Heuristic: Warning

[John-]

Hello,

I received this kind of email for the first time in my mailbox.
I will translate it for you, cause I am using the Dutch language pack.
----------------------------------------------------------------
from: Avast! Subject: Avast! Heuritic - WARNING

Very suspicious extention from attachement
Very suspicious extention from attachement


From:  Quest@systray.be, Race@systray.be
Receiver:  everlastinggaze@whocares.net
Subject:  Patrocina este evento deportivo
-----------------------------------------------------------------

I assume avast! detected a virus in the email and automatically deleted it?
I guess I answered my question already, but just want to make sure, cause never had this one before

thanx

[DavidR]

The key is in the quoted text, this is a warning, a suspicious attachment - If it actually was a virus you would have had a virus alert not a warning.

from: Avast! Subject: Avast! Heuritic - WARNING

Very suspicious extention from attachement

You didn't state what the attachment file extension was ? What is done depends on your actions/settings in heuristics.

[Octávio Brazilian]

Your email provider is set to HIGHT Security or Personal Security, set to Medium and Heuristic to desactive heuristic.
Heuristic block suspcious extensions and frames.


Good Bye!
Octávio-From Brazil

[John-]

Thats the funny part,...I do not know which kind off attachment was blocked.
It is true I have set everything on "high".

I am sure this is not a big thing,...but since I am having this for the first time using Avast! I just wondered.
I have looked in my virus chest and event log,...and nothing usual was logged,....

I am using Avast! Home Edition 4.5 latest VPS
OS: Windows XP Professional SP2

thanks for the replies

[Gillie2tat]

I've been thinking about this overnight - I get these and usually it's becuase it's an MSN Group or Yahoo e-mail which has used HTML iframe coding within the e-mail for advertising purposes.

Iframes can run an invisible browser window frame within the web page and can therefore run scripts and malicious coding without your knowing they're there.

I set my browser to not display Iframes in my preferences - Internet Explorer it's Tools-Options, Netscape it's Edit-Preferences.  The newer versions of Netscape and Firefox can now display iframes (short for inline frames) so it's advisable to disable them.  It used to be coding that was specific to Internet Explorer but not any more.

I also set my e-mail client to display e-mails as text only and turn off the Microsoft viewer option (I am using Eudora), that way the iframe can't run.

Just another way that HTML coding can be misused I'm afraid.  I would suggest just deleting any e-mails which come up with this and if it's someone you know they'll re-send when they realise you haven't got it.

This page - http://htmlgoodies.earthweb.com/tutors/inlineframes.html - has a tutorial on iframes with an example showing one working.

[MikeBCda]

Just to give you an idea of how the heuristics protection works -- any exe or other executable attachment will pop up that "Suspicious" warning even if the file itself is totally clean, simply because it's a suspicious type of attachment.

And of course you should know not to touch exe attachments unless they're from a source you know and you've specifically requested them.  That's almost the number-one rule of basic computer security even (especially?) for newbies.  And of course even if they were something you wanted and were expecting, scan them before you do anything else with them.