Author Topic: "Potential Infection" Messages - Too frequent!  (Read 29520 times)

0 Members and 1 Guest are viewing this topic.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: "Potential Infection" Messages - Too frequent!
« Reply #45 on: May 05, 2007, 09:58:39 PM »
I have received a message from Rick F's friend using Prodigy.net, the message was also addressed to Rick at his Bellsouth address. 

We will have to await input from Rick to know if it provoked a warning when it was received by him. 

As I have mentioned, I am a user of Comcast so this message was received by me on a different ISP, otherwise the message is identical for both of us. 

However the message sent is sufficiently similar to the message (whose contents were posted here) yesterday to confirm the conclusion reached by Vlk.

Here is the relevant part of the message we saw, as delivered by Bellsouth yesterday (with Vlk's comment in red):

Quote
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1719296184-1178287377=:62209"
Content-Transfer-Encoding: 8bit
Message-ID: <275121.62209.qm@web80202.mail.mud.yahoo.com>
X-Spam: [F=0.0001323180; S=0.010(2007050201); MH=0.500(2007050417); R=0.012(s7/n557)]
X-MAIL-FROM: <xxxxxxx@prodigy.net>
X-SOURCE-IP: [192.168.16.145]
                     Blank line missing after this line!!!!
--0-1719296184-1178287377=: 62209               
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Antivirus: avast! (VPS 000738-2, 05/04/2007), Inbound message
X-Antivirus-Status: Clean

Hi Rick,
   
  Glad to help out.  Viruses are a big problem for all of us.
   
  Bob

Here is the relevant part of the similar message as delivered today by Comcast to me:

Quote
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-872796670-1178390399=:40583"
Content-Transfer-Encoding: 8bit
Message-ID: <955345.40583.qm@web80214.mail.mud.yahoo.com>
X-Antivirus: avast! (VPS 000738-3, 05/05/2007), Inbound message
X-Antivirus-Status: Clean

--0-872796670-1178390399=:40583
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

Alan & Rick,
   
  Here is the test message you asked for.
  I hope it provides information that may be helpful to this virus alert problem.
   
  Bob


The thing to notice is the three lines colored blue (by me) in the Bellsouth delivered message above.  These lines are being added by the spam filtering component of the Bellsouth mail system.  As Vlk commented they have obliterated the blank line that must precede the message boundary line (starting --) that denotes the start of a new section of the message.  You will also note that avast can properly place the X-Antivirus headers in the message as received on Comcast because the message has not been damaged by the Comcast mail service. 
« Last Edit: May 05, 2007, 10:15:59 PM by alanrf »

Rick F

  • Guest
Re: "Potential Infection" Messages - Too frequent!
« Reply #46 on: May 06, 2007, 06:24:35 PM »
Thanks Alan,

Yes, avast sounded the alarm on Bob's test message where you got it OK. This pretty much verifies that it's a BellSouth problem and not a problem with Yahoo, SBCglobal or Prodigy.

Sorry it's been so long before I got back to the forum. We had a formal concert last night (I'm a musician), then church this morning.

I also got a response from BellSouth last night.  It says they know they have a problem.  YEA!!

Here's their message...

Quote
Dear BellSouth Internet Service Customer,

Thank you for taking the time to contact BellSouth Internet Service. We appreciate the opportunity to address your concerns because it is our goal to provide the highest quality Internet service available.

We are having issues with the email servers. The issues are currently under investigation. Unfortunately, there is no ETR (estimated time of repair) for this issue to be resolved. Again, thank you for this opportunity to address your concerns.


One encouraging thing to note... I received another message from my friend (Prodigy customer) some hours later where it came through ok -- no avast alarm.  Maybe BellSouth has fixed it or part of the problem.  We'll see.

Thanks to all who have helped out on this issue.  This is why a forum like this is so valuable.  ;D