Author Topic: Program's Internal State Corrupted???  (Read 16349 times)

0 Members and 1 Guest are viewing this topic.

LeLe

  • Guest
Re:Program's Internal State Corrupted???
« Reply #15 on: April 22, 2004, 05:55:22 AM »
Seand,
In the startup tray where the Avast icon is located, I double-clicked the icon and it brought up the "Avast, On-Access Scanner' window. On the left hand side of the window is a list titled: "Installed Providers." I highlighted the Outlook/Exchange (version 4.1-357) and then went to the Provider Configuration and clicked the "Custom" button. It brings up the "Resident Task Settings." The first tab is "Scanner." I then had the option of checking "Scan Inbound Messages" and/or "Scan Outbound Messages" and/or "Scan Archived Messages on Open"(This is the one I left 'unchecked'). Further down on that same window (Scanner Tab) I had the option of also checking "Scan Message Bodies,' which I checked for added precaution. It seems that having Avast NOT scan my 'archived messages' gave it 'less'  work load.
So far, it has not given me any more problems. (Crossing what fingers I have left to cross...lol).
This may have been my 'only' problem. But, from what I can read, it happened to many of us at approximately the same time frame and with different 'causes.' It sounds entirely too 'conincidental.' Again, methinks there is something 'afoot' that we haven't detected, yet.
I will be keeping tuned in, periodically, to see what others discover as this 'mystery' unravels.
My heartfelt thanks to everyone that responded and gave suggestions and methods on how to solve this problem.
*Hugs to all*

LeLe

LeLe

  • Guest
Re:Program's Internal State Corrupted???
« Reply #16 on: April 22, 2004, 06:07:29 AM »
Charley O,
I am using Win98SE (my favorite OS). As far as I can tell, I, too, have all the latest Win Updates/patches.
I have to admit, I panicked when I thought that I would not be able to use Avast with my email program (Outlook Express). However, it seems (at least for now) that the problem was resolved by lessening the work load on Avast by unchecking the 'scan archived messages' option. I have tons of archived email messages, and I am sure that 'overwhelmed' Avast. So, for the time being, I will keep that option disabled (scanning archived messages), since in a manner, that would be scanning messages twice.
Thanks for your input... :)

LeLe

seand

  • Guest
Re:Program's Internal State Corrupted???
« Reply #17 on: April 22, 2004, 07:34:41 AM »
Lele,

Thanks for the info on the "scan archives" option.   I am not using the Outlook/Exchange service because my main cleint is Thunderbird which I set up manually in the Internet Mail service area.   The option to scan archives is not available there.  You raise an interesting point though regarding the additional scanning of the archive as perhaps contributing to the problem.  In my case it was not doing that but one of my accounts does get a lot of spam and I have had over 2 thousand emails scanned on any single day during the prior two weeks before encountering the overrun.

I am anxious to try and get to the bottom of this because of my need to deploy avast on other workstations (On my own PC alone the number of email borne files cleaned and moved to the chest is pretty terrifying, over 838 during the first two weeks before I uninstalled/reinstalled avast last Friday, and 48 since then!).  I never realised the ferocity of these viruses and worms and prior to imstalling avast I had no statistics on just how many were coming via email.  

Having read about your setup, I plan on setting up Outlook Express as a second client on my PC and have both clients download the mail but not delete it from the server so that if I do mange to repeat the overrun I will have a copy of all emails still on the pop server that i can send to avast support for analysis.

Thank you for having opened this thread, it gave me some relief to know that what I was experiencing was not unique (I guess misery loves company) and I am hopefull that at some point soon the problem will be fixed.

Sean D

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Program's Internal State Corrupted???
« Reply #18 on: April 22, 2004, 08:32:26 AM »
I see a couple of misconceptions that should be clarified:

1. The Outlook/Exchange provider does NOT handle Outlook Express. OE is a totally different program from Outlook, with totally different messaging model and plug-in model. In avast, OE is treated just like any other POP3/IMAP4/SMTP-based e-mail client (Eudora, Pegasus, IncrediMail, Mozilla etc.) and is covered by the 'Internet Mail' module. Hence changing any of the properties of the Outlook/Exchange shield in avast has absolutely no effect unless your using (full-blown) Outlook.

