False positive with all Yahoo mail attachments?

Hi, I am hoping someone can help/advise. Since last night (Friday), Avast 5 has been preventing me downloading any attachments from my emails. The network shield pops up saying that it is blocking a ‘Malicious URL’. No problem opening my emails, it’s just anything that is attached, this is happening no matter who sent me the email.

I use BT Yahoo mail and have never had this sort of problem before, i know for a fact that the attachments themselves are clean - i even sent myself an email with an attachment i knew was clean, same result, no matter who sends me the email, and no matter what the attachment is, Avast is blocking all attachments from BT Yahoo mail saying that the URL is malicious.

I am guessing that for some reason the BT Yahoo url was added to a definition update? I have read in other posts that this has been done by mistake before, and the matter is dealt with in the next update. But i have updated my definition file and the problem still exsists.

Anyone else out there in the UK that use BT Yahoo mail that are having this problem with attachments?
At the moment my only way around the problem is to keep on turning off the network shield everytime i wish to download an attachment. Darned annoying to say the least!

Would be nice if this could be looked into.

Thanks.

Can you post an image of the network shield (crop it so we don’t get a fullscreen image. Or post the URL of the alert, change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

That will give an idea of what is being blocked and we can at least check it out. Without knowing what the URL is there is no way to tell.

I have a BT Yahoo account (2 weeks) but I don’t use it much and haven’t had any attachments in any of that email, so no alerts here.

When you sat it is stopping you download any of the attachments, presumably you are using your browser to view the BT Yahoo email and not an email program ?

OK, just did a little test, sent an email with attachment to my BT Yahoo account.

First checked the web mail side of BT Yahoo and it was displaying the email and attachment, clicked the download attachment bit and the BT Yahoo AV first scans the attachment (clear, image1). The file was saved to my hard disk and no alerts.

I then used my email program to download the complete email from the BT Yahoo account. It arrived without alert from avast, mail shield or network shield, see image2 of it in one of my email folders.

So it appears to be working for me with a known clean attachment.

Thanks for the reply DavidR, yes, i am using my browser and not a separate mail program, i have tried with both Firefox and IE8, both giving me the same problem. Below is a screen shot of the Avast pop up.

http://i289.photobucket.com/albums/ll234/stevie22b/Various/Avastpopup.jpg

When i right click the attachment this is the address that it points to.

hxxp://uk.f866.mail.yahoo.com/ya/download?clean=0&fid=Inbox&mid=1_5332_AI28ktkAAGenTKf47Qjcklff1qE&pid=2&tnef=&prefFilename=276-03-10-2010.pdf&redirectURL=http%3A%2F%2Fuk.mc866.mail.yahoo.com%2Fmc%2FshowMessage%3Fcmd%3Ddownload.failure%26fid%3DInbox%26mid%3D1_5332_AI28ktkAAGenTKf47Qjcklff1qE%26pid%3D2%26tnef%3D%26prefFilename%3D276-03-10-2010.pdf

If i paste that straight into a browser and try to open the address, Avast gives me the same warning straight away.

I also notice that when i open the actual email, the BT Yahoo software checks the attachment and finds it clean.

Thanks again for the quick reply, i hope the above information helps you in understanding what is happening.

Any browser used would have the same result as it is the access to the IP location that is the issue. Why they are using an IP address rather than a domain name which is plain to see, this is a common trick to mask where you are accessing.

However, in this case the IP is for Yahoo Europe and I would say this is an FP, which I have reported.

What I can’t understand is why I can’t replicate this with the test email with an attachment, now that attachment was just a text file and it was clean. Do you know who the email was from and what the attachment was ?

It is happening with any attachment, regardless of who sends the email. The one i used for the example above was a daily news letter in PDF format. These are daily letters i have been receiving for many months now without a problem. But like i say, it does not matter what the attachment is, or who it is from. My son sent me a couple of photos attached to his email (Hotmail account), and that triggered the Avast shield. And i also used my AOL email address to send myself an email with attachment - a small text document, and that also triggered the network shield in the same manner with the same message.

And out of interest i also tried to download some attachments from my saved email folder that is located on yahoo’s servers. These were attachments that i have previously downloaded without any problems. But now when i try to download them again i am blocked straight away by Avast.

So like you say, it would appear to be the IP address that is the problem, not the actual attached files.

Thanks again for your help, it’s very much appreciated this end. I am guessing that the FP possibility will be looked into, and then rectified in a future definition update?

I don’t know why I can’t replicate this, hopefully it will be quickly investigated.

I have exactly the same problem. I’ve just noticed it today. I use BT Yahoo Mail. I’ve tried to access mail attachments via different browsers and get reports of a malicious URL. The Norton Antivirus used by the BT Yahoo mail service reports that the attachment is clean.
I’ll be keeping an eye on this thread to see what turns up.

Sorry to hear that you have the same problem, but i am relieved i am not the only one experiencing this, it rules out the problem being at my end.

I am hoping we will find that it’s just a case of yahoo’s download url being accidentally added to the bad list for some reason. With luck Avast will remove it in one of the next definition updates.

Hello,
It will be fixed in next VPS.
Best regards
Jan Sirmer

I can happily report that the latest VPS as indeed fixed the problem, i am now free to download my email attachments from BT Yahoo! :smiley:

Many thanks to Sirmer and DavidR for the help you have given in this matter. Great to see that Avast dealt with the matter so quickly. Great work!

You’re welcome, thanks for the feedback.

Me, too. All sorted. Thanks for the quick response.

I am also having this problem being unable to download any attachments, even ones I sent to myself from my own computer, from Yahoo Mail. I have had to uninstall Avast in order to get the term paper I’m working on in college off my email.

Should I reinstall Avast and it will be fixed?

Well this is rather an old topic so I doubt the above solution would do anything and I’m afraid that reinstalling is unable to make any difference if it is program or virus signature related.

There are if I remember rightly some other more recent topics on yahoo mail attachments, so I would try another forum search.

Are you actually getting any alert ?

If you are downloading the attachments via your browser (web mail), you could stop the web shield for 10 minutes and that should allow you to download, don’t forget to enable the web shield when done.

If you are downloading your email with an email program like thunderbird, then stopping the Mail Shield for 10 minutes is an option. But removing avast just to get the mail is overkill and leaves you unprotected completely.

Hello,
it was problem on our side not on user’s site.
We receive many alerts from yahoo emails and unfortunately, even when we trying whitelist those pages really fast, sometimes we block those pages.
Sorry for your inconvenience.

I am experiencing this problem for the first time today. All attachments are being deleted by yahoo mail with a message saying they are infected. I know they are not. I have sent previously downloaded files and they are also reported as infected. Prior to sending them I scanned them with Avast and they were clean.

Thanks