Author Topic: Invected Message Insertion  (Read 10433 times)

0 Members and 1 Guest are viewing this topic.

Offline DroppinPackets

  • Jr. Member
  • **
  • Posts: 42
Invected Message Insertion
« on: October 14, 2003, 02:20:41 PM »
Greetings, I have just recieved a spam mail message which contained the swen virus, which was detected and deleted.

To my suprise, avast added both text and html parts into the offending mail, but the problem was that when this mail was parsed through spamcop, it wanted to report abuse (see att) to avast abuse for having a url in reference to spam.  This may cause a few misdirected emails sent your way.  Can this be edited, and or removed?

Also, invection cannot be seen in avast log or the avast win2k event viewer?

No skin of my nose, but you could get a lot of emails because of the same type of thing happening with other users.

Cheers

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Invected Message Insertion
« Reply #1 on: October 14, 2003, 03:36:53 PM »
Hehe that's funny problem. Fortunately, a work around is quite simple.

In the Internet Mail provider's settings, either remove the option to add info to infected message bodies, or change the format of the note that's being inserted.

Thanks for pointing this out,
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline DroppinPackets

  • Jr. Member
  • **
  • Posts: 42
Re:Invected Message Insertion
« Reply #2 on: October 15, 2003, 01:17:43 AM »
Well, I could edit, but how do you remove, you stated you could just remove the optin to add info to infected messages, I could not find this, there is an option for clean messages?

Any reason it doesn,t show up in the logs that a virus was detected and deleted, this could be important in silent mode.
Cheers

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Invected Message Insertion
« Reply #3 on: October 15, 2003, 11:00:41 AM »
Quote
could just remove the optin to add info to infected messages, I could not find this, there is an option for clean messages?

Oops, sorry, it's in all other providers but not in Internet Mail. I didn't know that (but changing the text should work, or even better, reconfiguring the network settings so that the mail first goes thru the spam filter and then thru avast).

Quote
Any reason it doesn,t show up in the logs that a virus was detected and deleted, this could be important in silent mode.


Turn on generation of the report file for the 'Resident Protection' task. I.e. in avast, edit the Resident Protection task, and make appropriate changes on the 'Report File' tab. You can even make it generate XML structured output.

Vlk
If at first you don't succeed, then skydiving's not for you.

Offline DroppinPackets

  • Jr. Member
  • **
  • Posts: 42
Re:Invected Message Insertion
« Reply #4 on: October 15, 2003, 03:24:49 PM »
Quote
Oops, sorry, it's in all other providers but not in Internet Mail. I didn't know that (but changing the text should work, or even better, reconfiguring the network settings so that the mail first goes thru the spam filter and then thru avast).

OK, so edit is the only way.

Quote
Turn on generation of the report file for the 'Resident Protection' task. I.e. in avast, edit the Resident Protection task, and make appropriate changes on the 'Report File' tab. You can even make it generate XML structured output.

Report file is turned on(see att)

The only place I can find any mention of the activity is in the "resident protection.txt" file.  There is no reports in the avast log fron the systray icon, or in the avast event viewer, is this by design?
Cheers

Offline DroppinPackets

  • Jr. Member
  • **
  • Posts: 42
Re:Invected Message Insertion
« Reply #5 on: October 18, 2003, 01:49:29 AM »
Quote
There is no reports in the avast log fron the systray icon, or in the avast event viewer, is this by design?

The reason I asked this is as it is a server prog, admins may want to connect via snmp to see what is going on with the server.

From memory, home/pro record virus activity in the event viewer.

cheers
Cheers