2. The "Scan Archived Messages" option in the Outlook/Exchange provider means whether or not scan messages that are not in transport (inbound, outbound) but rather are already stored in the Outlook folders (Inbox, Sent Items, Drafts etc). I agree, it'd be more appropriate if this option would be called 'Scan Stored Items' but that doesn't change the fact that the option does what I just said. SO, it doesn't have anything in common with archive scanning, i.e. scanning of "packed" files (ZIP, ARJ, RAR etc.). To set the options for archive scanning, you'd need avast! Professional Edition. There you could finely customize which archives avast should scan in which provider.

3. While thinking that archive scanning could have some connection with the problems you're experiencing is not a bad idea, I don't think it's correct. The reason is the following: the scanning itself (i.e. also the decompression in case of packed objects) is performed inside the avast main service process ashServ.exe, NOT in ashMaiSv.exe (the mail scanner). This is how it works. However, what you're seeing is a runtime error inside ashMaiSv.exe so it's quite likely that the core of the problem is elsewhere. My personal tip is the heuristics and/or PUSH module, because it's probably the part of ashMaiSv.exe that actually tries to dissect the message (i.e. is sensitivite to input data).

Hope this helps,
Vlk
If at first you don't succeed, then skydiving's not for you.

seand

  • Guest
Re:Program's Internal State Corrupted???
« Reply #19 on: April 22, 2004, 09:42:41 AM »
Vlk,

Thanks, that was helpfull.

I decided to upgrade avast! tonight to the new build just released since I figured there was not much point to trying to debug an older build.  On reboot I discovered that the new build detected Norton Antivirus installed on my PC even though I had uninstalled it (the older build did not complain and did load the resident scanner, but the new build seems to have found some remnant still around and refused to load the resident scanner)

In an effort to try and get rid of everything Norton and Symantec  on my PC  (XP) I used add/remove and unistalled Live Update and PCAnywhere (the only related items that were still in the add/remove applet)  After a reboot, avastt resident shield did run and the Internet Mail service functioned, my mail client downloaded mail and it was scanned by avast etc.  But... somehow these uninstalls messed up my Internet Explorer and it gets  a fatal error when trying to run it.  Likewise my System Restore  function also seems to be broken.  I am accessing my PC remotely from home so will have to wait until I get to work in the AM to try booting to safe mode and trying to undo everything I did tonight and starting fromm scratch again.  I don't think any of this is related to avast and as soon as I get it all cleared up I will start testing the new build again to see if the overrun returns.

Additional iinfo:  Yes I had set the Internet Mail scanner to use Heuristics and also insert clean messages, as well as use the "push" feature.  I dont plan on making any changes to this so that going forward I am theoretically trying to find/repeat the problem I encountered before with the same config but a new avast build .  If it does not occur again perhaps the new build will have helped (or maybe it was whatever was still hanging around from my Norton uninstall that the new build found tonight).

Like LeLe says, keeping my fingers crossed!  (seems like nothing is easy with MS)

Thanks,

Sean D

LeLe

  • Guest
Re:Program's Internal State Corrupted???
« Reply #20 on: April 22, 2004, 05:51:30 PM »
Vlk & Seand,
Vlk, I agree with Seand - and thanks for the clarifications. It's always good to clear away any misconceptions (of which, I have many!) :-\

In reading the recent posts, I am now back at the 'drawing' board (in my mind, that is) of what to do about the buffer problem that is potentially hiding somewhere ready to pounce on my poor email program  :o
Alas, it appears my 'ritual' (tinkering with my settings) was more placebo than cure!  :-\
While I am enjoying the absence of the 'Program's Internal State Corrupted' windows for the time being - I will definitely keep checking in to keep abreast of this matter.

