I just installed avast 4.8 Home Edition Build Apr2008 (4.8.1169) and scanned for the first time. The only thing avast found was one phishing trojan in my Thunderbird inbox. The report’s Result column shows:
Infection: HTML:Phish-Bankfraud1 [trj]
Avast wants to move my entire e-mail inbox file (270mb) to the chest, rather than just sending the one infected e-mail to the chest. I hesitate to let avast do this, as I fear that my inbox might become unusable if it gets moved to the chest (or if I let avast delete it).
So I guess my questions are:
Can avast quarantine individual Thunderbird e-mail messages (rather than the entire inbox file)?
Should I be worried about moving my entire inbox file to the chest?
Should I even be worried about a stupid phishing e-mail buried in my inbox? I won’t bite.
I an new to AVAST but I would say that moving the whole “Inbox” in the “chest” is rather nonsense.
If AVAST can’t extract only the attachment from the email then the scan of “Inbox” is good only as generic warning but pretty much pointless since whatever it finds can’t be corrected.
I don’t know if AVAST really works that way since I could not find anything in my mail but in case you can add your mail folder to the exclusion so it won’t be scanned by AVAST any more.
Incoming mail are filtered by the “internet mail” provider anyway (or they should be).
I am waiting with you for an answer by somebody who knows mail scanning better
No. This is how Thunderbird works… unfortunatelly.
You will ‘lost’ all the emails in that box.
It’s not safe to keep messages in the inbox… it’s thought to be a temporary box and then you move the emails you want to keep to another folder.
Can’t you check your box in webmail and delete just that message?
Wow - thanks for quick replies. To clarify, I don’t use webmail to access my e-mail (I connect to a pop-mail server). I do end up with a very large inbox file.
I see by reading some other posts in this excellent and lively forum that avast doesn’t play nicely with Thunderbird’s inbox (whether this is an avast problem or a Thunderbird problem is not the issue).
It would be helpful (as a halfway measure) if avast could quote some of the surrounding text when it encounters a problem in a large text file. Even if avast couldn’t isolate the single e-mail, it could provide a text string to search by, so that I could locate the offending e-mail and get rid of it.
Anyway, I’m not terribly fussed over this – I don’t think the trojan is going to get me.
avast isn’t alone in this either as the thunderbird F.A.Q. it warns about inbox deletion by AVs finding an infected email as most can’t extract it and the inbox is effectively treated as a single file which is infected and treatment is chest, quarantine, deletion, etc.
So despite the fact that thunderbird/mozilla are aware of this they haven’t done anything to make it easier for AV scanners to deal with an infected email within the inbox file. The same would be true for other mail boxes being scanned later.
Nothing much has changed since I wrote in June 2006:
DavidR's description of Thunderbird mail folders is essentially correct. Each mail folder is a separate file (having just a name and no file type) and each mail folder has a separate index file which has the same name as the mai lfolder and .msf as the file type. This is not overly complex - most mail clients do something similar internally - its just that most mail clients then smoosh all these files together, encrypt the whole mess and then save it as one big file. This successfully stops avast from ever finding any viruses in the mail folder of those clients.
My testing so far, confirmed by posts from Igor (a member of the avast team) shows that the avast on demand scanner logic only “sees” the first message in the Thunderbird mail folder which is always the oldest message in the mail folder. So avast can only detect a virus in a Thunderbird mail folder if the infection is in the oldest message in the folder.
This problem is most likey to affect new users of avast on their first on demand scan of the mail folders. Most experienced users of avast will, sensibly, use the avast Internet Mail scanner to ensure that no more infected messages will be added to the Thunderbird mail store. Of course, if the Internet Mail scanner is turned off then you would be exposed to this problem all the time. The Standard Shield and Network Shield will not stop infected messages from being added to the Thunderbird mail folders.
Since like I said I am new of AVAST it is critical for me to understand its limitations and default behaviours.
That is why I asked about the ability to extract threats from mail.
In the other thread I’ve already learned that scanning the Thunderbird/MBOX files can be troublesome due to the difficulty in handling the plain text file containing all sort of crap.
This post shows it can be also dangerous in case an user allows AVAST to “chest” the whole “Incoming” file when some threat is detected.
The good thing is AVAST in “standard scanning mode” seems to skip the MBOX content so it should not detect anything with the default settings, despite the waste of resources in “unpacking” the file for skipping at the end.
