Author Topic: Can I save virus infec\ted e-mail for later examination?  (Read 2699 times)

0 Members and 1 Guest are viewing this topic.

Offline Alobar

  • Jr. Member
  • **
  • Posts: 24
    • Live Journal blog
Can I save virus infec\ted e-mail for later examination?
« on: March 10, 2006, 08:09:42 AM »
I got my first AVAST warning in a long time.    See below:

3/10/2006 12:44:09 AM   SYSTEM   1944   Sign of "VBS:Zulu" has been found in "http://mail.google.com/mail/?&ik=73b8e7fc56&view=tl&search=inbox&start=0&tlt=109e2e327f8&fp=cb4a5dfe66be83b3&auto=1&zx=k9rj0s-3ljltp\unp99932259" file. 

The e-mail got zapped by AVAST before it showed up in my Gmail web page, so I have no idea who it was from.   Is there a setting which will save the infected e-mail so I can look at it later in notepad?

Alobar

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: Can I save virus infec\ted e-mail for later examination?
« Reply #1 on: March 10, 2006, 12:35:28 PM »
The e-mail got zapped by AVAST before it showed up in my Gmail web page
Strange... are you sure?
WebShield could 'block' the connection 'before' the files are safed and the webpage loaded.
GMail could be scanned by Internet Mail provider only if you're using Stunnel (a third-party application) and then, the only automated option is send the file to Chest (not 'zap' it).
So, or the email IS in avast Chest or it was not avast who 'delete' (zap) it.  ::)
The best things in life are free.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: Can I save virus infec\ted e-mail for later examination?
« Reply #2 on: March 10, 2006, 12:47:14 PM »
email - despite its legendary years of service - is still very dependent on an email client to be able to display and manage it.

While avast can detect and isolate part of an email stream that may be subject to infection there is no simple way of allowing the email message to be displayed and managed without the significant risk of exposing the user to whatever virus has been detected in the message itself.

While you or I might be able to manage the infected datastream in a "notepad" environment avast has to be designed for the vast majority of users for whom security is the top priority and where risk of infection must be preferably eliminated or, at least, minimised.  For me - I believe that avast has a duty to defer to the needs of the majority and prevent - as far as possible - any risk of infection.

 

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: Can I save virus infec\ted e-mail for later examination?
« Reply #3 on: March 10, 2006, 12:57:56 PM »
Re-reading the above - I am sure that Tech is right (despite my email comments - which I stand by).

This appears to be a case where the Webshield has detected a problem.  So there is no way it is going to be recognized by avast as an email message at all - it is just a web page pure and simple.

By the way - there are so many ways of reading webmail these days via third party applications or plugins that it is often unsure what method has been used.

Tech (for future information) there exist ways to read gmail that are screen-scraper based and that do not involve STunnel (I know - I use one) that allow gmail to be converted to a POP3 stream and passed through avast for scanning (just like Yahoo and Hotmail).  Sorry - but this is just to keep us all on our toes.
« Last Edit: March 10, 2006, 01:07:42 PM by alanrf »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67274
Re: Can I save virus infec\ted e-mail for later examination?
« Reply #4 on: March 10, 2006, 01:06:01 PM »
Tech (for future information) there exist ways to read gmail that are screen-scraper based and that do not involve STunnel (I know - I use one) that allow gmail to be converted to a POP3 stream and passed through avast for scanning (just like Yahoo and Hotmail).  Sorry - but this is just to keep us all on our toes.
Thanks. To do not hijack this thread, can you post this 'method' in another one.
I'm curious  8)
The best things in life are free.

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re: Can I save virus infec\ted e-mail for later examination?
« Reply #5 on: March 10, 2006, 08:33:36 PM »
***

Alobar,

You might also want to read the thread at the below link as this one also eventually got the same message you did (plus a first one for Loveletter) when using gmail.

http://forum.avast.com/index.php?topic=19562.0


***
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM