Author Topic: Avast destroyed over 4k Mails  (Read 5957 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
Avast destroyed over 4k Mails
« on: April 14, 2018, 01:21:29 PM »
Today I made a full search with Avast! Free (ver 180413-4) and after a while it found something and because I dont want to wait forever I stopped the search. It found 3 problems, all within my Thunderbird Inbox and older versions of it. Detection was "HTML:Facebook-A[Phish]". I would have ignored it, because I can look after myself in regards of phishing, but THE ONLY OPTION AVAST GAVE ME WAS AUTOMATICALLY. And that led to the "move" of my ENTIRE inbox to the virus-container, where it NEVER ARRIVED. So now about 3000 Mails are simply GONE except the title, whos saved in another file. Another number of mails is unreadable garbage. In total I LOST 4042 mails over that, and my most recent backup is gone as well because I shifted it to this PC for a short period of time.

Using Win8.1.

I used Avast! for over 10 years and seen some mistakes and ridiculous false positives over the years, I still stayed with you. But this is outrageous! Your software simply destroyed my EMails with an action that should have been reversable! Even using Recuva doesnt help because Avast! completely DESTROYED all data.
So my question is pretty simple. Is there a way to get whats in the virus container? I want my data back that your retarded garbage software destroyed. I cant say it any other way because Im really pissed right now!  >:(

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Avast destroyed over 4k Mails
« Reply #1 on: April 14, 2018, 01:44:04 PM »
If you sett your mail client to leave mail on server, then you always have a backup at your mail provider that you can access using webmail




Offline Mike23

  • Jr. Member
  • **
  • Posts: 55
Re: Avast destroyed over 4k Mails
« Reply #2 on: April 14, 2018, 04:18:18 PM »
@ fh...
Open AVAST & go to > Protection > Virus Chest.
Hopefully, your emails will be there & can be recovered.

Regs, Mike..

REDACTED

  • Guest
Re: Avast destroyed over 4k Mails
« Reply #3 on: April 14, 2018, 04:51:16 PM »
Well setting TB to leave server-mails wont help me now. I contacted my mail provider and they restored all they had. Not much, but at least something.

@Mike23: the Virus Chest contains 3 false positive .exe files, but not my Inbox. Despite the report saying that the Inbox was moved to the chest.

Is there a way to dump all content of the Virus Chest into a folder or something? Maybe the transfer didnt finish but the bulk is still there.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Avast destroyed over 4k Mails
« Reply #4 on: April 14, 2018, 05:41:46 PM »
Dumping the virus chest even if it were possible wouldn't help, the contents of the virus chest are encrypted (and renamed), unless it is avast restoring the files then they would remain encrypted.

Email folders aren't like normal explorer folders. I believe they are more like database files that contain the emails in that email folder.  See attached example of my Thunderbird folders when viewed in windows explorer.  Notice the 'Inbox' file (it doesn't actually show a file type), that is I believe the database file where the individual emails are contained. 

You don't actually see individual emails, but on a scan avast can see within that file and report anything it detects.  It may well try to send the email to the virus chest according to your settings or choice. If it can't extract the file from the inbox file to send to the virus chest then it would try the second or third option in your mail shield settings.

The likelihood is that one or other of those options would try to send it to the chest and if that fails the next option may be deletion of the archive file containing the detected email. and now your inbox file would go.  But it looks like that failed as you don't see it or any email in the virus chest.  Even if it were in the virus chest and elected to restore it, that too I believe would fail as it doesn't really know how to fit it back into the database file.

Personally on-demand scans are of little benefit and there are quirks involved also as outline above.
- With a resident (on-access) scanner the need for on-demand scans is much depreciated. For the most part dormant/inert files are being scanned, the other active files are going to be scanned by the resident shields when they are activated.

See my Mail Shield settings - I don't believe they are defaults - I don't allow Avast to take any autonomous action, so my first Option is to Ask and the second is that fails (almost impossible) is to take No Action.

