Default email heuristics

What is the default email heuristics for Avast 4. In particular, I am interested in the maximum allowed email addresses in the To: field before Avast identifies it as a possible virus. In any case once it is identified, what steps does it take next, ie: delete the email, prevent it from being displayed, show warning? I realize that you can change this through the enhanced user interface, but how is this done with the home version where the enhanced interface is not available?

I don’t believe it checks the quantity of addresses in the To: or CC: fields.

It wouldn’t identify it as a potential virus but as too many identical emails in a short period of time (don’t ask, I don’t know ;D), see * below. So with multiple addressees isn’t the same as multiple identical emails.

  • This would also require that you have the Internet Mail provider at High sensitivity or that level of heuristics wouldn’t be set.

If a suspect email (meting the above heuristic criteria) or other infected email is detected you have several options, but because it is relating to email Delete is really the best option.

You are mixing up the different scanners, Thorough and Enhanced User Interface, relate to the on-demand scans, this has nothing to do with the email scanning. Internet Mail, Customize, Heuristics, this will display what Heuristic settings are used for that sensitivity level.

I have a problem where I have not been able to receive emails on my PC since 6/13. (I get them on blackberry but not PC). The first email that seemed to trigger this had 17 receipients in the To: field. I simply would like to know if this can be related to the Avast scanner and the heuristics. If not, I need to look elsewhere.

No, for inbound email the number of recipients shouldn’t have any impact, certainly not for avast.

If you aren’t getting an alert from avast then there is no avast blocking as it doesn’t block but scans.
Are you able to send emails from your PC ?
If not - What is your firewall ?
Does it allow ashMaiSv.exe internet access ?

  • If it does delete the entry for it and do a manual update and reconnect to the internet, this will force the firewall to ask permission again.

You say the first email to trigger this, trigger what ?