Avast WEBforum

Avast Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: brdman3 on May 04, 2007, 06:09:15 PM

Title: More on 'Potential Infections'
Post by: brdman3 on May 04, 2007, 06:09:15 PM
As others have posted. I am having a BIG problem with what has been described as ‘false positives’ in emails which Avast (Home Edition 4.7) is scanning. Emails with attachments (as a general rule these are .JPGs) are having the attachments stripped from them before the messages is allowed to proceed into Outlook Express. Below are the particulars and work arounds I have tried.

-   OS is Windows XP Home edition (Updated automatically)
-   Email program is Outlook Express
-   Processor is 1.8 Ghz Pentium
-   Memory is 512 M
-   Antivirus Program is Avast Home Edition 4.7 (Updated automatically)
-   Other security programs include:
-   Spybot Search and Destroy, Hijack This, AdAware SE, Spyware Blaster
-   ISP is Bellsouth.net DSL

Having read several posts describing the same problem here on the forum, I decided to try a few experiments to isolate the problem. First I downloaded and installed Mozilla’s Thunderbird email program (an alternative to Outlook Express). Then, using a Yahoo ID and Yahoo Email, sent myself a test message with a .JPG attachment. After sending this I logged on to my ISP email USING THUNDERBIRD and Avast immediately popped up the same Virus warning as had appeared in Outlook Express. The only options Avast offers is ‘Delete’ or ‘Continue’. Obviously clicking on Delete would delete the entire message so I clicked on ‘Continue’. The message was then downloaded to my inbox, but MINUS THE ATTACHMENT.

I logged off of Thunderbird and logged back in to my ISP email using Outlook Express. Next, I sent the same message (from Yahoo mail, and with the same attachment) to myself again. Avast immediately threw up another virus warning as it had on my first attempt. Instead of clicking on anything in the warning window, THIS time I logged on to BellSouth’s web based email. At this point It is important to note messages remain on the ISP’s mail server until Outlook Express accesses the server and transfers the messages there into the subscriber’s PC. Since I had not yet taken any option on Avast’s virus warning message, the original message I had sent myself was still intact on the ISP’s web based email server. I was able to read the message on the web based server AND view the attachment. Having proven that the message and the attachment were actually there, I logged OFF of the web based server and clicked on ‘Continue’ in Avast’s warning message. The message itself was downloaded, but the attachment had been  stripped off.

Since this more or less proves that the problem is NOT within Outlook Express, it seems to isolate the problem to be in one of two places - It’s either within Avast, or within BellSouth’s services. I am curious as to what others who are experiencing the same problem have found out about it, and what they have been advised is being done to remedy this error.
Title: Re: More on 'Potential Infections'
Post by: Rick F on May 04, 2007, 06:30:47 PM
Well if we can believe tech support @ BellSouth (which is located in India  ;D ), they say nothing has changed as far as the headers go.

The fact that I can send the same message FROM BellSouth (using OE) with the SAME attachment... and it gets through ok, tells me it's not a BellSouth problem. I get the message AND the attachment.

See this link for that test:
http://forum.avast.com/index.php?topic=28144.msg230027#msg230027

Title: Re: More on 'Potential Infections'
Post by: alanrf on May 04, 2007, 06:42:11 PM
I know you asked for further input from those experiencing the problem but ...

It is worth noting that not all folks using avast and receiving mail from Yahoo (in Thunderbird or Outlook Express) are using BellSouth and we are not seeing error reports from them. 

I has conducted some tests with my Yahoo account and receiving those messages through my ISP (Comcast) on both Thunderbird and Outlook Express.  None provoke the warning from avast. 

BellSouth users have reported receiving the warnings on messages from services other than Yahoo.

It is interesting (but not surprising) that BellSouth users only report the errors on messages originating from Outside BellSouth. Messages BellSouth users send to themselves almost certainly do not go through the same antispam checking and updating as message originating from outside.   

The avast Internet Mail provider does not know which mail client is being used, it just knows that port 110 is being used to receive email and it scans it.  As far, as avast is concerned there is no difference between the mail clients.

The only common factor that is appears here is that all the warnings are occurring on emails received through the BellSouth email service.
Title: Re: More on 'Potential Infections'
Post by: DavidR on May 04, 2007, 06:51:25 PM
I wonder if the Alwil team might have some useful input, in the way of tests if nothing else.
Title: Re: More on 'Potential Infections'
Post by: alanrf on May 04, 2007, 06:58:34 PM
I doubt that the Alwil team has access to BellSouth accounts.

