I received a single file web page *.mht via Avast! yesterday. Today Program version= 4.1.289) Vps version= 0310-2. This page passed AVG scan from sending side, yet the email was stopped from entering OE 6.00.2800.1123. The email message source:
-----:
X-x: TimeOut
X-x: TimeOut
X-x: TimeOut
X-x: TimeOut
X-x: TimeOut+OK
Subject: avast! 4
Suspicious extension(s) of attachment
20 Great Google Secrets.mht
Sender: [suppressed]
Recipient: [suppressed]
Subject: 20 Great Google Secrets
Avzst! on access Internet mail setting is custom including “attachment check according to name and content type.”
Assuming the mht file is good, what can I do short of removing the “attachment check according to name and content type” to receive such email attachments? Is this a bug, is there a workaround, for example changing the extension from sending end?
This is my first problem with Avast!–otherwise has been excellent for my two months of use.
MHT files can indeed contain hostile stuff. It’s a Microsoft-proprietary format for packing HTML contents (including pictures, scripts and other stuff) into single files…
It is possible to turn off the “attachment check according to name and content type” but I’d rather recommend against doing so…
Anyway, avast should let you access the file - it’s just warning you, right?
I confirm the words of Vlk ;D
Maybe you can ask to the sender to convert the mht file into a zip file. Avast! will only alert a suspicious extension (both for zip and mht) but you can access the file (attach). Although if the file is infected, avast! will bring you a window to handle the file (move, rename, clean, Virus Chest and so on)…
Had just this report yesterday… My niece send me a list which was in this .mht format and Avast went barmy with sirens and the works! All very frightening ! so I deleted it in a panic.
It turned out the same attachment received on my wife’s laptop was passed by AVG without comment. When it was moved onto the desktop and checked by AVG it was pronounced virus free.
On reflection maybe I should be glad that my Avast queried it. It shows it was maybe on the ball.
Can you inform the file as being a false positive (click on the bottom right of the virus warning message).
To know if a file is a false positive, please submit it to VirusTotal and let us know the result. VirusTotal has a file size limit of 10Mb. You can use VirScan also.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.
As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the ‘a’ blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button…
You can use wildcards like * and ?. But be careful, you should ‘exclude’ that many files that let your system in danger.
It is possible that there could be something objectionable in that file as Vlk mentioned in an earlier post, which is why avast is warning about the attachment type (you would get the same alert if it were an .exe attachment).
This can be disabled as Vlk mentions, Internet Mail, Customize, Heuristics tab, see image. As for AVG not alerting doesn’t mean very much as both AVs are different it may not even give a suspicious alert it may also not extract the contents of the .mht file attachment.