Notice the bit about Archives and said Inbox is in effect an Archive multiple things stored within one file, so if you have the option to remove the whole containing archive if it fails, you have just lost your inbox.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

REDACTED

  • Guest
Re: Avast destroyed over 4k Mails
« Reply #5 on: April 14, 2018, 06:23:32 PM »
@DavidR: thanks for the answer. As far as I seen it you can open the Input and other Mail-Database-Files with a simple text editor, as the information is stored in plain text. I was able to restore some data from an old backup, but the newest (which I overwrite every now and then) has been destroyed by Avast! as well  >:(

I do on-demand very rarely, escpecially to that extend like today. It was a file scan, so the Mail Shield wasnt really involved. I wanted to change the action Avast! should make, but even clicking repeatedly on "Automatically" didnt allow me to change the selection or show a list of options for that matter. Beats me why Avast! cant show that, shouldnt happen.  >:(
Mail/Filesystem-Shield Auto apparently means Repair->Chest->Delete. Since it shows in the report "Moved to Chest. Successfull" I guess Avast failed 3 Times!!!!!! with a simple action.  >:(

Also besides the file being several hundred MB Avast should not just completely delete it like it did. That is just retarded. Either it should cut out the detected part (like 1 message) or move the entire file to the Virus Chest.  >:(

I have been scanning with different recovery tools but so far didnt find intact data to recover. Im searching all my drives if there is a more recent backup, but I dont think I have much luck.  >:(

Offline stibi

  • Sr. Member
  • ****
  • Posts: 383
Re: Avast destroyed over 4k Mails
« Reply #6 on: April 14, 2018, 06:29:19 PM »
Email folders aren't like normal explorer folders. I believe they are more like database files that contain the emails in that email folder.
No, David - "Inbox" is no database but a simple text file including all messages, "*msf" files contains pointers to each start of message. Copy "Inbox" and add the extension ".txt" ...

@TO
Do you have a backup of your messages? Replace it to the proper place in your TB-profile.
You should hold you Inbox as small as possible & shift mails to other objects like family, common, hobby etc.; so a damage bewteen AV software & mail program will be restricted. Example: my inbox contains about 50 mails; not more. And just this may be to much in an error situation - I'm lazy...
« Last Edit: April 14, 2018, 06:35:09 PM by stibi »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Avast destroyed over 4k Mails
« Reply #7 on: April 14, 2018, 08:31:58 PM »
Email folders aren't like normal explorer folders. I believe they are more like database files that contain the emails in that email folder.
No, David - "Inbox" is no database but a simple text file including all messages, "*msf" files contains pointers to each start of message. Copy "Inbox" and add the extension ".txt" ...
<snip>

It is more that I believe it is being treated as an archive it won't be using the .msf file to strip it out (or for that matter to put it back if restored from the chest) and how would this stripped out email be stored in the virus chest, it isn't a file, but part of a file. 

The inbox has always been a bit of an issue (not just for Avast) if you have a system crash open files are at risk of corruption.  And if you have your email program open generally the inbox is open.

Currently my inbox is probably as large as it has ever been (image shows 12MB ish) I used to be very active in moving emails to other folders depending on content.  If I lost the inbox it wouldn't be that big a deal, not to mention I do weekly drive image backups. 

I also do a daily backup (often several times a day) for more volatile files, and this includes thunderbird, ...\Application Data\Thunderbird so I have it pretty well covered for any eventuality. I have always been a belt and braces guy with a robust backup and recovery strategy, many don't until they actually experience a problem.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

REDACTED

  • Guest
Re: Avast destroyed over 4k Mails
« Reply #8 on: April 15, 2018, 10:20:11 AM »
Okay, got hold of an older backup and was able to restore two thirds of lost data.