I have recommended a simple test to nail it in the other thread. 

All I need is one willing BellSouth participant.
Title: Re: More on 'Potential Infections'
Post by: Vlk on May 04, 2007, 07:02:03 PM
Here's my comments:

1. as opposed to alanrf I don't still there have been ANY changes in the mail scanner, regarding the multiple-mime-header type of thing (not even back in 2005). Such emails ARE suspicious, and there's no plan to remove this check a.t.m. Maybe alanrf was refering to the iFrame check? (which indeed changed)

2. I absolutely refuse to believe that avast strips any attachments from the email (unless it reports a virus and you tell it to "Delete", "Move to Chest" etc). That is, if you can't access an attachment e.g. in Outlook Express (and avast is either disabled or doesn't ptoduce an alarm) it's more likely the "security" feature of OE that's blocking the attachment - OR someone/something EN ROUTE has crippled your message (e.g. your ISP, i.e. Bellsouth). The fact that (as someone here already wrote) the attachments come as inline text in the message body really suggests that the messages are getting somehow corrupted (and this can then trigger the avast heuristic alert) BUT this is not done by avast itself, the messages are already coming like this from your ISP.

3. Could someone (who's using Outlook Express) please do Save As on such a message, save it in the EML format, then ZIP it and send it to may email address for inspection?


Cheers
Vlk
Title: Re: More on 'Potential Infections'
Post by: Rick F on May 04, 2007, 07:33:55 PM
Vlk,

I use OE, I have an email that did not have an attachment and still sounded the alarm.  (I posted a copy in the other thread but changed last names in email addys).

-- edit --

I sent you a zipped copy of an email.
Title: Re: More on 'Potential Infections'
Post by: Rick F on May 04, 2007, 08:19:28 PM
I sent an email to tech support for BellSouth.  Not sure it will do any good, but can't hurt.

Quote
Dear Sir or Madam,

I use Avast AV (anti-virus).  There are number of Avast users who are having trouble with false alarms on emails. It's only with BellSouth customers. We've been testing for 2 days trying to nail this down.  An email from another Bellsouth customer comes thru fine with no alarm.  But emails from Yahoo or Prodigy (and possibly more) are alarming under a heuristic detection with the message, "Multiple Content-Type header - HIGH DANGER!." If it has an attachment (and this is only for ISP's other than BellSouth) it is stripped or changed to garbage or text and placed within the body of the email.

Have there been any changes to the way email is handled when coming from other ISP's?  Is the anti-spam filter possibly changing or adding something?

Thank you for your response in this matter.
Rick Floyd
Title: Re: More on 'Potential Infections'
Post by: Vlk on May 04, 2007, 08:27:25 PM
Got the file, thanks.

Indeed, the email is malformed. Namely, the end of the message header block lacks the blank line (as is dictated by RFC 822).

The last line of the message header is

X-SOURCE-IP: [192.168.16.145]

After this line, there should have been a blank line (separating the header from the message body) - but there isn't one. That's also why the message is not rendered correctly.

To me, it seems that Bellsouth has some kind of mail filter installed on their mail server, and this filter corrupts all emails by stripping the blank line from the end of the header section.

Here's the whole thing (I tried to remove any personal info):
Return-Path: <xxxxxx@prodigy.net>
Received: from mxm19aec.corp.bellsouth.net ([205.152.59.244])
          by imf11aec.mail.bellsouth.net with ESMTP
          id <20070504140259.JYGQ17393.imf11aec.mail.bellsouth.net@mxm19aec.corp.bellsouth.net>
          for <xxxxxx@bellsouth.net>; Fri, 4 May 2007 10:02:59 -0400
Received: from unknown [192.168.16.145] (EHLO ibm35aec.bellsouth.net)
   by mxm19aec.corp.bellsouth.net (mxl_mta-3.0.2-03)
   with ESMTP id 21d3b364.1277832112.6558044.00-174.mxm19aec (envelope-from <xxxxxxx@prodigy.net>);
   Fri, 04 May 2007 10:02:58 -0400 (EDT)
Received: from web80202.mail.mud.yahoo.com ([68.142.201.107])
          by ibm35aec.bellsouth.net with SMTP
          id <20070504140257.QFEN25972.ibm35aec.bellsouth.net@web80202.mail.mud.yahoo.com>
          for <xxxxxx@bellsouth.net>; Fri, 4 May 2007 10:02:57 -0400
Received: (qmail 62600 invoked by uid 60001); 4 May 2007 14:02:57 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=prodigy.net;
  h=X-YMail-OSG:Received:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
  b=kg3UnpzyBWoaTPbjapuCaiZQt4cR35LMzFl0ZGVVwdpH4ffx1mKaCZR9EM4nv3m+XIOtW8huy2FWYlt5KTi/UP9rHljQaDv79dsMfLpRYwzJ299u/LlW6eU69twfbvxY8QXGWJ5siRsO00nb31pPQHQPIh73KFHIvDP4gJG8qZk=;
X-YMail-OSG: y2m3.vgVM1kaUPWcZ5a1v_dgDc7g62xh6NseAhadIv1_.8Tw4Gt7L6DBfaRNMhPX54TYW5pHiedxYwX7OjCAHzgGOrhJA14jNbD5pYEMvUSPJczo7Xg-
Received: from [xxxxxxxx] by web80202.mail.mud.yahoo.com via HTTP; Fri, 04 May 2007 07:02:57 PDT
Date: Fri, 4 May 2007 07:02:57 -0700 (PDT)
From: Xxxxxxxxx <xxxxxxx@prodigy.net>
Reply-To: xxxxxxx@prodigy.net
Subject: Re: Thanks
To: Xxxxxx <xxxxx@bellsouth.net>
In-Reply-To: <002b01c78dc7$59ec1180$6101a8c0@rick8803d6ef66>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1719296184-1178287377=:62209"
Content-Transfer-Encoding: 8bit
Message-ID: <275121.62209.qm@web80202.mail.mud.yahoo.com>
X-Spam: [F=0.0001323180; S=0.010(2007050201); MH=0.500(2007050417); R=0.012(s7/n557)]
X-MAIL-FROM: <xxxxxxx@prodigy.net>
X-SOURCE-IP: [192.168.16.145]                     Blank line missing after this line!!!!
--0-1719296184-1178287377=: 62209               
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Antivirus: avast! (VPS 000738-2, 05/04/2007), Inbound message
X-Antivirus-Status: Clean

Hi Rick,
   
  Glad to help out.  Viruses are a big problem for all of us.
   
  Bob


   
---------------------------------
    avast! Antivirus: Outbound message clean.   Virus Database (VPS): 000738-1, 05/03/2007
Tested on: 5/3/2007 5:09:35 PM
avast! - copyright (c) 1988-2007 ALWIL Software.
 


--0-1719296184-1178287377=:62209
Content-Type: text/html; charset=iso-8859-1

....



Thanks
Vlk
Title: Re: More on 'Potential Infections'
Post by: Vlk on May 04, 2007, 08:37:03 PM
Of course, you're free to report my previous post to Bellsouth support. It should contain all the information necessary to find and fix the issue.
Title: Re: More on 'Potential Infections'
Post by: Rick F on May 04, 2007, 09:08:02 PM
Thanks Vlk,

I've copied your post and included it in an email to BellSouth.  I hope they will do something about it. My first response from them was to contact Tech support at their 800 number... the folks in India.  I told them I've already talked to them about it and they knew nothing about it.  ::)
Title: Re: More on 'Potential Infections'
Post by: sandraj on May 04, 2007, 10:01:20 PM
I have told my system to "leave messages on the server". I look in OE and the attachments are not there. I go to Bellsouth server and you can view the attachments. It's got to be in the way Bellsouth transfers to Outlook express. Funny I forwarded a email from a yahoo user with an attachment to myself. I went to OE and there it was with complete attachment. It is just something with the Yahoo and a few other 's like Prodigy.
Title: Re: More on 'Potential Infections'
Post by: Barbara T. on May 05, 2007, 12:00:34 AM
I have told my system to "leave messages on the server". I look in OE and the attachments are not there. I go to Bellsouth server and you can view the attachments. It's got to be in the way Bellsouth transfers to Outlook express. Funny I forwarded a email from a yahoo user with an attachment to myself. I went to OE and there it was with complete attachment. It is just something with the Yahoo and a few other 's like Prodigy.



