first of all: Thanks for your product, it seems really cool!
But: I’ve been testing the Email Scanner with various viruses that I get in my web account (which has a virus scanner on it’s own) and aparently Avast doesn’t recognise the W32.Beagle Virus.
Strangely enough, the Pop-Up comes up, saying “scanning mail:” but instead of the mail subject behind this it is just empty. After the popup goes away, there is no warning, no window asking me for action, nothing.
I’m happy to forward you this virus, if you should need it for further investigation.
Thanks and keep up the good work!
Chris
Edit:
Sorry, forgot to mention, I’m using Avast 4.5.523 And the DB 0447-1 on a XP SP2.
If you have a (suspected) malware from which you think Avast should detect it but doesn’t. Follow this procedure:
1] Submit the file to JOTTI
2] If it is detected by multiple other av’s there but not by Avast, submit the file in a password protected zip to virus@avast.com
3] Mention in the body of the mail that you (suspect) it is malware and that Avast should recognize it and don’t forget to metnion the password ofcourse.
When I tried saving the attachement to disk, avast did recognise it. Luckyly. Gee, I don’t like doing these things!
It’s just the email scanner that doesn’t. Isent the email again to myself and made a screenshot (german). This is how it looks:
(Edit: I’d like to attach my screenshot here, but it doesn’t work, what am I doing wrong?)
So, to narrow it down, avast does recognise it, but not the email scanner…
According to Avast, it’s the Win32:Beagle-AQ. Shall I still submitt it? Or do you have one “on ice” to test it yourself?
It seems that the e-mail is not parsed correctly. :-\
I don’t know what e-mail client do you use - but would it be possible to save the whole message (not just the attachment) - e.g. in .EML format and send it to us with a short description of the problem? (it would be best to password-protect the .eml file with ZIP or RAR)
Thanks!
I just sent it to support@asw.cz. I hope this is ok!?
I use Thunderbird and connect via IMAP.
Funny enough, when I saved the message in .eml, it warned me that there was a “suspicious extension in the Attachement”. But it still didn’t recognise the virus.
Another Screenshot (again german, alas)
Anyways, this seems to be rather a little bug, than a serious problem, I hope?
It seems as if this little bug is not limited to the Beagle Virus. I got two Mails with the Sober.H (Or Sober.I) attached, today. One had it in a file called “daten.com” and one in a file called “daten.zip”
The message body was identical.
The funny thing was: When I download the one with the .zip, avast recognises it and offers to delete/move it. When I download the one with the .com, the empty scanning message comes again and it downloads it without any objections.
Again, when I copy it to disk, avast recognises it again and offers to deal with it.
I’m using the Home Version. I’m thinking of buying the pro… ;D
(Don’t get me wrong, I really like this product and I don’t think I’m in a big danger here, since I suppose avast would recognise these Worms/Viruses as soon as I would try to execute the attachements. And other than that all my emails get pre-scanned online, so no worm made it through yet. I downloaded these guys just to test avast.)
Did you get the email I sent you yesterday? Were you able to reproduce my problem? Am I the only one with this problem? Or does nobody else download viruses on purpose? X-)
Chris, it would depend on the level of sensitivity you set.
High will detect them on-access and Normal only on-demand or when you unpack the attached file. What do you mean with execute?
I got all settings to “high”. This doesn’t do the trick.
I mean, it works in general (pls. read this thread from the beginning), but occasionally it doesn’t.
By “execute” I mean execute As in “start (an application)” or “run”. Well, things you do with an executable file, really…
To get it all short and clear again in a nutshell, for the people that just zapped in:
1.) Avast works for me in general. Nicely, as it says on the tin.
2.) BUT: Aparently (maybe only happening to me, I don’t know) the email scanner doesn’t work. Instead of warning me of a virus in the attachement, it comes up with an empty scanning message (see screenshot above) and lets the email pass into my account without further actions.
3.)Now, if I save this attachement to disk, it rightfully detects the virus in it and offers to delete it.
(I just didn’t try to execute these files yet, since I’m not sure whether it would detect it and prevent it from doing its evil virus work)
4.) If I export one of these mails that seak though the email scanner to an .eml file, avast appears and says that this email is suspicious, other than saying that there’s a virus in it and which one. See screenshot above. (I assume it’s the heuristics scanner!? Or maybe just the recognnition that it’s an executable file.)
Maybe it’s just a little bug, an overflow or something or why would the scanning pop up just be empty?
“nothing suspicious”, does this mean you didn’t find a virus in there? I hope not :-)))
Have you tried sending yourself this email via Imap?
(By the way, I found it rather hard to send myself a virus, first came avast and forbid it (very good) and then my server replying “infected mail” and wouldn’t take it. I feel quite safe now not to become a spreader, though)
I upgraded to the new beta (529, I believe) but the problem remains… :-[
Well, thanks for your help so far, I hope you will sort it eventually in the future. (I will try with every new version now, when it works, I buy the pro version. Not that I’d need it, the “home” does eberything I need, but to show my appreciation)
My virus emails are stored in a IMAP folder of which the message bodies don’t get downloaded.
(Just so that I can download them again and again)
Funny enough avast now doesn’t even recognise the viruses (or virii) in those mails anymore in which it detected them the other day. Something has changed, but for the worse unfortunately.
Then I came to the idea of using another mail client. (The buit in Opera one, rather than Thunderbird) and guess what: Avast recognises all the viruses!
So, aparently this seems some incompatibility with thunderbird then.
I would like to use only Opera now, but unfortunately it lacks some important options that I need…
The problem seems to be caused by Thunderbird using a special IMAP feature - downloading the messages by pieces - i.e. it doesn’t download the whole message, it doesn’t even download the particular attachments as whole - but it simply downloads the message cut into smaller pieces, one by one (at least I suppose so - theoretically, it may get the pieces even randomly - one here, one there…).
This feature, unfortunatelly, breaks avast! scanning - the virus is not recognized from a small piece of message only
Maybe there’s a secret switch in Thunderbird somewhere to turn this “feature” off. (Whatever it’s made for)
I’ll get in touch with the thunderbird guys…
(Rumor is that the Opera Imap client is rewritten from scratch right now, so maybe this will become an option for me in the future…)
Or is it possible to fix this in avast? (I guess not)
Thanks a lot for looking into this, though. You are a great support!
