I had been using Avast Home Edition quite successfully since 2/1/06.
About 1 week ago (or less) Avast began labeling 95% (OR MORE!) of the email I receive as
“MULTI CONTENT TYPE HEADER HIGH DANGER.” VOICE: “Caution; potential infection was detected”
A big yellow round thing flashes.
It is happening both on forwards to groups of people that include me;
and messages from one person to me. Actually the only common thing is
the message I get.
Op Sys: Windows XP
Avast version: 4.7 Home Edition 4.7.0 0
VPS file: Compilation date 4/13/07
File version: 000733-1
Basic Hardware Config: “Intel Pentium D Processor 830 Computer”
Connection: BellSouth DSL
Windows Firewall: On
TIA for any help you can give me. I did uninstall, get a fresh download, installed it, and nothing is different.
Are there more info to help us to guess what is happening?
Like the time of the email (txt or html), your Internet Mail Provider settings for Heuristic and Heuristic (Advanced) tab of settings - maybe you can post a screenshot of them.
Do these messages have attachments? Which kind?
I have just recently started getting the exact same warnings. My ISP is also Bellsouth DSL. I wonder if that is somehow related. At first I thought it was related to the content-type because all of the messages that caused the warnings had the following type:
Content-Type: multipart/alternative;
But when I received my registration message for this forum, it had the same type.
Is there a message that is not too personal to you where you could review the source of the message in your mail client, capture it, obscure any personal details and then post the results here? I know, not a small task, but it would help.
I too have got the same problem. MY ISP is also Bellsouth.
We have recently gotten DSL in my area. A friend has a different virus protection and is having the same problem.I"m wondering if Bell South is doing something to try to encourage us to use their virus protection.
I talked to BellSouth techs last night and they say the mail is spam, but it is the same type messages I have always gotten from the same friends and NOT my description of spam which is from unwanted, unknown users. I get none of that if my programs are on.
My anti-spam Comodo catches small fraction of the sames messages that Avast warns about. BS Techs said I could contact the mfg. of my spam program. In other words they deny responsibility.
BellSouth techs advised me to try BellSouth Web Mail and see if it happens there; it doesn’t. The messages that were giving me the warning that I let through had the attachments (usually forwards in HTML, but sometimes jpeg attachments) still in tact in Bell S. webmail. Does this tell you anything reliable?
When I allow these messages to come through anyway, most times the attachments are ripped and of course if they are suspicious I want that. But why suddenly do all my friends (probably 10 different ones) send suspicious mail?
Here’s what I have done other than talk to BellSouth techs: uninstalled and reinstalled a clean download of 4.7 Home Edition of Avast; ran a thorough scan with Avast and nothing was found.
I plan to capture what the other responders have requested and post them as additional information.
I appreciate so much your working with me further to resolve this problem.
I also started getting these alerts yesterday for an email from one individual. He’s sent me 3 emails in the past 2 days, and all three I got this alert…
(Multiple Content-Type header - HIGH DANGER!).
Today I checked my mail via the web first (Bellsouth) and read the mail, deleted some spam, but there was an attachment there from this friend that I wanted to view. Since it was from the same person I got this alert from yesterday, I downloaded the file to desktop – scanned it with avast to be sure it was clean – then opened and read it. Later, when I checked my email with OE-6, I got the same alert, “Multiple Content-Type header - HIGH DANGER!” on that email from my friend that should have been clean. The choices offered were only ‘ignore’ or ‘delete’… no send to vault.
My friend has AVG virus potection. She is having the same problem. She is also with Bell South.
My opinion is that Bell South is wanting us to purchase a virus protection program.
With 3 of you receiving the same "messages", sounds likely BellSouth is the
"culprit" ; however, there is a small possibility that a "SpamBot" has
gotten into your computer or one of your friends, stolen the addresses
from an Address Book, and is sending "Messages" !?
None of you 3 have mentioned IF you have any antiSPYWARE/antiTROJAN
program(s) on your computer(s), which are most effective in fighting
"them", the best probably being the "trial" version of AVG Antispyware,
most easily downloaded from www.ewido.net !? At least it would be wise
to run the Online Scanner available at the ewido site .
Even Barbara's 1st post mentioned "Windows Firewall : On" ; a bad sign
since that firewall is not very good .
I’ve got Ad-Aware SE, SpyBot S+D, AVG Anti Spyware, ZoneAlarm FW. Just ran scans with Ad-Aware and SpyBot yesterday… nothing found.
BUT, these alerts are for ‘incoming’ emails from other people… not ones being sent out. My first thought yesterday was my friend (who uses Prodigy) had an infected computer because all other emails from other people came thru fine. Then today I got 2 more alarms from that same person.
