Author Topic: lost trust in avast can't remove sality  (Read 9660 times)

0 Members and 1 Guest are viewing this topic.

mauserme

  • Guest
Re: lost trust in avast can't remove sality
« Reply #15 on: June 09, 2006, 06:24:17 AM »
... I decided to try some online scanners like panda, kaspersky, and bitdefender it found over 40+ files that it had infected.

Are you saying all three (panda, kaspersky, and bitdefender) found >40 infected files, or just panda?

Where was it originally detected, file name and location ?
Where does it keep coming back to, file name and location ?
What avast provider detected it, what were you doing, browsing, downloading, running an on-demand scan, etc. ?

Can you provide this information?

Also, are you using a firewall?

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: lost trust in avast can't remove sality
« Reply #16 on: June 09, 2006, 10:46:31 AM »
I wish to offer a public apology to Panda for a post I made earlier in this thread.

Certain reports in this forum have caused me to further research the complete inadequacy of avast scanning to be able to properly deal with the mail folders of the Thunderbird mail client.

In an earlier post I suggested that the finding by Panda of a Sober variant in a Thunderbird mail folder was a false positive.  This was my error, the finding by Panda was absolutely correct. 

This virus, that has existed on my system in the mail folder for more than a year has never been reported by avast in my weekly (ashquick.exe) scans of my mail folders or by thorough (including archive) scans by the on demand scanner.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11865
    • AVAST Software
Re: lost trust in avast can't remove sality
« Reply #17 on: June 09, 2006, 10:52:56 AM »
It's not that suprising, considering that avast! doesn't really scan the content of Thunderbird mailboxes... (in the on-demand scan, I mean).

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: lost trust in avast can't remove sality
« Reply #18 on: June 09, 2006, 10:57:57 AM »
Well Panda can!

You are also, I'm afraid, misrepresenting the truth here. 

My research in the last few hours shows avast does scan them, avast does modify them and I believe does, sometimes, destroy them.

Should I post further findings to someone in the team or publicly? 

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11865
    • AVAST Software
Re: lost trust in avast can't remove sality
« Reply #19 on: June 09, 2006, 11:04:53 AM »
As I explained in the other post yesterday, avast! scans only the first message in the mailbox, as it looks like an ordinary EML file. So, if this one contains a malware, then it is detected and the subsequent action may confuse Thunderbird. The rest of the messages are not scanned (well, in special cases a malware may be found in the full scan of the file if the infected object is stored in plaintext there - but I believe it's quite rare).

Fast

  • Guest
Re: lost trust in avast can't remove sality
« Reply #20 on: June 09, 2006, 11:29:50 AM »

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: lost trust in avast can't remove sality
« Reply #21 on: June 09, 2006, 11:42:13 AM »
Fast,

I reported on this feature of Thunderbird 1.5, at length, here in the avast forum and in the Thunderbird forum.  Igor went to some length to explain why avast could not scan these files created by Thunderbird.

This really has nothing whatsoever to do with the issue at hand - the avast Internet Mail Scanner does an excellent job of keeping viruses out of the Thunderbird mailbox in the first place.  Should a virus get in then we have the backup of the Standard Shield to prevent a bad file from being executed.  That's why I strongly recommend the use of both providers to users of Thunderbird.

The real issue here is avast's current inability in the on demand scanners to recognize a Thunderbird mail file and the inappropriate actions it takes on the file because it thinks that a Thunderbird mail file is really a single standalone EML file. 

The problem here is most likely going to be affecting a new avast user.  The first time they run an on demand scan of their system they may well find under, under certain conditions, that avast has destroyed their Thunderbird Inbox containing all of their email received over months or years.  As we saw at the start of this thread - it happened to the originator - who had no backup.
« Last Edit: June 09, 2006, 11:49:00 AM by alanrf »