Author Topic: VPS 761-0 preventing Thunderbird Hotmail access  (Read 17975 times)

0 Members and 1 Guest are viewing this topic.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
VPS 761-0 preventing Thunderbird Hotmail access
« on: July 27, 2007, 02:27:37 AM »
This should be interesting to explain. 

I have been retrieving my email all day on Thunderbird.  I use the Thunderbird Webmail extension to allow me to download email from Hotmail to my Thunderbird mail client.  The Webmail extension acts as an http to POP converter.  It accesses my Webmail via http and converts the http screens to a POP stream. 

I have made no changes to my Thunderbird environment.

I just downloaded VPS 761-0 dated 27/7/2007 (must be just released since you are only just into that date in Prague).

Now when attempting to retrieve my mail on my Hotmail accounts when one of the internal http screens of Hotmail (curmbox = current mail box) is accessed avast is preventing it due to a Malware report and aborting the connection. 

I cannot send you the page, because I do not have it - it is internal to the status my mail account.  Please note this is a page giving the status of my mail account it contains no email content whatsoever but is needed by the function in preparation for accessing the mail store of Hotmail.

This, if it is generalized, will prevent access by all Thunderbird users to all free Hotmail accounts.   

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: VPS 761-0 preventing Thunderbird Hotmail access
« Reply #1 on: July 27, 2007, 02:37:24 AM »
I just reverted my system to one minute before the VPS update and prevented the update, so I am now back on VPS 760-3.  There are no alarms from avast when my Hotmail is downloaded by Thunderbird.


Later edit:

I have done some further testing with the folks I support and on my own accounts.  The problem is a little more restricted than I first reported. 

The problem is occurring when Thunderbird attempts to retrieve mail for free Hotmail accounts that have not been converted to the Hotmail Live environment.  It is irrelevant whether there is any mail in the Inbox of the account or not - avast aborts the connection.   
« Last Edit: July 27, 2007, 03:30:29 AM by alanrf »

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83545
  • No support PMs thanks
Re: VPS 761-0 preventing Thunderbird Hotmail access
« Reply #2 on: July 27, 2007, 03:15:38 AM »
Hi Alan, another topic same problem, http://forum.avast.com/index.php?topic=29573.0.

I've just send an email to virus (at) avast.com referring to the problem and the two topics on the forums.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: VPS 761-0 preventing Thunderbird Hotmail access
« Reply #3 on: July 27, 2007, 03:25:39 AM »
Thanks for your help David.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: VPS 761-0 preventing Thunderbird Hotmail access
« Reply #4 on: July 27, 2007, 03:47:27 AM »
As a temporary work around:

In the Webshield:

Click Customize > Exceptions tab > next to the box "URLs to exclude" click Add > modify the highlighted box to:

http://by*

Click OK > OK

Remember to go back and remove this exception when the problem is reported as fixed here.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83545
  • No support PMs thanks
Re: VPS 761-0 preventing Thunderbird Hotmail access
« Reply #5 on: July 27, 2007, 03:53:40 AM »
Thanks for your help David.

Yes it is a bit weird reporting a possible false positive without submitting a file. I did it two days ago for a similar problem with paypal where it was getting an iFrame Exploit alert and that one was resolved very quickly and I got an email reply which was a surprise ;D

Fingers crossed this will be resolved quickly as I would think it could effect a lot of people.

