excluding email addresses

Avast Free Antivirus / Premium Security
1

Every time my wife gets email from a certain person avast pops up a dialog box warning her about a suspicious email. How can I tell avast to ignore emails from specific people.

2

Hi rburn99…

If the e-mails in question are indeed infected, I would definately NOT want Avast to exclude them from scanning! ::slight_smile:

I don’t think there is a way of doing that anyway. I’m pretty sure it’s an all or nothing kind of setup, although I may be wrong.

Best Regards…

3

Shortly, you can’t do that.
Although, you could configure the two tabs of Heuristic settings into Internet Mail provider (or Outlook plugin). Then you can meet your needs. The help file describe very well each item of the mail heuristics of avast. If you have doubts, come back to ask for further help.
Welcome 8)

4

Of course I wouldn’t want to exclude infected emails. That’s the whole point of the program so I didn’t think it necessary to actually say that there is nothing wrong with the emails. Sorry for the confusion.

I will look into it when I get home tonight. But if there is no ‘white list or black list’ then what I would be looking for would be how to globally reduce the depth or effectiveness of checking/scanning overall?

5

What is it that is suspicious about the email, that should also be stated (Subject, iFrame, white space, etc.) ?

You are able in the case of the iFrame warning to have permitted URLs, but first you have to know the source of the remote data and you probably won’t know that without looking at the emails source code. However, that only applies to a domain name, like remotelocation.com, etc. it can’t be an email address and only for the iFrame heuristic warning (which you need to confirm).

6

Not the effectiveness or the depth… but what is CONSIDERED suspicious.
This is what is taken in account with the Heuristic settings.
Your settings are telling the emails are SUSPICIOUS and not infected (for sure).
For instance: if they don’t have a subject, or a subject has too many blank spaces, etc.

7

I told my wife to give me the exact message text the next time it occurred so I didn’t do anything last night with it as I was waiting for it to happen again. She just sent me this info. It’s always from this site and it’s never dangerous. The only buttons that are enabled are Delete and Continue.

AVAST! VIRUS WARNING

SUSPICIOUS MESSAGE!

8

Yahoo does seem to be a regular user of the iFrame tag, I suppose to import data or adverts after the email is opened, this saves the email from being overly large at first sight. However, there is still an element of risk from any email using the iFrame tag.

You could add the yahoogroups.com url to the permitted URL I mentioned previously (see image), however the content of the iFrame may not be coming from yahoogroups.com, so you might have to check the properties of the email, message source and look for the

9

Well I added yahoogroups.com to the list of permitted urls and she still gets the same warning. I looked at the .eml code and there is only 1 iframe tag in it and there is no url specified in that tag. I see plenty of other urls scattered around in the code… yahoo.com and us.i1.yimg.com for example.

Here’s the only iframe tag:

10

That is what I thought, it is going to be hard to identify the remote location.

The onload is an action to take (I assume on loading the email) and there should be a function or value in the email code for LREC_Th_updateText() try to find that and see if there is a URL in that.