Author Topic: .mht is suspicious extension?  (Read 12601 times)

0 Members and 1 Guest are viewing this topic.

mom

  • Guest
.mht is suspicious extension?
« on: October 28, 2003, 06:13:27 PM »
I received a single file web page *.mht via Avast! yesterday. Today Program version= 4.1.289) Vps version= 0310-2. This page passed AVG scan from sending side, yet the email was stopped from entering OE 6.00.2800.1123. The email message source:
-----:
X-x: TimeOut
X-x: TimeOut
X-x: TimeOut
X-x: TimeOut
X-x: TimeOut+OK
Subject: avast! 4
Suspicious extension(s) of attachment
 * 20 Great Google Secrets.mht
Sender: [suppressed]
Recipient:  [suppressed]
Subject:  20 Great Google Secrets
-----

Avzst! on access Internet mail setting is custom including "attachment check according to name and content type."

Assuming the mht file is good, what can I do short of removing the "attachment check according to name and content type" to receive such email attachments? Is this a bug, is there a workaround, for example changing the extension from sending end?

This is my first problem with Avast!--otherwise has been excellent for my two months of use.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11655
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:.mht is suspicious extension?
« Reply #1 on: October 28, 2003, 10:45:08 PM »
MHT files can indeed contain hostile stuff. It's a Microsoft-proprietary format for packing HTML contents (including pictures, scripts and other stuff) into single files...

It is possible to turn off the "attachment check according to name and content type" but I'd rather recommend against doing so...

Anyway, avast should let you access the file - it's just warning you, right?

Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re:.mht is suspicious extension?
« Reply #2 on: October 29, 2003, 12:33:47 PM »
I confirm the words of Vlk  ;D
Maybe you can ask to the sender to convert the mht file into a zip file. Avast! will only alert a suspicious extension (both for zip and mht) but you can access the file (attach). Although if the file is infected, avast! will bring you a window to handle the file (move, rename, clean, Virus Chest and so on)...  ;)
The best things in life are free.

Thoy

  • Guest
Re: .mht is suspicious extension?
« Reply #3 on: December 05, 2008, 12:17:02 PM »
Had just this report yesterday... My niece send me a list which was in this .mht format and Avast went barmy with sirens and the works! All very frightening ! so I deleted it in a panic.
It turned out the same attachment received on my wife's laptop was passed by AVG without comment. When it was moved onto the desktop and checked by AVG it was pronounced virus free.

On reflection maybe I should be glad that my Avast queried it. It shows it was maybe on the ball.

 :)

Thoy

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: .mht is suspicious extension?
« Reply #4 on: December 05, 2008, 01:24:39 PM »
Can you inform the file as being a false positive (click on the bottom right of the virus warning message).

To know if a file is a false positive, please submit it to VirusTotal and let us know the result. VirusTotal has a file size limit of 10Mb. You can use VirScan also.
If it is indeed a false positive, send it in a password protected zip to virus@avast.com. Please, mention in the body of the message why you think it is a false positive and the password used. Thanks.

Maybe you need to disable Hide protected operating system files and enable View hidden files and folders to manage the file(s).

As a workaround, you can add these files to the Standard Shield provider (on-access scanning) exclusion list.
Left click the 'a' blue icon, click on the provider icon at left and then Customize. Go to Advanced tab and click on Add button...
You can use wildcards like * and ?. But be careful, you should 'exclude' that many files that let your system in danger.

This link is a tutorial on how to help correct a virus detection that you believe to be false:
http://forum.avast.com/index.php?topic=25009.msg204838#msg204838
or http://forum.avast.com/index.php?topic=7779.msg62586#msg62586
The best things in life are free.

Online DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 89439
  • No support PMs thanks
Re: .mht is suspicious extension?
« Reply #5 on: December 05, 2008, 03:41:00 PM »
Had just this report yesterday... My niece send me a list which was in this .mht format and Avast went barmy with sirens and the works! All very frightening ! so I deleted it in a panic.
It turned out the same attachment received on my wife's laptop was passed by AVG without comment. When it was moved onto the desktop and checked by AVG it was pronounced virus free.

On reflection maybe I should be glad that my Avast queried it. It shows it was maybe on the ball.

It is possible that there could be something objectionable in that file as Vlk mentioned in an earlier post, which is why avast is warning about the attachment type (you would get the same alert if it were an .exe attachment).

This can be disabled as Vlk mentions, Internet Mail, Customize, Heuristics tab, see image. As for AVG not alerting doesn't mean very much as both AVs are different it may not even give a suspicious alert it may also not extract the contents of the .mht file attachment.
« Last Edit: December 05, 2008, 03:52:04 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security