False Positive Due to File Name

I received an email with a file (Word2007) attached to it. I was alerted about a possible virus (JS:Redirector-CB[Trj] – Suspicious white space.). I proceeded to save the file and scan it before opening - and it scanned clean.

Turns out the suspicious white space was in the file name and not the file itself.

I tested by sending the file to myself and it spit out a warning.

I then renamed the file (deleting about 4 or 5 consecutive spaces in the file name) and it went out with no warnings.

My question is - are you scanning the file or just the file name when receiving a message with an attachment?

avast doesn’t alert based on a file name, it scans files and alerts to infection, not because it has a specific file name.

That is the heuristics of the email lots of white spaces in a file name attachment are used to hide (off view) the true file type. So you can modify the Heuristic settings in the Mail Shield to either ignore the white space or increase the count.

However, this doesn’t seem to be just that as the JS:Redirector-CB is a javascript detection.

OK I’m sorry for my misunderstanding. I do love :slight_smile: Avast.

Thanks for the pointer - I wasn’t aware of that specific element. Now I know.

You’re welcome.

avast is still one of the most configurable of antivirus programs, you just have to have a poke around in the avastUI ;D