Email Protection blocks the upload of non-malicious attachments in web mail Yaho

Avast Free Antivirus / Premium Security
1

Hi,
I noticed that using the Yahoo web mail if you try to attach a (not malicious) PDF document, the mail is not sent and is saved in drafts.
The attachment is removed and only then can you send.
What happen? Why does Avast Free behave in this annoying way?
By disabling the Avast protections everything works without problems.
Solve…please… :wink:

2

Seems somewhat strange and lacking in detail (for Avast to investigate).

Are you actually getting any avast alert or warning ?

Are you able to receive Yahoo web mail if it has a .pdf attached ?

3

As soon as I’m at the PC, I’ll do some testing and give you more details.
I will update this post.

4

Here is what happens in detail.

If I upload a specific PDF attachment which, however, by scanning it with Avast, is not seen as malware if WEB protection is active, it blocks the upload of the attachment (screenshot).
If, on the other hand, I disable WEB protection (screenshot 2) and attach the same file, it is attached without problems (screenshot 3).
So there is something blocking the WEB loading of the PDF file and the same file in RTF format.
This file is absolutely harmless and from scanning or opening it is not seen by Avast as malware but only when it is attached to the email with WEB protection active is the upload blocked.
Very strange.
I also discovered that the Avast mail shield signature is also inserted in web mail, I thought it only happened in clients ever. I like this. :slight_smile:

This happens only with Yahoo web mail and Avast mail shield signature is also inserted into Yahoo web mail as well.

I’ve reproduced the same thing with Gmail Web and none of this happens, the file attaches just fine and the Avast mail shield signature doesn’t appear.

Solve the problem of safe attachments in web mail. :wink:

5

Unfortunately I can’t test as I don’t use or have any webmail accounts.

I prefer to use POP3, SMTP and not IMAP protocols.

I don’t know if the act of trying to insert the avast signature into in web mail, might have an impact if the server objects to such modification. You could try disabling the insertion of the mail shield signature and see if that has any impact.

Outside of this I’m out of ideas as I’m not using web mail, nor do I insert the mail shield signature in POP3 and SMTP emails. I have never really seen the point, I wouldn’t take any signature Avast or other AV as a guarantee the email is clean.

6

I just added a PDF as an attachment to a test mail on three very well known webmail services and it worked fine. Avast Free didn’t block it.

Maybe it’s an issue with Yahoo, or the attachment is somehow deemed risky.

7

Even if it were a Yahoo problem, it is strange that by disabling Avast’s WEB protection the problem does not occur, re-enabling it happens.
So I don’t know if it’s really Yahoo’s problem.
Also it’s also strange that mail protection with Yahoo web mail works with Gmail web mail doesn’t work…
Should mail protection work with all web mail or no web mail?
I thought it worked only if you were using a mail client installed on your PC and not using web mail.

8

You’re right, I did some tests and I found out what the problem is, is the signature in the email that creates this problem attaching some PDF, RTF files, etc… in Yahoo web mail. :slight_smile:

@Karel Šťavík, @jan.svoboda, and all it should be fixed. :wink:

9

I suspect that this is Yahoo somehow blocking (protection) the addition of the clean signature, which results in a failed send/receipt of the email.

10

I never add those signatures so that explains why I had no issues.

11

Well that is only a suspicion on my part (but a reasonable one) as I don’t use Yahoo Mail (or any web mail for that matter) and how it may protect its email from tampering.

12

Another thing to test is to disable heuristics in relevant shields, and see if adding the same PDF works.

I think it’s weird Avast adds a signature to web mail. Even that it’s somehow able to, to begin with.
I don’t have https scanning enabled, so no Avast playing middleman with certificates. That might also be a factor where Yahoo isn’t expecting that.

13

Here are the tests I did:

I deactivated the individual components while leaving all others active, as follows:

Behavior protection disabled: Do not attach file
File protection disabled: do not attach the file
Mail protection deactivated: the file is not attached
WEB protection deactivated: attach the file
WEB protection active with HTTPS disabled: attach the file
Email protection activated with signature deactivated: attach the file

14

These stand out. HTTPS scanning requires Avast to insert itself in the protected chain. The whole idea of HTTPS is that no third party can do this.

I wouldn’t be surprised if it has something to do with certificates. Yahoo expects one, gets another and/or is told it is the same.