Could this be a bug?

Almost every time when I start an e-mail by clicking on the e-mail address on a website I receive a message that it could be a virus: “Caution, potential infection was detected” and a pop up screen appears saying

Suspicious subject of message
Sender: Y. Frobel - y.frobel@hetnet.nl
Recipient: Gemeente@Dalfsen.nl; milieupunt@prv-overijssel.nl
Subject:.

Even though I can’t imagine that simply copying the characters milieupunt@prv-overijssel.nl from the website text and pasting it in the address bar of MS Outlook is harmful.

But because these are almost mostly government sites and I can’t imagine that government sites are sending viruses to their citizens. In this case the email address came from the Province of Overijssel (milieupunt@prv-overijssel.nl).

Is this a bug in the program?

Jan

It is warning by heuristic analyse and it pops-up when you are
sending or recieving message that has some attribute of message
sending by virus. One of that attributes is empty field SUBJECT: in
message.
You can set the sensitivity of heuristic analyse to LOW.

Does it happen when you start typing the message, or after you actually send it?

Also, does the subject field contain the “.” as you described or is it empty?

What mail program do you use? MS Outlook (full)?

Thanks,
Vlk

I use MS Outlook 2000 as a part of MS Office 2000 (build 9.0.6926 + SP3, Dutch) and Win XP + SP1 + updates (Dutch).

The warning is coming up on two occasions:
When I click on the hyperlink on the site and MS Outlook opens with a new message and
When I copy the e-mail address from the website, open Outlook and paste the e-mail address.

Hope you’ll be satisfied with this information and if not I’ll look on the forum from time to tiem to see if more information is needed.

Tanks for your quick reaction,

Jan

I have noticed that if I ry to send and e-mail with no subject in the subject line in Lookout Distress (OE) I get the same warning on clicking on send. I also get the same warning if I receive an e-mail with no subject line as well. I guessed it’s because I have heuristics set to high and therefore Avast treats any e-mail whit a blank subject line as suspicious. Well at least it lets me know the e-mail scanning is working fine, unlike some other AV Products I could mention…:slight_smile:

ghj290,

What you are describing is a usual behavior of Outlook and Outlook Express. Every time when you don’t put something in the subject bar you’ll get a warning that you didn’t use this bar. So as far as I know, what you are describing has nothing to do with Avast! 4.

I think that is a kind of protection from MS that you don’t sent messages without an subject line and if you want it on some occasions you can do, but it is not recommended. I personally hate e-mails without a subject line to remember what that e-mail is about.

Jan

No, sorry it’s deffinately Avast that is brining up the warning please see here:- http://www.ghj290.pwp.blueyonder.co.uk/images/email.jpg . As you can see it is the Avast warning dialog, not an OE dialog, and it states “suspicious subject of message”. I.E. No Subject.

As I said, it’s due to having heuristics set to high and I like it to do it. This way I know that Avast is on the job as it were.

Trev

Sorry Trev,

The screendump you show is exactly the screen I wrote about. I think I misuderstood your message.

Jan

Jan_Ko,
we’re investigating the strange behavior of our heuristics module in Outlook. It looks there really is a problem in avast - namely, it is expected to check/scan outgoing mails only when they’re sent, but it seems that they get checked also in the case you e.g. click on a mailto:bla@bla link link, immediately, before you have the chance to actually type something into the message…

Thanks for pointing this out ;),
Vlk

Jan, can’t you see the dialog box with the ratiation warning symbol and the name Avast in the blue border at the top? This isn’t the OE warning you get when you try to send an e-mail with noi subject in the subject line. That warning dialog looks like this:-
http://www.ghj290.pwp.blueyonder.co.uk/images/email2.jpg
Spot the difference?

Trev

Yes Vlk, that’s right. Today I had a more strange experience. I wanted to sent an e-mail to somebody stored in my Outlook address book. Originally this came from such a mailto:bla@bla link. Until now I never had trouble with this address but today I wanted to sent a message and the warning popped up. Is it possible that by accident something changed in the program during one of the updates?

Jan

Jan_Ko,
“Until now I never had trouble …” - it means that some elder version of avast works fine? If it’s rigth, what version (build)? And can You try one test? Go to the Outlook provider settings and on “Advanced” page check “Show detailed info on performed action”. What happens now? If avast heuristic dialog appears, is above the task bar (near avast blue ball icon) some message (like: “scanning blablabla…”)???

Thanks!!!
Pavel

Hallo Pavels,

Unfortunately I can’t remember from which version of the updates of the program this problem appeared. Your fine instrument of automatic updating is in use on my PC. I only remember it is about one-and-a-half or two months that I experience this problem. Maybe it was already there for some time, but I rarely use this mailto stuff.

The question you ask is a bit difficult for me, because I’m using the Dutch version of Outlook 2000. So some of the things you ask me are for me hard to find. Could you please guide me through the menus so I can reach the right place to answer your question. If it is too long or comprehensive for the forum, please send me an e-mail with this guidance.
If you mean by provider settings the accounts at the providers of e-mail I can’t find what you ask, because under the item advanced I can’t find an sentence in the way you mean.

Jan

Jan,

what pavels thought was

  • click on the avast a-ball tray icon
  • select “More Details”, if you have not done so already
  • double click the Outlook/Exchange provider
  • scroll to the Advanced tab (might not be visible - use the arrow in the upper-right corner, if it’s not)
  • select “Show detailed info” (the first check box on the page)
  • confirm everything with OK’s.

That’s all. Now you’re ready to do the experiment.

Thanks for your help!
Vlk

Jan,
I think that vlk explained it well, but I will send you even illustrative picture on your email.
And I would like to ask you for another thing. Do you rememeber where did you install SP3 (or SP2) for Outlok 2000? And dont’ you know whether this manner has some relationship with these updates?

Thanks!
Pavel

Pavel,

Sorry it toke some time longer before I could react on your questions.

I installed SP3 together with MS Office 2000 Dutch version. So my conclusion for the moment only can be that in some update of the Avast! 4 program something wnet not as you wanted and expected.

Jan

Hi Jan,

thank you for your reply. A would like to know whether you tried “test” which Vlk (in elder message) described. And I send you brief “picture-guide” to set environment for this test. Did you receive this email? Problem is that we cannot simulate this “bug”, so I would like to know the result of this test.

Thanks!!!
Pavel