I just received 5 forwards.  However, this one different from the rest was not a forward yet still when I brought it in there is NO message content.  Again a YAHOO sender yet NOT a forward...just to me alone.  I'm believing more and more that the problem has dwindled down to a Yahoo/BellSouth problem.  I vaguely remember having one before.  Comodo catching them as spam is all that has happened to me for 2 days...none of the flashing, talking message with Avast on its face.

From Source of the one message that was directly to me...not a forward.
 
+OK
From: avast! 4
Subject: [avast! heuristic - WARNING]   

Multiple Content-Type header - HIGH DANGER!


Sender:  Perry Easterling <@yahoo.com>
Recipient:  barbara burke <xxxxxx@bellsouth.net>
Subject:  web
Title: Re: More on 'Potential Infections'
Post by: alanrf on May 05, 2007, 12:08:30 AM
We know this is not just a Yahoo/BellSouth problem - Rick F. has the same errors from a user on Prodigy.net.

I already posted an explanation that this problem will almost certainly not occur when you forward messages to yourself inside BellSouth because it will not be subjected to the same spam filtering that outside mails gets.  I would hazard a guess that it is the spam filtering and the insertion by BellSouth of the spam filter header line into the message that is causing the problem for some domains delivering to BellSouth.

Title: Re: More on 'Potential Infections'
Post by: brdman3 on May 05, 2007, 12:11:22 AM
Appreciate the info VLK. I've referred this to BellSouth along with a link to the forum here and in particular to your reply. Maybe they'll get serious about trying to fix this if enough of us take similar action.

Title: Re: More on 'Potential Infections'
Post by: brdman3 on May 05, 2007, 12:31:58 AM
While working with a BellSouth technician about this problem he requested that I send MYSELF a test message with an attachment from Outlook Express. I tried it and it worked. He also suggested that until this problem is solved, it might be a good idea to use the option to leave the messages on the server.  It COULD actually be that YAHOO is the culprit in corrupting the files that are being flagged as a virus.
Title: Re: More on 'Potential Infections'
Post by: alanrf on May 05, 2007, 12:37:07 AM
There is yet to be an instance of a message being sent from a BellSouth account to another BellSouth account having an error.  I have already explained why they are unlikely to. 

The errors are being seen from other sources than Yahoo too.
Title: Re: More on 'Potential Infections'
Post by: sandraj on May 05, 2007, 01:30:08 AM
When you send a email to someone other than a bellsouth user, from a yahoo site, even with an attachment, it goes through fine. I sent one from yahoo to a wildblue.net address with an attachment and this person has Avast. it went through fine. Seems to me if it was yahoo problem, it would be with someone other, and more than just Bellsouth.
I still think it's Bellsouth...
Title: Re: More on 'Potential Infections'
Post by: alanrf on May 05, 2007, 01:47:13 AM
Yes, that confirms the testing I already reported earlier today.
Title: Re: More on 'Potential Infections'
Post by: Barbara T. on May 05, 2007, 01:49:46 AM
I have told my system to "leave messages on the server". I look in OE and the attachments are not there. I go to Bellsouth server and you can view the attachments. It's got to be in the way Bellsouth transfers to Outlook express. Funny I forwarded a email from a yahoo user with an attachment to myself. I went to OE and there it was with complete attachment. It is just something with the Yahoo and a few other 's like Prodigy.



I just received 5 forwards.  However, this one different from the rest was not a forward yet still when I brought it in there is NO message content.  Again a YAHOO sender yet NOT a forward...just to me alone.  I'm believing more and more that the problem has dwindled down to a Yahoo/BellSouth problem.  I vaguely remember having one before.  Comodo catching them as spam is all that has happened to me for 2 days...none of the flashing, talking message with Avast on its face.

From Source of the one message that was directly to me...not a forward.
 
+OK
From: avast! 4
Subject: [avast! heuristic - WARNING]   

Multiple Content-Type header - HIGH DANGER!


Sender:  Perry Easterling <@yahoo.com>
Recipient:  barbara burke <xxxxxx@bellsouth.net>
Subject:  web

Tonight recieved 5 forwards from AOL; 2 Earthlink, and 1 MSN; all were OK.  Comodo did not label them as spam and catch them.

Yahoo senders' mail is all still caught in Comodo as spam as is SBCglobal.

Barbara T.
Title: Re: More on 'Potential Infections'
Post by: Barbara T. on May 05, 2007, 01:53:19 AM
There is yet to be an instance of a message being sent from a BellSouth account to another BellSouth account having an error.  I have already explained why they are unlikely to. 