Edit: You may want to modify your wildcard use so as not to have too large a security hole, e.g.
Code: [Select]
http://by*.hotmail.*
« Last Edit: July 27, 2007, 03:57:49 AM by DavidR »
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline havard

  • Newbie
  • *
  • Posts: 3
Re: VPS 761-0 preventing Thunderbird Hotmail access
« Reply #6 on: July 27, 2007, 03:55:40 AM »
I had the same Alert from Avast when connecting to Hotmail while I was using the IE accessing my hotmail. The Alert was triggered on when I was at the interface of email list, and when none of the email was opened yet

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: VPS 761-0 preventing Thunderbird Hotmail access
« Reply #7 on: July 27, 2007, 04:01:36 AM »
David,

I deliberately made the exclusion as simple as possible on basis that it would be easier for most folks to type that without errors and that the avast folks need to fix this very quickly or look pretty silly.  In fact if it is affecting IE users as reported above then I think this one is important enough for them to pull 761-0 and put 760-3 back as 761-1 if necessary.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83545
  • No support PMs thanks
Re: VPS 761-0 preventing Thunderbird Hotmail access
« Reply #8 on: July 27, 2007, 04:12:12 AM »
I think it would effect all browsers as the detection isn't browser specific but at hotmail.

I appreciate you are trying to keep things simple for users, copy and paste is easy.

They could just examine the VBS:Malware [Script] and just revert that to the previous pre 761-1 value whilst investigating why rather than revert the whole 761-1 145KB update.

First though they have to find what emails that have been sent relating to this before they can take any action.
Night Alan my bed is calling after 3a.m. here.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: VPS 761-0 preventing Thunderbird Hotmail access
« Reply #9 on: July 27, 2007, 07:10:19 AM »
Unfortunately, it has been observed, the workaround I posted earlier is insufficient for IE users (and perhaps for other browser users too).

The workaround I posted earlier is sufficient for users of Thunderbird downloading Hotmail to the Thunderbird mail client.

The workaround posted earlier is needed by IE users but they also need another exception in the Standard Shield to avoid scanning the Temporary Internet folder for IE.  I am reluctant to try to post how to do that since the folder name is dependent on the user name of each system: the opportunities for error are significant and it increases the risk of exposure to real problems.

Reluctantly, I would suggest that any user really needing to get to their Hotmail (before the avast team come up with a new VPS file) should pause the Webshield and the Standard Shield before accessing their Hotmail.

Please, please remember to continue the Webshield and the Standard Shield when you have finished accessing your Hotmail.

Offline kubecj

  • Avast team
  • Advanced Poster
  • *
  • Posts: 1123
    • ALWIL Software
Re: VPS 761-0 preventing Thunderbird Hotmail access
« Reply #10 on: July 27, 2007, 10:53:37 AM »
I just want to explain the situation - this is caused by the new script/text scanning engine which is quite new and is prone to some bugs.

We'd like to clean up the FP mess as soon as possible, so I anybody has any Hotmail sample, please send it to virus@avast.com and please cc me (kubecj at you know what.com).
Jindrich Kubec

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: VPS 761-0 preventing Thunderbird Hotmail access
« Reply #11 on: July 27, 2007, 10:59:55 AM »
kubecj,

I am more than happy to work with you to get the sample - but its not clear how to trap the Webshield sample when it just aborts the connection.

If we turn off the Webshield then there is no certainty the final page is the one avast is complaining about.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3867
  • Just an avast user
Re: VPS 761-0 preventing Thunderbird Hotmail access
« Reply #12 on: July 27, 2007, 11:36:48 AM »
Confirming that VPS 761-1 has corrected the Hotmail retrieval problem in IE, Firefox and with the Thunderbird mail client

Offline news

  • Full Member
  • ***
  • Posts: 173
Re: VPS 761-0 preventing Thunderbird Hotmail access
« Reply #13 on: July 27, 2007, 12:45:09 PM »
Thanks for the update alanrf.
 
Many thanks to kubecj and the avast! team for the quick response.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 83545
  • No support PMs thanks
Re: VPS 761-0 preventing Thunderbird Hotmail access
« Reply #14 on: July 27, 2007, 03:39:22 PM »
Just got this email back from Alwil when I awoke from my slumbers:

Quote
please update avast's VPS database, this false positive detection has
been fixed.

Two emails in a week I'm honoured ;D ;D
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 20.6.2420 (build 20.6.5495.561) UI-1.0.544/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro