Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Alobar on March 10, 2006, 08:09:42 AM

Title: Can I save virus infec\ted e-mail for later examination?
Post by: Alobar on March 10, 2006, 08:09:42 AM
I got my first AVAST warning in a long time.    See below:

3/10/2006 12:44:09 AM   SYSTEM   1944   Sign of "VBS:Zulu" has been found in "http://mail.google.com/mail/?&ik=73b8e7fc56&view=tl&search=inbox&start=0&tlt=109e2e327f8&fp=cb4a5dfe66be83b3&auto=1&zx=k9rj0s-3ljltp\unp99932259" file. 

The e-mail got zapped by AVAST before it showed up in my Gmail web page, so I have no idea who it was from.   Is there a setting which will save the infected e-mail so I can look at it later in notepad?

Alobar
Title: Re: Can I save virus infec\ted e-mail for later examination?
Post by: Lisandro on March 10, 2006, 12:35:28 PM
The e-mail got zapped by AVAST before it showed up in my Gmail web page
Strange... are you sure?
WebShield could 'block' the connection 'before' the files are safed and the webpage loaded.
GMail could be scanned by Internet Mail provider only if you're using Stunnel (a third-party application) and then, the only automated option is send the file to Chest (not 'zap' it).
So, or the email IS in avast Chest or it was not avast who 'delete' (zap) it.  ::)
Title: Re: Can I save virus infec\ted e-mail for later examination?
Post by: alanrf on March 10, 2006, 12:47:14 PM
email - despite its legendary years of service - is still very dependent on an email client to be able to display and manage it.

While avast can detect and isolate part of an email stream that may be subject to infection there is no simple way of allowing the email message to be displayed and managed without the significant risk of exposing the user to whatever virus has been detected in the message itself.

While you or I might be able to manage the infected datastream in a "notepad" environment avast has to be designed for the vast majority of users for whom security is the top priority and where risk of infection must be preferably eliminated or, at least, minimised.  For me - I believe that avast has a duty to defer to the needs of the majority and prevent - as far as possible - any risk of infection.

 
Title: Re: Can I save virus infec\ted e-mail for later examination?
Post by: alanrf on March 10, 2006, 12:57:56 PM
Re-reading the above - I am sure that Tech is right (despite my email comments - which I stand by).

This appears to be a case where the Webshield has detected a problem.  So there is no way it is going to be recognized by avast as an email message at all - it is just a web page pure and simple.

By the way - there are so many ways of reading webmail these days via third party applications or plugins that it is often unsure what method has been used.

Tech (for future information) there exist ways to read gmail that are screen-scraper based and that do not involve STunnel (I know - I use one) that allow gmail to be converted to a POP3 stream and passed through avast for scanning (just like Yahoo and Hotmail).  Sorry - but this is just to keep us all on our toes.
Title: Re: Can I save virus infec\ted e-mail for later examination?
Post by: Lisandro on March 10, 2006, 01:06:01 PM
Tech (for future information) there exist ways to read gmail that are screen-scraper based and that do not involve STunnel (I know - I use one) that allow gmail to be converted to a POP3 stream and passed through avast for scanning (just like Yahoo and Hotmail).  Sorry - but this is just to keep us all on our toes.
Thanks. To do not hijack this thread, can you post this 'method' in another one.
I'm curious  8)
Title: Re: Can I save virus infec\ted e-mail for later examination?
Post by: CharleyO on March 10, 2006, 08:33:36 PM
***

Alobar,

You might also want to read the thread at the below link as this one also eventually got the same message you did (plus a first one for Loveletter) when using gmail.

http://forum.avast.com/index.php?topic=19562.0


***