Author Topic: More on 'Potential Infections'  (Read 21011 times)

0 Members and 1 Guest are viewing this topic.

Offline brdman3

  • Newbie
  • *
  • Posts: 7
Re: More on 'Potential Infections'
« Reply #15 on: May 05, 2007, 12:31:58 AM »
While working with a BellSouth technician about this problem he requested that I send MYSELF a test message with an attachment from Outlook Express. I tried it and it worked. He also suggested that until this problem is solved, it might be a good idea to use the option to leave the messages on the server.  It COULD actually be that YAHOO is the culprit in corrupting the files that are being flagged as a virus.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: More on 'Potential Infections'
« Reply #16 on: May 05, 2007, 12:37:07 AM »
There is yet to be an instance of a message being sent from a BellSouth account to another BellSouth account having an error.  I have already explained why they are unlikely to. 

The errors are being seen from other sources than Yahoo too.

Offline sandraj

  • Newbie
  • *
  • Posts: 18
Re: More on 'Potential Infections'
« Reply #17 on: May 05, 2007, 01:30:08 AM »
When you send a email to someone other than a bellsouth user, from a yahoo site, even with an attachment, it goes through fine. I sent one from yahoo to a wildblue.net address with an attachment and this person has Avast. it went through fine. Seems to me if it was yahoo problem, it would be with someone other, and more than just Bellsouth.
I still think it's Bellsouth...

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: More on 'Potential Infections'
« Reply #18 on: May 05, 2007, 01:47:13 AM »
Yes, that confirms the testing I already reported earlier today.

Offline Barbara T.

  • Newbie
  • *
  • Posts: 14
Re: More on 'Potential Infections'
« Reply #19 on: May 05, 2007, 01:49:46 AM »
I have told my system to "leave messages on the server". I look in OE and the attachments are not there. I go to Bellsouth server and you can view the attachments. It's got to be in the way Bellsouth transfers to Outlook express. Funny I forwarded a email from a yahoo user with an attachment to myself. I went to OE and there it was with complete attachment. It is just something with the Yahoo and a few other 's like Prodigy.



I just received 5 forwards.  However, this one different from the rest was not a forward yet still when I brought it in there is NO message content.  Again a YAHOO sender yet NOT a forward...just to me alone.  I'm believing more and more that the problem has dwindled down to a Yahoo/BellSouth problem.  I vaguely remember having one before.  Comodo catching them as spam is all that has happened to me for 2 days...none of the flashing, talking message with Avast on its face.

From Source of the one message that was directly to me...not a forward.
 
+OK
From: avast! 4
Subject: [avast! heuristic - WARNING]   

Multiple Content-Type header - HIGH DANGER!


Sender:  Perry Easterling <@yahoo.com>
Recipient:  barbara burke <xxxxxx@bellsouth.net>
Subject:  web

  • MORE Data for testers:
Tonight recieved 5 forwards from AOL; 2 Earthlink, and 1 MSN; all were OK.  Comodo did not label them as spam and catch them.

Yahoo senders' mail is all still caught in Comodo as spam as is SBCglobal.

Barbara T.

Offline Barbara T.

  • Newbie
  • *
  • Posts: 14
Re: More on 'Potential Infections'
« Reply #20 on: May 05, 2007, 01:53:19 AM »
There is yet to be an instance of a message being sent from a BellSouth account to another BellSouth account having an error.  I have already explained why they are unlikely to. 

The errors are being seen from other sources than Yahoo too.

One other is SBCglobal to me.  I'm watching closely to find others but not so far. 

Not confirmed but suspicious for me is that the sender's ISP seems more a factor in the suspicious message than the content of the message.

Barbara T.

Offline sandraj

  • Newbie
  • *
  • Posts: 18
Re: More on 'Potential Infections'
« Reply #21 on: May 05, 2007, 04:40:44 AM »
is everyone that's having this problem on Bellsouth DSL or is it with dial up customers also?

Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
Re: More on 'Potential Infections'
« Reply #22 on: May 05, 2007, 03:19:25 PM »
is everyone that's having this problem on Bellsouth DSL or is it with dial up customers also?


Since Vlk says it's a format issue with BellSouth leaving out an all-important blank line, I would suspect dial-up users of BellSouth to also be affected.

So far I've seen that emails coming from Yahoo, Prodigy and SBCglobal having this problem. I noticed that emails coming from Hotmail accts don't have this problem.

