Author Topic: Detection Difference between Machines/OS's?  (Read 2978 times)

0 Members and 1 Guest are viewing this topic.

rljames

  • Guest
Detection Difference between Machines/OS's?
« on: June 09, 2005, 11:57:25 AM »
I run the latest (Build Jun2005 4.6.665) and auto updated release of Avast Home on a Win XP SP2 laptop and Win 2000 Pro desktop. Recently I noticed that a particular piece of eMail generated a "Warning" on the laptop but not desktop?

Thanx,
Bob

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11818
    • AVAST Software
Re: Detection Difference between Machines/OS's?
« Reply #1 on: June 09, 2005, 12:07:54 PM »
What exactly did the warning say?

rljames

  • Guest
Re: Detection Difference between Machines/OS's?
« Reply #2 on: June 09, 2005, 12:15:28 PM »
Sorry I don't remember the *exact* wording but it was something like "Possible threat detected, white space in message header". Turns out the eMail was harmless and from a common known sender.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: Detection Difference between Machines/OS's?
« Reply #3 on: June 09, 2005, 02:20:10 PM »
Sorry I don't remember the *exact* wording but it was something like "Possible threat detected, white space in message header". Turns out the eMail was harmless and from a common known sender.

Probably it's refering to mail scanner heuristics.
Check the Internet Mail Provider settings > Heuristic tabs of settings.
If you use MS Outlook, see Outlook provider Heuristic settings.
See a picture here: http://forum.avast.com/index.php?topic=14157.msg119856#msg119856

In the help file is written: Resident Protection: Internet Mail - Heuristic: avast! is able to scan inbound mail not only for known viruses, but it can also verify the messages using heuristic analysis and possibly reveal a virus that is not present in the virus database yet. You can modify the settings of the heuristic analysis on this page. Check whitespaces sequence. Some viruses use a trick: behind one extension of the infected file name a large number of spaces (or other nondisplayable, "white" characters) is appended, followed by a second, real extension that is dangerous. The user does not see the second extension (it is several lines below or does not fit into the window where names are displayed). Heuristic analysis can uncover this trick and warn the user. Default permitted sequence length is five. Thus, if there are more than five white characters, a warning message will be displayed.
« Last Edit: June 09, 2005, 02:28:31 PM by Tech »
The best things in life are free.

rljames

  • Guest
Re: Detection Difference between Machines/OS's?
« Reply #4 on: June 09, 2005, 08:44:01 PM »
Thanks. I *think* I know why the one machine (laptop) gave the warning, my question was why didn't the desktop machine catch the same eMail with the same warning? As I said identical Avast!, only difference I can see is the OS's.

Bob

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11818
    • AVAST Software
Re: Detection Difference between Machines/OS's?
« Reply #5 on: June 10, 2005, 09:27:03 AM »
Are you sure the settings of e-mail heuristics are same on both the computers? Also, are you sure it was exactly the same e-mail?
Do you still have that e-mail, or did you delete it?