I’ve asked my friend to resend his email that got deleted so I can look at the header. In the meantime, I’ve changed my OE-6 to leave mail on the server so I can look at there as well.
BTW… I’m still on Avast 4.7.942 in case you’re wondering
Rick,
is your email’s you are receiving alert from,
are they being sent from a Yahoo address??
All the ones I receive from Yahoo show a potential virus.
No, they’re from a Prodigy server. I’ve had 3 of these alerts… all coming from the same person. Other emails come thru fine.
I still have an email from this friend from about 3 days ago. I just forwarded it to myself and it comes thru just fine… no alarms. So either BellSouth has changed something in the past 2 days (of their hearders maybe?), or it’s something else. ???
The situation has changed somewhat but still a problem.
The emal is usually html.
Today, unlike at first, Comodo (anti spam) is catching all these message; I’m also receiving an email from Avast but not the message I was getting when I first described my post. Comodo was catching some but not all when I first posted.
Example of the type message I receive from Avast in e-mail today (5/3/07)Multiple Content-Type header - HIGH DANGER!
Sender: Harry Halleck <yahoo.com>
Recipient: Barbara & Travis Burke >, Jack & Marva Bushong <Bob & Virginia Cash , Crayton& joyce Fisher <>, Hal & Joyce Magner
Subject: Fwd: Fw: dancing horse
Most of these emails have attachments; i.e. HTML forwards, they are lost when I bring them in despite the message. One I recall had three attached photos in jpg format. I bring them in anyway this has
been a sudden problem with probably 10 different friends and I am dubious that many friends who don’t necessarily
communicate with each other have a virus/worm, etc.
NOTE: I ran Avast after accepting these emails despite the warning message a couple days and checked out clear of problems.
The Avast (home version) heuristic settings: Sensitivity is “low” and the Silent Mode is checked with “Delete/Deny” checked.
Did you notice that there are now three of us in this thread who are having this problem and all have the same ISP: BellSouth. BellSouth denied responsibility and told me to contact the spam manufacturer. My mail in BellSouth Web Mail has no problem; it was their suggestion I test it there. The attachments were there so I was able to get from webmail.
Please explain how I can find the ISP’s Heuristic settings so that I can provide them as you requested.
Things have changed since your reply; I’m receiving an email message from Avast (instead of the warning message with flashing and voice, etc) and not receiving the email messages in my Inbox which I had been able to do.
Comodo is catching most of the forwards and when I bring them in they are incomplete and I don’t have one available at this time.
Here is an example of the message and header from Avast:Multiple Content-Type header - HIGH DANGER!
Sender: wanda mccorkle <ninimccorkle@xxxxxxxxxxxxxx
Recipient: Clyde Arnold , Frances Arnold frances71862@xxxx, Jalyn Barba-------
Need help: I honestly don’t understand if you are talking about sending you the information from the HTML SOURCE (coding, etc) or do you mean in File/Properties if I should get a chance to get what you requested.
Need help on this to provide.
I do have Spybot Search and Destroy and Windows Defender; Comodo anti-spam; Avast Home edition. All were highly recommended by a computer tech who tests and recommends programs.
Another common thread I have noticed is that most of the messages were from Yahoo users. They were all caught by my anti-spam + the message from Avast. Only one received today wasn’t a Yahoo user.
That was sbcglobal.
I had another firewall (Norton) but wasn’t working with another of my programs so got rid of it.
I believe all the messages I’m receiving are legit. All are from friends who forward me stuff almost
daily.
Hummm. Interesting you should say this. I just read your post and 5 out of 6 of the ones I received today are from Yahoo users! sbcglobal was the 6th one. Today I’m receiving emails from Avast…not the flashing, talking pop up messages I first posted about. My anti-spam caught all the above mentioned messages today.
I too have been in contact with Bell South. they tell me it’s a [microsoft] problem.
I have chose to leave my messages on server from inside outlook express. I can at least go there and view them.
The emails you say you now get from avast are really replacement mssgs for the emails deleted. I don’t think they’re really emails. I get the same mssg. Here’s a copy of that mssg: [note, I’ve replaced part of the names & addys with xx’s so spam bots won’t hit these people]
I just recv’d a resend of the suspect email and let it thru this time. I then ran a full scan with avast and everything is clean. The attachment was stripped off though (dam.pdf). But as I mentioned earlier, I viewed the pdf attachment thru web earlier (downloaded it, scanned it… it was fine). Here’s a copy of that email followed by its properties… again, I’ve changed the names to xx’s.
Hi all, especially the 3 BellSouth Users :