@DavidR: even if I had it in another folder, that one would have been destroyed. And an Antivirus shouldnt destroy data thats not virus. Regarding backups: two instances of backups were destroyed by Avast! while killing the primary file.  >:(

The whole situation is extremely shit, and while part of the lost data is still in replied messages in the outbox, received files are gone.  >:(

Basically I can live with rare false positives that are reversible, and with the memory leak a few years back, and the annoying "unprotected"-bugs last year or so (even if these things shouldnt happen). But this time I have to ask how far I can trust Avast! at all. I mean, that was not just one mistake, but a ton of them. The acclaimed Message was not detected when creating backups, receiving mails, or in previous scans. Now all of the sudden there is a phishing Mail, that Avast! has to handle (but why?! its not virus, just phish, I know its bad but it requires user input). And it failes a basic action of moving a file from A to B 3 times in a row, destroying the original files and the underlying data on the disk in the process, so that its impossible to recover. This is a shitload of failed tasks, which makes me wonder if this software is reliable around sensitive data. So, yeah, Im gonna look if there is a better, more reliable AV.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Avast destroyed over 4k Mails
« Reply #9 on: April 15, 2018, 11:29:35 AM »
I'm an Avast user just like yourself and even if I wasn't using avast but another AV, the precautions I mentioned would still be in force. 

As you can see from my settings image, I don't allow avast (or any other AV) autonomous action in regard to detections and that included other shields including the file system shield.  Most of the shield settings the 'Actions' section are very much the same, I always set the Primary action to Ask.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline stibi

  • Sr. Member
  • ****
  • Posts: 383
Re: Avast destroyed over 4k Mails
« Reply #10 on: April 15, 2018, 11:52:56 AM »
The settings of Avast or any other AV software should be:

The  AV software must been allowed to move incoming mail to quarantaine-
The  AV software must NOT been allowed to scan the Inbox file.

REDACTED

  • Guest
Re: Avast destroyed over 4k Mails
« Reply #11 on: April 15, 2018, 09:13:46 PM »
Backups dont help much if they get destroyed by the AV as well. Also I wanted to change the action Avast took on the detected files (mentioned that earlier): it showed me a white box with "Automatic" and an arrow-down next to it. So it should be some kind of list/select. But pressing it did absolutely nothing, leaving me no other choice than to do automatically. If you make the effort of creating such a window element, it should work as expected.  >:(

@stibi: I only once had avast delete an attachment from a spam mail. Currently I think you should NOT let Avast move valuable files to the quarantine, or the might be destroyed.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Avast destroyed over 4k Mails
« Reply #12 on: April 15, 2018, 11:36:53 PM »
1. There is nothing to stop you unchecking the Automatic option for on-demand scan settings, nor is there anything to stop you from changing the 'Processing of infected files' options - as in my attached image.

2. Where are you looking at this Automatic value with a down arrow that has no options ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

REDACTED

  • Guest
Re: Avast destroyed over 4k Mails
« Reply #13 on: April 16, 2018, 05:41:26 AM »
1. I changed it now. Had it on default before because I thought Avast! was capable of something and I also remembered being able to change the action.

2. The options where on the result-page of the scan, where it asks you what to do with the issues found. It showed the 3 instances of the Inbox and on the right side were the "Automatic"-buttons.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Avast destroyed over 4k Mails
« Reply #14 on: April 16, 2018, 10:55:36 AM »
1. I changed it now. Had it on default before because I thought Avast! was capable of something and I also remembered being able to change the action.

2. The options where on the result-page of the scan, where it asks you what to do with the issues found. It showed the 3 instances of the Inbox and on the right side were the "Automatic"-buttons.

2. The result page is effectively historic, it is just showing the 'result' of the detections and the Action already taken in the scan.  You can't apply any action after it has been actioned already.

If you change the scan settings and click 'Automatically apply actions during scan' (see image) it is here that it shows what Actions you want carried out automatically.  If I had that set, then my settings for all 3 tabs I would set to No Action, PLUS the options I mentioned previously.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security