eMailaya - urgent

HI
users of emailaya reported me that avast suddenly started reporting emailaya (im the developer) as a virus and doesnt let them use the application. since this is a very important application for them, this issue is very urgent.

as mentioned, im the developer so for sure this is a false positive.
what can be done about it so it will be fixed as soon as possible?
thanks

Can you send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.

hi and thank you for a quick response
i sent it as you described.
please update me as soon as possible.
thanks

I’m an user like you. They usually inform by updating (correcting) the virus database. They only contact when they need further information.

mmm so i guess i should tell the user to try and err then until there is no warning
thanks

The easier will be adding the file into Chest (quarantine) and then check from there, right clicking the file. Adding a file is not moving it, you can add files right clicking the user folder into Chest.

What file is actually being detected and what is the malware name given by avast ?

The reason I ask is I downloaded the emailya.zip I extracted and scanned the emailya.exe file but nothing was found, but I don’t believe it was able to fully unpack it.

Ah I see that is a standalone exe, so when I run it I still don’t get an alert, I scanned the Data folder it creates and still no detections.

So perhaps the problem is in the installation file version ?

OK I did a basic setup with one email account and sent an email checked for inbound email (having sent a test email to that account), this was received and again no alerts by avast, avast is successfully scanning outbound and inbound email traffic through eMailYa, so I don’t know what the problem is. This is with the latest version of emailya 3.5.5 I believe.

So we really need to know more about what is being detected.

hi

i will try to contact the 2 users who reported me about this issue
but until then here is what one of them wrote me: http://emailaya.phpbb3now.com/viewtopic.php?f=6&t=54

both users confirmed that the file on site (which u tested) is ok.
one of them still has an exe file which was detected as a virus. i asked him to send it to you and i hope he will. please update me about this issue, though now, it is not as urgent as before.

thanks

You’re welcome, thanks for the update, it seems like the user reporting this has found the same as I did, the latest version isn’t seen as a problem.

Your comment about UPX exe packer possibly being the issue I would say is possibly very close as this is commonly used in malware packing. Also the malware name given by avast, Win32:Trojan-gen(other) is a generic signature.

The avast Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

So that could have been a contributing factor when combined with the UPX packer. It would be nice if the original person reporting this sent you or avast a copy of the suspect file it would be very helpful.

It would have also been great if he had come directly to the avast forum and submitted the sample to avast directly as in Tech’s reply to you which is likely to have speeded any correction as required.

Unfortunately I won’t be able to update you on progress as I’m only an avast user.

weird thing is both files were upxed so i wonder why avast detects a virus on one exe but not on the other.

2 other antiviruses (avg and nod32) also detected a virus in emailaya 2-3 weeks ago and only because as a developer i had the chance to check it un-upxed i realized this might be it. they fixed it 2-3 weeks ago so i guess now its avast turn to fix it :slight_smile:

the end user ofcourse doesnt care whether it’s a generic detection or a real one, he wants his files to be clean and ofcourse i agree with that. i find it a bit dangerous that an antivirus suddenly decides a certain file is a virus and doesnt let u activate the app no matter how important it is to him, some people will email me about it but some users might simply delete the file and i wont even know about it. avast does have a whitelist but avg/nod32 didnt open the file even when it was in exclusion list.

i told the guy who has the infected exe to send it to the address written here for a checkup, i hope he will do it. so u r a user too :slight_smile: i guess avast people are too busy to let me know what i sent them is ok and that i should send them the real problematic exe… good thing they have good people like u and tech to help people like me regarding this issue.

The detection generic or otherwise is considered real by the user it isn’t the method but the response.

The user has the option to exclude the file form scans (their choice, their risk) both on-access so they can run it and from on-demand scans if they use that function.

They can add it to the exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions (right click the avast ’ a ’ icon)

Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.

This is why I mentioned the first port of call really should have been this forum as this can be pointed out to them whilst any corrective action is taken.

We would first have suggested that they confirm or deny the detection by uploading the file to VirusTotal - Multi engine on-line virus scanner and report the findings here.

You normally don’t get a response to the submissions unless they require more information, which is why I suggest to users they periodically scan the suspect file, which unfortunately if you aren’t using avast you wouldn’t be able to do.

to users who know me i can say to exclude the file but i prefer not to do so and simply “fix” it with the AV developers but what about the (new) users who doesnt know me? for them, emailaya is a virus and that’s it. i even saw 2 posts on forums (which are not mine) that warns the users from it, if i didnt search google and got to those posts (by mistake) i wouldnt be able to “warn” back that this is a false positive.

when emailaya was detected by avg and nod32 as a virus i did upload the file to VS:
http://www.virustotal.com/it/analisis/65bec64743fa3ae1dfb2c69024829dcf
the results there are a bit old (in antiviruses life, even 2-3 days can be considered as old) so i dont know the current way of things. notice that avast is clean there…

at least now things are not as urgent as i first thought.

It’s an annoyance… nobody likes false positives… but, sometimes, the price of a high detection rate or detection method.

The quality of the VirusTotal service is not as good as it should… the updates are not reliable.