So far I haven't recv'd a response from BellSouth on the email I sent where Vlk explained the symptoms which are causing the problem.
Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,

Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
Re: More on 'Potential Infections'
« Reply #23 on: May 05, 2007, 04:27:36 PM »
An interesting tidbit that I got from my friend.  It seems like Yahoo, Prodigy, and SBC are/were connected in some way.  Hmmm?

Quote
A note about my Prodigy service.  Prodigy was the original service IBM developed with Sears.  Over the years Prodigy was picked up by SBC -- which as you know is Bell South.  Those older customers, like me, were allowed to keep the Prodigy tag.  We are also part of the same company that offers Yahoo access.  I don't know if that makes any difference but I thought I would just pass that on to you.
Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: More on 'Potential Infections'
« Reply #24 on: May 05, 2007, 09:54:35 PM »
Rick, I noticed that the email you forwarded to me (the one from Prodigy) actually went via Yahoo (see this line in the message headers: "Received: from web80202.mail.mud.yahoo.com ([68.142.201.107])").

Also, the email was clearly processed by the Yahoo's "DomainKeys") antispam system (that's the DomainKey-Signature header line) - see http://en.wikipedia.org/wiki/DomainKeys for more details.

Cheers
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
Re: More on 'Potential Infections'
« Reply #25 on: May 06, 2007, 06:36:54 PM »
Thanks Vlk,

That's interesting.

BTW, BellSouth admits that they are having a problem with some email servers.  See this post in the other thread:

http://forum.avast.com/index.php?topic=28144.msg230419#msg230419

I went to my Yahoo email acct and sent a short test message to my BellSouth acct. The test message comes thru now without avast alarming.

BUT - if I add any sort of attachment (pdf or doc), avast sounds the alarm. So BellSouth still has some issues... but maybe they're making some improvements.
« Last Edit: May 06, 2007, 06:40:03 PM by Rick F »
Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,

Offline sandraj

  • Newbie
  • *
  • Posts: 18
Re: More on 'Potential Infections'
« Reply #26 on: May 08, 2007, 06:05:44 PM »
I have noticed that today an email from NetZero service was also stripped of the attachment in outlook express.
I recieved an email from this person a few days ago with an attachment and now I can't...

Offline Rick F

  • Poster
  • *
  • Posts: 419
  • _______
Re: More on 'Potential Infections'
« Reply #27 on: May 08, 2007, 06:55:18 PM »
BS (BellSouth... don't read anything more into that abreviation,  ::) ) is still having troubles.  I send myself an email thru my Yahoo acct periodically to check on it. Any email (through yahoo acct) with an attachment sounds the alarm and the attachment is garbled.

I'll pass it on to them about Netzero... but I suspect they already know this.
Dell Dimension; Intel-core2 duo; WinXP Media Ctr; 2.8ghz - NTFS; 1-Gig Ram; NVIDIA GeForce 7300LE; Firefox 19.0.2; OE-6; ZA-7.0.302; avast 6.0.1367; / DropMyRights / MalwareBytes-Free / Symantec LiveState Recovery Desktop 6.0 / (using WOT), MVPS HOSTS file, SpywareBlaster, WinPatrol PLUS,

Offline brdman3

  • Newbie
  • *
  • Posts: 7
Re: More on 'Potential Infections'
« Reply #28 on: May 16, 2007, 07:46:27 PM »
Well, it's been 8 days since Rick posted the last message about this problem and it's STILL happening. I just got through sending BellSouth a long, detailed email about the problem so hopefully others are doing the same. It's aggravating to have to stop and go to the web based email to be able to get your emails that have attachments, but that's the ONLY way I've been able to have any success in getting the pictures others are trying to send me. Also, leaving the messages on the server (as opposed to downloading them with OE as I usually do) results in having TWO copies of the same email show up in OE when you access your email this way.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 84113
  • No support PMs thanks
Re: More on 'Potential Infections'
« Reply #29 on: May 16, 2007, 08:55:13 PM »
A workable solution better than the webmail option, I use mailwasher pro, there is a free version that will be OK for one email account, you can pre-vet your emails (not just for spam, but if you feel they are suspicious, have attachments, etc.) and those you don't want flag for deletion.

When you click process mail, the ones you (and it) flagged for deletion are deleted from the email server, it calls OE (or whatever email you use) and you download the remainder that you have vetted.
Windows 10 Home 2004 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.9.2437 (build 20.9.5758.0) UI-1.0.579/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security