Tha bad thing is if the user set AVAST on “thorough scanning mode” as default, it will probably detect something soon or later and then it will ask the user to “chest” the whole mail archive.
Not all users are able to handle files and folders and most users answer “yes” to alerts without paying attention and thinking of the consequences. It happened to me too a couple of times with devastating effects.
IMHO there should be a very clear information/warning for Thunderbird users (I don’t know other mail clients) about potential issues and if possible, sorry for repeating, exclusions should be automatically written in the default configuration.
Please read what I have posted to you in your own thread and here. Read the post above and please try to understand it and please stop trying to distort other posts here to fit the argument you are trying to conduct.
The “chest problem” happens only for first time users as I explained above. If you use the Internet Mail provider it will not happen again. you can go through this forum and count on the fingers of one hand the number of users who have reported this problem, I am sorry they have but they are very few.
Not all users are able to handle files and folders and most users answer "yes" to alerts without paying attention and thinking of the consequences. It happened to me too a couple of times with devastating effects.
You have made reference in these forums to this related to other antivirus products … are you now trying to suggest that this has happened with avast?
If, like you, you choose to exclude the Thunderbird mail folders from scanning (as you have told us you have done in another thread) then the problem of “chesting” cannot happen at all.
Tha bad thing is if the user set AVAST on "thorough scanning mode" as default, it will probably detect something soon or later and then it will ask the user to "chest" the whole mail archive.
Total and absolute nonsense if you use the avast Internet Mail provider to scan incoming mail.
Thunderbird users in their masses are using avast and not reporting the problems you have reported. I cannot recall one single user reporting your concerns in the years I have been in this forum.
There is no need for any warning. The only problem you have experienced at all (and as explained in your own thread most likely due to your rather old and slow hardware is your deliberate efforts to interrupt the scanning of Thunderbird mail folders) is that some temporary files have been left in the Windows temporary folder.
That is hardly related to the problem of the original poster of this thread.
I don’t have any problem now, besides I had to find out things the hard way.
“I cannot recall one single user reporting your concerns”
This is pretty silly indeed, again you are trying to say the issue doens’t exist and I am being stupid. Even if 1/1000 user gets his/her mail erased, that is enough. And THIS thread demostrates at leas one user is reporting the issue.
I am saying this:
The user installs AVAST over an existing TB profile.
Once AVAST is set to detect the PRE- EXISTING threat inside the mailbox, it will detect it EVERY TIME you scan the disk, unless of course you create the exclusion rule. The “internet mail provider” doens’t matter.
Not all users are able to understand what happens when you move the “Inbox” to the “chest” or pay attention to the request. If you answer “yes” you aren’t able to access your mail any more.
Even if they are informed, not all users are able to create the proper rule for exclusion, since you need to locate the right TB profile and mail folder on the disk.
If we say AVAST can’t be modified to handle the issues better, the other thing we can do is to alert all TB users to write the exclusion rule immediately after installing AVAST and provide details on how to do it.
Same goes of course for other mail client with the same issues.
This is only my opinion, I am just a casual AVAST user.
The file structure is, I think, the major weakness of Thunderbird. I have been thinking of moving to other mail client such as Sylpheed only because of this defect of Thunderbird but, at the moment, I send all of my mail to Gmail and get them from there, which work as backup, too.
Funny the over-reaction starting from such a basic description.
Ok I will not bother anymore, looks like somebody here is making a matter of religion out of AVAST and TB.
??? I wonder if you are talking of my response but I can see only my post between yours. My previous comment is not specific response to your comment. Thunderbirds’ file management has been infamous for a long time and I have my own way to backup mail just in case as probably many other people do. And, I use other anti-virus software as well as Avast. Like other people, I use applications, which fit my needs.
PS Have something happened to the board? ??? I simply dropped by, read only this thread and stated the old TB defect.
fear not - you are an innocent bystander - I am the target of somebody here is making a matter of religion out of AVAST and TB.
A little odd since I am a longtime supporter of both products (and support a bunch of folks on both). I used to be active in the Thunderbird forum a while back and I was just over there browsing and notice one of the longtime proponents of AVG (and a hint critical of avast) has now moved over to avast as well. Seems we have a bunch of new AVG converts here with avast so the issue of the first time scan of Thunderbird archives we discussed back in 2006 may trip some of the new users. The chances (as I explained above - and in 2006) are limited but they do exist.