Author Topic: "Mail Shield Security Exclusion" Bug  (Read 11803 times)

0 Members and 1 Guest are viewing this topic.

Offline KDibble

  • Full Member
  • ***
  • Posts: 199
"Mail Shield Security Exclusion" Bug
« on: July 10, 2013, 09:54:26 PM »
Here is the latest on the bogus "invalid certificate" problem.

Today on Windows 7 Ultimate, using Thunderbird 2.0.0.24:

Thunderbird on this workstation is configured to handle three different email accounts using two different POP/SMTP server sets. Thunderbird is configured to automatically download email upon launch.

In this particular case, I was using a domain administrator login on the Windows 7 Ultimate machine.

I launched Thunderbird, observed progress bar appear, then halt. A **Windows error message** appeared stating that the Avast! mail shield program had stopped working and did I want to send error logging information. I said yes.

Three separate Avast! "Mail Shield Security Exclusion" windows were generated, one for each POP account the email client attempted to access. The content of these windows was identical except for the name of the server "location":

"avast! has identified a problem with this site certificate.
You can add this certificate as an exclusion, if you are sure about it.

Click the 'View' button for more details about the certificate.

If you want to change your certificates/exclusions, please open the Windows Certificate browser and perform the required operations directly from within the system certificate storage.

Legitimate public sites and mail servers should not ask you to do this.

SERVER

Location: *****

CERTIFICATE STATUS

This site attempts to identify itself with invalid information.

Problems:

The certificate is not trusted."

Pressing the "View" button in this window revealed that the problematic certificate is valid from 2/17/2013 to 2/17/2014.

This event generated three sets of Windows Event Log records, one for each email account. Here is the most recent set:

Log Name:      Application
Source:        Application Error
Date:          7/10/2013 3:35:13 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      LAFORGE.STIC
Description:
Faulting application name: rundll32.exe_ashMaiSv.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0x360
Faulting application start time: 0x01ce7da498bfddb2
Faulting application path: C:\Windows\system32\rundll32.exe
Faulting module path: unknown
Report Id: d6830fe3-e997-11e2-b9b4-002421dbee7e
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-07-10T19:35:13.000000000Z" />
    <EventRecordID>27789</EventRecordID>
    <Channel>Application</Channel>
    <Computer>LAFORGE.STIC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>rundll32.exe_ashMaiSv.dll</Data>
    <Data>6.1.7600.16385</Data>
    <Data>4a5bc637</Data>
    <Data>unknown</Data>
    <Data>0.0.0.0</Data>
    <Data>00000000</Data>
    <Data>c0000005</Data>
    <Data>00000000</Data>
    <Data>360</Data>
    <Data>01ce7da498bfddb2</Data>
    <Data>C:\Windows\system32\rundll32.exe</Data>
    <Data>unknown</Data>
    <Data>d6830fe3-e997-11e2-b9b4-002421dbee7e</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Windows Error Reporting
Date:          7/10/2013 3:36:52 PM
Event ID:      1001
Task Category: None
Level:         Information
Keywords:      Classic
User:          N/A
Computer:      LAFORGE.STIC
Description:
Fault bucket 3485134940, type 5
Event Name: BEX
Response: Not available
Cab Id: -521629381

Problem signature:
P1: rundll32.exe_ashMaiSv.dll
P2: 6.1.7600.16385
P3: 4a5bc637
P4: StackHash_0a9e
P5: 0.0.0.0
P6: 00000000
P7: 00000000
P8: c0000005
P9: 00000008
P10:

Attached files:
C:\Users\kend\AppData\Local\Temp\WER7894.tmp.WERInternalMetadata.xml
C:\Users\kend\AppData\Local\Temp\WER8D45.tmp.appcompat.txt
C:\Users\kend\AppData\Local\Temp\WER8DC4.tmp.hdmp

These files may be available here:
C:\Users\kend\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_ash_31429544faf12d71b829daa943b9f530a59bc_cab_0c362b44

Analysis symbol:
Rechecking for solution: 0
Report Id: cf396fca-e997-11e2-b9b4-002421dbee7e
Report Status: 8
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Windows Error Reporting" />
    <EventID Qualifiers="0">1001</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-07-10T19:36:52.000000000Z" />
    <EventRecordID>27792</EventRecordID>
    <Channel>Application</Channel>
    <Computer>LAFORGE.STIC</Computer>
    <Security />
  </System>
  <EventData>
    <Data>3485134940</Data>
    <Data>5</Data>
    <Data>BEX</Data>
    <Data>Not available</Data>
    <Data>-521629381</Data>
    <Data>rundll32.exe_ashMaiSv.dll</Data>
    <Data>6.1.7600.16385</Data>
    <Data>4a5bc637</Data>
    <Data>StackHash_0a9e</Data>
    <Data>0.0.0.0</Data>
    <Data>00000000</Data>
    <Data>00000000</Data>
    <Data>c0000005</Data>
    <Data>00000008</Data>
    <Data>
    </Data>
    <Data>
C:\Users\kend\AppData\Local\Temp\WER7894.tmp.WERInternalMetadata.xml
C:\Users\kend\AppData\Local\Temp\WER8D45.tmp.appcompat.txt
C:\Users\kend\AppData\Local\Temp\WER8DC4.tmp.hdmp</Data>
    <Data>C:\Users\kend\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_rundll32.exe_ash_31429544faf12d71b829daa943b9f530a59bc_cab_0c362b44</Data>
    <Data>
    </Data>
    <Data>0</Data>
    <Data>cf396fca-e997-11e2-b9b4-002421dbee7e</Data>
    <Data>8</Data>
  </EventData>
</Event>

So this isn't just some client age/compatibility issue. These are C5 Windows memory errors. They mean Avast! violated Windows rules for memory allocation and was shut down by the operating system. This is clearly a bug in Avast!

Now, is this enough for you people to look at and respond directly to?? What do I have to do to get some help on this??


EcoPaul

  • Guest
Re: "Mail Shield Security Exclusion" Bug
« Reply #1 on: August 23, 2013, 12:14:11 AM »
I've been experiencing the same problem this evening - has anything been done about this - about to renew my subscription.... :-[

To access my email - no choice but to ignore the warning....

ttruheyo

  • Guest
Re: "Mail Shield Security Exclusion" Bug
« Reply #2 on: March 19, 2014, 01:50:23 PM »
We am experiencing the same issue. However, we use outlook and exchange Thunderbird is not in the equation. Has anyone figured this out?

gr3gw

  • Guest
Re: "Mail Shield Security Exclusion" Bug
« Reply #3 on: April 26, 2014, 10:11:49 PM »
I've got the same problem. I can't get my mail without turning off Avast. After showing  a few times the component handling this freezes. The Cancel button no longer works