appear.

avast_free_antivirus_setup.exe
832322185DA94AD49141F6F58E1CAD387A80D3E0

%ProgramFiles%\AVAST Software\Avast\asOutExt.dll
5BF2103692FB302AE0C0D65E8C08AFF397FC19CD

The following relevant changes, also took place:

Registry key added	0	HKLM\SOFTWARE\Classes\avast.AsOutExt	
Registry key added	0	HKLM\SOFTWARE\Classes\avast.AsOutExt.1	
Registry key added	0	HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\avast.AsOutExt	
File added	0	C:\Program Files\AVAST Software\Avast\asOutExt.dll

Michael529 post:14:

Do you still have problems with attachments being renamed? You will remember that wasn’t a problem that I have here. I wondered if the new version of the file asOutExt.dll on your system was the same SHA1SUM as the old, or whether the previous one might have been corrupted? If it was corrupted my SHA1SUM wouldn’t match yours.

I do, and what is odd is that I still experience this even after disabling that particular Outlook add-on.
You haven’t yet confirmed that SHA1SUM or posted your own.

Asyn · 2015-08-25T07:01:38.000Z

Best you submit a ticket: https://support.avast.com/Tickets/Submit

system · 2015-08-25T07:39:28.000Z

Asyn post:16:

Best you submit a ticket: https://support.avast.com/Tickets/Submit

Not yet.
Michael259 says he’s not facing that issue.

Michael259, what version of Outlook are you running?

Michael529 · 2015-08-25T07:42:18.000Z

olspookishmagus post:15:

Michael529 post:14:

Did the file asOutExt.dll reappear when you reinstalled Avast free?

Yes. After permorming a clean-up and a re-installation (version: 10.3.2225) it did re-appear.

avast_free_antivirus_setup.exe
832322185DA94AD49141F6F58E1CAD387A80D3E0

%ProgramFiles%\AVAST Software\Avast\asOutExt.dll
5BF2103692FB302AE0C0D65E8C08AFF397FC19CD

The following relevant changes, also took place:
Registry key added	0	HKLM\SOFTWARE\Classes\avast.AsOutExt	
Registry key added	0	HKLM\SOFTWARE\Classes\avast.AsOutExt.1	
Registry key added	0	HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\avast.AsOutExt	
File added	0	C:\Program Files\AVAST Software\Avast\asOutExt.dll	
Michael529 post:14:

Do you still have problems with attachments being renamed? You will remember that wasn’t a problem that I have here. I wondered if the new version of the file asOutExt.dll on your system was the same SHA1SUM as the old, or whether the previous one might have been corrupted? If it was corrupted my SHA1SUM wouldn’t match yours.

I do, and what is odd is that I still experience this even after disabling that particular Outlook add-on.
You haven’t yet confirmed that SHA1SUM or posted your own.

@olspookishmagus

Yes, sorry: got diverted.

The SHA1SUM of my file is 5BF2103692FB302AE0C0D65E8C08AFF397FC19CD which looks to me as if it is the same as yours.

Edit. responding here to your later post: I’m running 32 bit Outlook 2010 under Win 7 x64 with Avast Free .2225

It is not to the immediate point but Microsoft have a useful utility that calculated checksums.

Michael

petr_matrix · 2015-08-27T09:12:02.000Z

Hi guys,
in avast free version, there is the outlook add-in too but without antispam part in it.

If you are able to reproduce “attachment rename event”, please enable debug logging, reproduce it, and send me asOutExt.log file.

Thanks,
pm

system · 2015-08-28T18:12:56.000Z

OK, OK, false alarm.

After ruling out it was anti-virus software’s fault and a series of tests conducted with various names on attachments, I have concluded that the reported behavior is not valid.

Therefore, cease the alarm, and thanks to everyone who has participated in this thread and helping me out.

Announcements