excluding email addresses

[rburn99]

Every time my wife gets email from a certain person avast pops up a dialog box warning her about a suspicious email. How can I tell avast to ignore emails from specific people.

[ardvark]

Hi rburn99...

If the e-mails in question are indeed infected, I would definately NOT want Avast to exclude them from scanning! 

I don't think there is a way of doing that anyway. I'm pretty sure it's an all or nothing kind of setup, although I may be wrong.

Best Regards...

[Lisandro]

How can I tell avast to ignore emails from specific people.

Shortly, you can't do that.
Although, you could configure the two tabs of Heuristic settings into Internet Mail provider (or Outlook plugin). Then you can meet your needs. The help file describe very well each item of the mail heuristics of avast. If you have doubts, come back to ask for further help.
Welcome 

[rburn99]

Hi rburn99...

If the e-mails in question are indeed infected, I would definately NOT want Avast to exclude them from scanning! 
I don't think there is a way of doing that anyway. I'm pretty sure it's an all or nothing kind of setup, although I may be wrong.

Best Regards...

Of course I wouldn't want  to exclude infected emails. That's the whole point of the program so I didn't think it necessary to actually say that there is nothing wrong with the emails. Sorry for the confusion.

Shortly, you can't do that.
Although, you could configure the two tabs of Heuristic settings into Internet Mail provider (or Outlook plugin). Then you can meet your needs. The help file describe very well each item of the mail heuristics of avast. If you have doubts, come back to ask for further help.
Welcome 

I will look into it when I get home tonight. But if there is no 'white list or black list' then what I would be looking for would be how to globally reduce the depth or effectiveness of checking/scanning overall?

[DavidR]

Every time my wife gets email from a certain person avast pops up a dialog box warning her about a suspicious email. How can I tell avast to ignore emails from specific people.

What is it that is suspicious about the email, that should also be stated (Subject, iFrame, white space, etc.) ?

You are able in the case of the iFrame warning to have permitted URLs, but first you have to know the source of the remote data and you probably won't know that without looking at the emails source code. However, that only applies to a domain name, like remotelocation.com, etc. it can't be an email address and only for the iFrame heuristic warning (which you need to confirm).

[Lisandro]

I will look into it when I get home tonight. But if there is no 'white list or black list' then what I would be looking for would be how to globally reduce the depth or effectiveness of checking/scanning overall?

Not the effectiveness or the depth... but what is CONSIDERED suspicious.
This is what is taken in account with the Heuristic settings.
Your settings are telling the emails are SUSPICIOUS and not infected (for sure).
For instance: if they don't have a subject, or a subject has too many blank spaces, etc.

[rburn99]

What is it that is suspicious about the email, that should also be stated (Subject, iFrame, white space, etc.) ?

You are able in the case of the iFrame warning to have permitted URLs, but first you have to know the source of the remote data and you probably won't know that without looking at the emails source code. However, that only applies to a domain name, like remotelocation.com, etc. it can't be an email address and only for the iFrame heuristic warning (which you need to confirm).

I told my wife to give me the exact message text the next time it occurred so I didn't do anything last night with it as I was waiting for it to happen again. She just sent me this info. It's always from this site and it's never dangerous. The only buttons that are enabled are Delete and Continue.


    AVAST! VIRUS WARNING
 
SUSPICIOUS MESSAGE!
 
<iframe> tag found: it may be dangerous
 
Sender: FlyLadyMentors@yahoogroups.com
Recipient: FlyLadyMentors@yahoogroups.com
Subject: FlyLady: New Habit for July:Swish+Swipe, 7/7/2006, 7:30am
 
                                                            Permitted Url
Delete        Continue        Block It
   
 

[DavidR]

Yahoo does seem to be a regular user of the iFrame tag, I suppose to import data or adverts after the email is opened, this saves the email from being overly large at first sight. However, there is still an element of risk from any email using the iFrame tag.

You could add the yahoogroups.com url to the permitted URL I mentioned previously (see image), however the content of the iFrame may not be coming from yahoogroups.com, so you might have to check the properties of the email, message source and look for the <iFrame> tag and see if there is a URL in there for the content.

[rburn99]

Well I added yahoogroups.com to the list of permitted urls and she still gets the same warning. I looked at the .eml code and there is only 1 iframe tag in it and there is no url specified in that tag. I see plenty of other urls scattered around in the code.. yahoo.com and us.i1.yimg.com for example.

Here's the only iframe tag:

<IFRAME WIDTH="0" HEIGHT="0" FRAMEBORDER=0 onload ="LREC_Th_updateText();" >  </IFRAME>

[DavidR]

That is what I thought, it is going to be hard to identify the remote location.

The onload is an action to take (I assume on loading the email) and there should be a function or value in the email code for LREC_Th_updateText() try to find that and see if there is a URL in that.