My thanks to everyone  :)

LeLe

PS: Regardless of the recent problems, I think Avast is the best and each response has been a wealth of information to me! :D

seand

  • Guest
Re:Program's Internal State Corrupted???
« Reply #21 on: April 22, 2004, 08:47:18 PM »
Whewh! don't ask what it took to get my XP back in good health but its done and the new build of avast is running and filtering mail.  Just a reminder of my configuration:

OS: Windows XP Pro
avast! version 4.1 Professional
Build Apr2004 [4.1.389]
Xtreme Toolkit version 1.9.4.0
ActiveSkin version 4.2.7.3
Internet mail provider enabled (Sensitivity set to High)
                                                 (Silent mode, general answer No)
Insert note into clean message checked
Heuristic set to silent and mark it in subject field
Push iAVS enabled
Standard Shield provider enabled (Sensitivity set to normal)
All other providers disabled.

Mail Client: Thunderbird and Outlook Express (both downloading  all new mail but not deleting from pop server)

Testing will continue for the next few days to see if the overrun problem will reoccur and if it does I should have a copy of the message left on the pop3 server.

LeLe you have been very helpful also and I would like to compliment you on the gracious way you have participated in this discussion. Yeah Texas!  

Thanks everyone for your help and comments, hope this thread gets to end pretty soon, I cant wait to start deploying avast! to a few other workstations.

Sean D


« Last Edit: April 22, 2004, 08:53:44 PM by seand »

LeLe

  • Guest
Re:Program's Internal State Corrupted???
« Reply #22 on: April 22, 2004, 10:28:33 PM »
Seand,
You are most welcome. You have been most gracious, yourself!  :)
As Vlk pointed out, my tinkerings really didn't affect any vital settings on my computer. (I had to re-read his clarifications and believe it or not, I understood them.  ;D)
So, my quest continues on what could have caused my problem, will it happen again, and what can I do to prevent it. Methinks, I need guidance on what my Avast settings (home version) need to be set on for my OS (Win98SE) to perform at its optimum.

Suggestions are most welcome!

Have a great day.  :)

LeLe

seand

  • Guest
Re:Program's Internal State Corrupted???
« Reply #23 on: April 23, 2004, 03:26:36 PM »
Lele, I am not an expert on antivirus programs or specifically avast!  I have spent a lot of time focussing on the spam problem in the past and have learned quite a lot about mail proxies that way.  Avast acts a mail proxy for the generic mail clients (such as OE and Thunderbird)and so one setting you need to look at is the pop3 server timeout in your mail client.  Depending on your internet connection speed and the largest file you expect to get you may need to adjust that.  I typically set it to 2 or 2 and 1/2 minutes because I do get 9 megabyte files as attachments sometimes.  (On a dial up connection I would expect to have to make that timeout a lot more.)

I have not tried tweaking avast during this test period since I am trying to replicate the overrun problem and have left all my settings as I described above but they seem to be working fine.

My experience so far indicates that email antivirus detection is much more important then I thought.  While the number of viruses in emails is quite smalll compared to the amount of spam emails one receives, actually the percenatge of viruses in non-spam emails is quite high based on what I have seen in the last few weeks.  

I started getting concerned about this recently because of all the press on the new viruses making the rounds and was frankly amazed  after I installed avast at how many were actually coming into my inbox.  Prior to having avast installed I was simply deleting what appeared to be suspicious emails but never really kept count.  The number of infected email borne files in my avast "chest" is quite startling!  That is why I am evaluating avast for deployment to other workstations at my company.

Once I have completed testing for the overrun I will begin tweaking (if necessary) and wil be glad to share my experience then.  

Hopefully that will be real soon.

Test results for the last 13 hours: 3258 emails scanned and 40 infected files and no overruns encountered yet.  (In order to accelerate the test I have set up some customer support accounts to also come to my account and am getting overwhelmed with all the detected spam (Spampal) and viruses (avast)!)


Sean D

« Last Edit: April 23, 2004, 03:30:59 PM by seand »

seand

  • Guest
Re:Program's Internal State Corrupted???
« Reply #24 on: April 24, 2004, 09:55:48 AM »
Well, 7126 emails later (with 147 infected files moved to the avast "chest") I think I found an email message that causes the bufferrun!

It appears to have at least two malfomed headers and I was able to crash avast twice while attempting to download this specific message.

On first glance at the source of the message the problem did not jump out at me but by using a hex-editor I saw lots of trailing spaces in the boundary header line and also a weird line after the Status: header.

I zipped up the mail message (two copies downloaded a few minutes apart, each time crashing avast. I had to reboot between crashes to get the avast Internet Mail provider to start and crash again.)

Vlk, I am sending you an email with the files in a zip.   I hope this can help fix the problem.  Both messages are identical and display ok in Thunderbird and Outlook Express so the mail clients appear to be more forgiving of the malformed headers then the avast parser.  I imagine that the other crashes we have had leading up to this did not necessarily have the identical flaws that this one has but it should help the programmers to figure out how to deal with non RFC headers and try and deal with incorrectly formatted messages.

The message that caused the crash had no attachments and just basic html in the body.

Thanks LeLe for hanging in there and keeping this thread going.  I kind of feel bad about this thread popping to the top of the board whenever I post because I do not want folks to think the avast is fatally flawed.  I like the program so much I just felt I had to do my best to help identify the problem so that it can be fixed.

Looking forward to the programmers' analysis and hope this helps produce a "fix" for the problem. (I sure hope you can repeat the crash with the files I am sending!)

Sean D

« Last Edit: April 24, 2004, 10:59:24 AM by seand »

seand

  • Guest
Re:Program's Internal State Corrupted???
« Reply #25 on: April 26, 2004, 03:43:00 PM »
Because this thread is related to the Buffer Overrun thread I am posting pavlels' reply here also:

seand, thanks for your help! We found the problem (incorrect memory allocation for boundary string, which caused crash of ashmaisv.exe). Program update will be released during tomorrow. sorry for this bug ;-(

I am really delighted with the superb service provided by the whole avast! team.  Thanks Vlk for getting back to me on a Sunday!

Thanks again to everyone, I am really looking forward to being able to use avast! again for all my internet mail scanning.

Sean D

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Program's Internal State Corrupted???
« Reply #26 on: April 26, 2004, 03:55:08 PM »
Sean, thanks...

You can test the new version right now - if you want. Please download the updated file from http://cat.asw.cz/~vlk/ashMaiSv.exe and simply replace the existing one with this new one (obviously killing the running process first).


Please note that the avast auto-repair feature will take place soon - trying to "repair" the replaced ashMaiSv.exe to its original state and asking you for a reboot -- you can ignore this prompt (although after the reboot, the file will indeed be replaced by the original [4.1.389] version).

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

seand

  • Guest
Re:Program's Internal State Corrupted???
« Reply #27 on: April 26, 2004, 04:00:15 PM »
Vlk, wow that was fast! I am on business travel today but will be able to access my workstation in about 3 hours and will do the update then.

Thanks again and my compliments to the entire avast! team.

Sean D

seand

  • Guest
Re:Program's Internal State Corrupted???
« Reply #28 on: April 26, 2004, 08:58:47 PM »
Vlk, I downloaded and installed the new file following your instructions.  On a reboot I was prompted by avast to reboot but I cancelled and let the normal startup take place.  The Internet Mail Service is running and scanning mails (I checked the file in the avast directory and it not been replaced so I assume I am running the new file as the Internet Mail Provider.

The About message says I am running build  4.1.389 but the automatic update screen did pop up and say a new version was available.

I asume that if I reboot I should  replace the file again as above, reboot  and then  ignore the reboot prompt from avast and continue with normal startup, is that correct?

So far "scanned count" is 176 and "infected count" is 16 so it appears to be functioning well.

Sean D
« Last Edit: April 26, 2004, 09:00:39 PM by seand »