The errors are being seen from other sources than Yahoo too.

One other is SBCglobal to me.  I'm watching closely to find others but not so far. 

Not confirmed but suspicious for me is that the sender's ISP seems more a factor in the suspicious message than the content of the message.

Barbara T.
Title: Re: More on 'Potential Infections'
Post by: sandraj on May 05, 2007, 04:40:44 AM
is everyone that's having this problem on Bellsouth DSL or is it with dial up customers also?
Title: Re: More on 'Potential Infections'
Post by: Rick F on May 05, 2007, 03:19:25 PM
is everyone that's having this problem on Bellsouth DSL or is it with dial up customers also?


Since Vlk says it's a format issue with BellSouth leaving out an all-important blank line, I would suspect dial-up users of BellSouth to also be affected.

So far I've seen that emails coming from Yahoo, Prodigy and SBCglobal having this problem. I noticed that emails coming from Hotmail accts don't have this problem.

So far I haven't recv'd a response from BellSouth on the email I sent where Vlk explained the symptoms which are causing the problem.
Title: Re: More on 'Potential Infections'
Post by: Rick F on May 05, 2007, 04:27:36 PM
An interesting tidbit that I got from my friend.  It seems like Yahoo, Prodigy, and SBC are/were connected in some way.  Hmmm?

Quote
A note about my Prodigy service.  Prodigy was the original service IBM developed with Sears.  Over the years Prodigy was picked up by SBC -- which as you know is Bell South.  Those older customers, like me, were allowed to keep the Prodigy tag.  We are also part of the same company that offers Yahoo access.  I don't know if that makes any difference but I thought I would just pass that on to you.
Title: Re: More on 'Potential Infections'
Post by: Vlk on May 05, 2007, 09:54:35 PM
Rick, I noticed that the email you forwarded to me (the one from Prodigy) actually went via Yahoo (see this line in the message headers: "Received: from web80202.mail.mud.yahoo.com ([68.142.201.107])").

Also, the email was clearly processed by the Yahoo's "DomainKeys") antispam system (that's the DomainKey-Signature header line) - see http://en.wikipedia.org/wiki/DomainKeys for more details.

Cheers
Vlk
Title: Re: More on 'Potential Infections'
Post by: Rick F on May 06, 2007, 06:36:54 PM
Thanks Vlk,

That's interesting.

BTW, BellSouth admits that they are having a problem with some email servers.  See this post in the other thread:

http://forum.avast.com/index.php?topic=28144.msg230419#msg230419

I went to my Yahoo email acct and sent a short test message to my BellSouth acct. The test message comes thru now without avast alarming.

BUT - if I add any sort of attachment (pdf or doc), avast sounds the alarm. So BellSouth still has some issues... but maybe they're making some improvements.
Title: Re: More on 'Potential Infections'
Post by: sandraj on May 08, 2007, 06:05:44 PM
I have noticed that today an email from NetZero service was also stripped of the attachment in outlook express.
I recieved an email from this person a few days ago with an attachment and now I can't...
Title: Re: More on 'Potential Infections'
Post by: Rick F on May 08, 2007, 06:55:18 PM
BS (BellSouth... don't read anything more into that abreviation,  ::) ) is still having troubles.  I send myself an email thru my Yahoo acct periodically to check on it. Any email (through yahoo acct) with an attachment sounds the alarm and the attachment is garbled.

I'll pass it on to them about Netzero... but I suspect they already know this.
Title: Re: More on 'Potential Infections'
Post by: brdman3 on May 16, 2007, 07:46:27 PM
Well, it's been 8 days since Rick posted the last message about this problem and it's STILL happening. I just got through sending BellSouth a long, detailed email about the problem so hopefully others are doing the same. It's aggravating to have to stop and go to the web based email to be able to get your emails that have attachments, but that's the ONLY way I've been able to have any success in getting the pictures others are trying to send me. Also, leaving the messages on the server (as opposed to downloading them with OE as I usually do) results in having TWO copies of the same email show up in OE when you access your email this way.
Title: Re: More on 'Potential Infections'
Post by: DavidR on May 16, 2007, 08:55:13 PM
A workable solution better than the webmail option, I use mailwasher pro, there is a free version that will be OK for one email account, you can pre-vet your emails (not just for spam, but if you feel they are suspicious, have attachments, etc.) and those you don't want flag for deletion.

