How do stop "[avast! - SUSPICIOUS]" message?

[luckyvic]

 I get this from my wife's yahoo email account.

 Thanks in advence.

[DavidR]

What is the full text of the alert, e.g. what does avast find suspicious ?

[luckyvic]

Subject: - [avast! - SUSPICIOUS]   Yahoo! Tech - "Forgot your password" links the easy way in for hackers : Christopher Null : Yahoo! Tech


My wife's name (my wife @yahoo.com) has sent you a news article
We need to rethink our own password test questions since I put our genealogical information on Ancestry


"Forgot your password" links the easy way in for hackers : Christopher Null : Yahoo! Tech
http://tech.yahoo.com/blogs/null/104079

She also sent me a fowarded message, not chain letter but work related and that was also flagged with same warning.

[DavidR]

Unfortunately, that doesn't say what avast thought suspicious.

Check the avast! Log Viewer (right click the avast 'a' icon), Warning section, this contains information on all avast detections.

Or the C:\Program Files\Alwil Software\Avast4\DATA\log\Warning.log using notepad.

[luckyvic]

No warning about email.

[DavidR]

That might possibly be because it was Suspicious rather than Infected, but I would have thought both would be recorded, you could check in other sections, Notice perhaps.

The reason it is important to find out why avast thought it suspicious is this is a heuristic detection and there are many reasons why avast using the heuristic checks might find it suspicious and we can't offer any suggestion without that information.

[Lisandro]

luckyvic, maybe you can open the Internet Mail provider of avast, click Customize, go to the two Heuristic tab of settings and try to remember which option could give you the warning of a suspicious message...

* Basic attachments check according to name
* Check whitespaces sequence
* HTML part check - local iframe
* HTML part check - remote iframe

If it was an outbound message...
* Outbound messages - Time period check or check according to subject or attachments
* Outbound messages - Mass messages count

I bet the problem was the suspicious *.exe attached file.

[luckyvic]

OK, I got figured out. I had the first Heuristic tab checked "Mark it subject field", now I checked "Let it be delivered" option.

I bet the problem was the suspicious *.exe attached file.

No exe. attached file, just the web link and the email attachment was a Microsft Word file.

Anyway, DavidR thank you very for all your help, I really appreciate it. My wife again forwarded both message and no more suspicious warning. I'm glad that Avast is protecting me, better safe than sorry!

[DavidR]

You're welcome.

Your lack of a log entry may be because you have the Silent Mode option enabled (so I assume you didn't get the normal avast alert), as that is the only way you can select the option 'Mark it in subject field.' This at least give you a clue to exercise care, but again it doesn't say what avast found suspicious.

By checking the 'Let it be delivered' effectively by passes the avast heuristic checks as even if it detects something as suspicious it will get in and you will be none the wiser. So it negates your comment "I'm glad that Avast is protecting me, better safe than sorry!" as with Let it be delivered is the opposite of what you say as the Heuristics isn't able to at least warn you to be careful.

Personally I'm against using Silent Mode as I want to know what goes on on my system and I want to make any decisions relating to it. When you get the avast alert it gives valuable information ('especially what I have been banging on about, why it is suspicious') and we can try to give detailed advice on how to resolve/avoid the problem.

[luckyvic]

OK, I've unchecked the silent mode. You're I should have the option to know what's going on.

[DavidR]

Hopefully if your wife forwards that email you will get the alert and find what is suspicious, my bet is on iframe if it was from say a yahoo groups which use iframe tags to deliver adverts, etc.