False positive from text format attachment in an email

I get this occasionally. I work as a volunteer for a scam detecting and reporting organization. This involves them sending me, in text form, the headers from suspected scam emails. Occasionally Avast blocks my action saying it contains a virus when I try to open one of these attachments. They can’t possibly harbor a virus as it is just text. How can I get around this problem.

Bill in Oz.
Avast Pro. Windows 10, Firefox V45.0.1, Thunderbird 35.7.1

They can't possibly harbor a virus as it is just text.
Yes they can, depends on the text See example here, a notepad with text (code) in as you can see under the additional tab https://virustotal.com/en/file/64278f3e7b0c83ebc6345583b85a07c317cdd6a2fcd69e7b4e6c1252d7fce57b/analysis/

What does the warning message from avast say?
what malware name is given?

Thanks for your reply. I don’t recall the exact wording or the virus it thought it had found. Can I find details of previously found problems? I recall previously I was able to look it up in an archive or chest, but can’t find that in the latest version.

A real good example of “malware” in a txt file is the eicar test file.
www.eicar.org/download/eicar.com.txt

Eddie and Pondrus, That test virus link does what it should. However I realized this morning that the email concerned was probably still in trash so I found the attachment in question and tried to open it again here are the two Avast warning messages created:

(I could give you the text of the attachment either here or as a pm if that would help, but won’t without your go-ahead.)

Iam a complete idiot! I can’t give a copy of the attachment as Avast won’t process it. If I try to save it, it says it has put it into New File Attachments, but I can’t find such a file and I doubt it has saved more than the tab off the email anyway. I could of course turn Avast off and get the text downloaded then, but as Avast says it contains a virus I am not prepared to do that.

Thanks for the PMs Pondus. Because of the above I’m not sure where to go from here.

It appears to be a java script… That is how ransomware is activated

agree, so most likely detection is correct

Thanks guys. Mush appreciated.