When you click process mail, the ones you (and it) flagged for deletion are deleted from the email server, it calls OE (or whatever email you use) and you download the remainder that you have vetted.
Title: Re: More on 'Potential Infections'
Post by: Rick F on May 16, 2007, 09:29:48 PM
It's aggravating to have to stop and go to the web based email to be able to get your emails that have attachments, but that's the ONLY way I've been able to have any success in getting the pictures others are trying to send me. <snip>

Yep, I've also sent another email to BellSouth.  I haven't recv'd a response as yet (except for the automated response saying they recv'd my email). I wonder if it has something to do with BellSouth and ATT merger?
Title: Re: More on 'Potential Infections'
Post by: brdman3 on May 17, 2007, 06:37:55 PM
Tried ANOTHER experiment with this problem. I created an email (with an attached picture) from one of my Yahoo accounts and set it to my ISP (BellSouth) email addy. At the same time I sent a copy to a fastmail account I have. It IMMEDIATELY showed up in the ISP account as having a virus. Clicking "Continue" on the Avast warning window had the result of stripping the attachment from the email.  I logged on to the fastmail account and there was NO virus warning and the attachment was intact.  Next I forwarded the email from the fastmail account to my ISP email. It arrived intact -  WITH the attachment. This pretty much proves that some of the email coming from Yahoo to BellSouth subscribers is being corrupted.
Title: Re: More on 'Potential Infections'
Post by: Rick F on May 17, 2007, 07:46:48 PM
Quote
This pretty much proves that some of the email coming from Yahoo to BellSouth subscribers is being corrupted.

Yes, several have done the same test. As Vlk (and Alan) pointed out, there is an all important missing blank line after the source IP address as seen in this example.  It looks like the emails from Yahoo (Prodigy, SBCglobal, & NetZero) are getting malformed by the BellSouth servers.  Vlk speculated that could be their spam filters.

------- example -------
 
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1719296184-1178287377=:62209"
Content-Transfer-Encoding: 8bit
Message-ID: <275121.62209.qm@web80202.mail.mud.yahoo.com>
X-Spam: [F=0.0001323180; S=0.010(2007050201); MH=0.500(2007050417); R=0.012(s7/n557)]
X-MAIL-FROM: <xxxxxxx@prodigy.net>
X-SOURCE-IP: [192.168.16.145]              <--- Blank line missing after this line!!!!
--0-1719296184-1178287377=: 62209               
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Antivirus: avast! (VPS 000738-2, 05/04/2007), Inbound message
X-Antivirus-Status: Clean

Hi Rick,

Here's the test mssg you requested...
Title: Re: More on 'Potential Infections'
Post by: vineyridge on May 18, 2007, 12:09:57 AM
I'm Win98SE, Pegasus Mail, and BellSouth.

I'm getting the same warnings.  Today I received one from a yahoo customer, one from an Outlook Express or Thunderbird or Pegasus Mail client on a cable modem (CableLynx), and lots from three people on an email list I frequent.  The list does not allow attachments, and all emails must come in plain text, and I don't think it uses a yahoo group or server, since all the emails did not shriek.  The list warnings are always on the same people and have been coming up for maybe ten days;  I haven't checked to see if the original senders are coming to the list through yahoo, but would that matter. Since the last update today, yahoo client and the cable client are raising alarms.

This is getting nerve wracking.  I don't mind deleting my list emails, but I certainly mind personal ones being flagged if the flagging is off.

I just opened one.  It was from Europe, never had an attachment, but would open in the attachment area of PegMail.  Down at the very bottom, it said it was  virus free.  Was from Yahoo.com

I'm convinced it's Bell South screwing things up with only certain ISPs.

Vlk, I've copied the raw view and will try and email it to you.  Here is the heading on the reader:

This message contains binary or non-textual data that cannot be previewed within Pegasus Mail.

   Filename:   Unknown

You can work with this file in the message reader's 'Attachments' page. 

The other one might have been yahoo as well, but I deleted it.  Four of the ones on the email list were from the same yahoo customer, but I'm not sure about the other two users.
 
Title: Re: More on 'Potential Infections'
Post by: brdman3 on May 18, 2007, 06:06:32 PM
I’m beginning to wonder if the merger with AT&T has something to do with this. When I powered up a day or two ago, I got an “Ad” (for lack of a better word) from AT&T to try their ‘AT&T Internet Security Suite’. With the ad window being semi transparent I couldn’t read the whole thing so I thought, what the heck, I’ll give it a try. It’s a BIG file and took quite a while to download and install, and required a reboot after being installed. As the PC rebooted a message popped up telling me that their software could NOT run due to the fact that my current anti-virus program (Avast 4.7 Home Edition) could not remain resident and run THEIR security stuff at the same time. There was an option to automatically DELETE Avast, which I declined to do. Later that day I did an uninstall on their software.

So it makes one wonder if AT&T is trying to build their own virus protection programs which won’t run unless you delete whatever you might be using at the present time so you HAVE to use theirs – at a cost of $5.00 per month added to your bill. A sort of priority software that’s exclusive to their own subscribers.
Title: Re: More on 'Potential Infections'
Post by: Rick F on May 18, 2007, 08:59:44 PM
BellSouth is still working on it.  I sent them another email today...

Quote
Dear Sir or Madam,
 
It's been over two weeks now that BellSouth (and AT+T?) started having trouble with some of their email servers.
 
What is the prognosis?  Are they working on it?  Or... do they not care if emails from Yahoo, Prodigy, Netzero and SBCglobal are being messed up?  If it's a problem with some spam filter, is there a way I can turn it off?

Respectively,
Rick F.

Their response...

Quote
Dear BellSouth Internet Service Customer,
Thank you for taking the time to contact BellSouth Internet Service. We appreciate the opportunity to address your concerns because it is our goal to provide the highest quality Internet service available.

I am terribly sorry you are experiencing these email issues. I know it is a frustrating situation however we have identified the issue that is blocking the attachments from yahoo and we are working to resolve the issue. I do want to assure you that you can check your email at our mail.bellsouth.net website and you will be able to view your attachments that have not been downloaded to your Outlook and Outlook Express mail client. Thank you for your patience.   

Again, thank you for this opportunity to address your concerns.
Title: Re: More on 'Potential Infections'
Post by: brdman3 on May 19, 2007, 05:43:08 AM
Rick's reply from BellSouth:

Quote
I am terribly sorry you are experiencing these email issues. I know it is a frustrating situation however we have identified the issue that is blocking the attachments from yahoo and we are working to resolve the issue. I do want to assure you that you can check your email at our mail.bellsouth.net website and you will be able to view your attachments that have not been downloaded to your Outlook and Outlook Express mail client. Thank you for your patience.

Sounds suspicious. They've been TOLD about this problem for over a month now and if they have indeed
Quote
identified the issue that is blocking the attachments from yahoo and we are working to resolve the issue
what's the holdup? Apparently it didn't take that long to CREATE the problem!!!![/color]
Title: Re: More on 'Potential Infections'
Post by: sandraj on May 23, 2007, 03:32:32 AM
Evidently the problem has been fixed. I am able to recieve attachements now from yahoo...
Title: Re: More on 'Potential Infections'
Post by: Lisandro on May 23, 2007, 03:40:25 AM
Evidently the problem has been fixed. I am able to recieve attachements now from yahoo...
Good to know that the problem has been addressed...
Any other user of Yahoo can confirm that?
Title: Re: More on 'Potential Infections'
Post by: sandraj on May 23, 2007, 05:19:16 AM
Today is the first day I've been able to receive attachments from a yahoo sender. I am a bell south user. I got email from 3 different people on yahoo, and the attachments came through on OE. Hopefully this is fixed.
Title: Re: More on 'Potential Infections'
Post by: DavidR on May 23, 2007, 02:36:14 PM
Fingers crossed, that didn't take long then (NOT) about 20 days, perhaps longer.
Title: Re: More on 'Potential Infections'
Post by: Rick F on May 23, 2007, 05:30:47 PM
Yea!! It is fixed! 

I verified that it works through Yahoo using my yahoo acct. and adding an attachment.  I also got an email from my friend today who uses Prodigy and it came through just fine as well.

Glad BellSouth finally got it sorted out.

Thanks to all those who helped here on this great forum.  ;)
Title: Re: More on 'Potential Infections'
Post by: Lisandro on May 24, 2007, 01:14:56 AM
Thanks to all those who helped here on this great forum.  ;)
You're always welcome to come back any time you need help 8)