Author Topic: Auto-deleting trojan-infected emails with avast! 4.8 Pro  (Read 5913 times)

0 Members and 1 Guest are viewing this topic.

chromecity

  • Guest
Auto-deleting trojan-infected emails with avast! 4.8 Pro
« on: September 21, 2009, 05:26:33 PM »
Hi folks,

I've seen several similar issues here, but there are some differences so I need to see if I can get a precise answer for this exact situation.

In the past couple of days, a new trojan seems to have become widespread and it's showing up every few minutes in my domain's email in-box (I average 2000+ emails daily for my domain, although 95% of those are spam messages).  When an email with the trojan is detected on my MailWasher machine, it is not performing any silent behavior and instead it is popping up this message dialog:


Even though the recommended action says "Delete", the dialog's default button is actually configured for "No Action".  That seems fairly dangerous to me.  I've almost accidentally had it selected via the Enter key before and since that would allow the trojan on my system unrestricted, I'd say it's a very poor choice for a default button.  But anyway, if I do make sure to choose "Delete", then it comes up with this confirmation message dialog:


I'm interested in finding out how to automate the responses to those two message dialogs so that the first one automatically chooses the "Delete" option and the second one automatically confirms the "Delete Files Permanently" activity.  I've seen the stuff about the silent option and whether it automatically chooses "OK", but I'm not sure "OK" would be what I'm looking for here - if it just actuates the default button, then it would not.  Is there some way to actually stipulate that silent mode should choose "Delete"?  And then also confirm the deletion??

Since this is from email rather than the result of a scan, not being able to automate this is causing any other pending email to wait to be serviced on the particular system that's popped the message dialog.  And since this happens on my MailWasher machine (as well as all my others - I have 10 licenses), it means that my other machines (several different machines all receive email from the same mail server source) end up filling up with spam which would be getting filtered out if the MailWasher machine weren't being held up by these dialogs.  And when there are nearly 2000 spam messages each day, that's a ton of undesired spam that I'm seeing until I can figure out how to automate those avast! 4.8 Pro choices.

Thanks a lot for your help!  :)

Regards,

Jeff Andrews
Chrome City Studios / FX Models

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Auto-deleting trojan-infected emails with avast! 4.8 Pro
« Reply #1 on: September 21, 2009, 05:49:12 PM »
This is possible only in Professional version (with avast4) (see picture here: http://forum.avast.com/index.php?topic=13315.msg112285#msg112285).

In Home version you can check the option "Don't show this window again" as soon as the first virus warning appears, and click on "No action" button. This way, nothing will be done and you will be presented the results at the end (and you can perform actions from there).

On version 5 things will be different.

You can use Silent Mode on version 4:

Left click the 'a' blue icon.
It will start On-access protection

Click on Internet Mail and then on Customize.
Go to Advanced tab and select Silent Mode and the default answer No. This will send the file (email) to Chest.
But take a look here: http://forum.avast.com/index.php?topic=28088.msg229736#msg229736

Do the same for the and Outlook/Exchange plugin.
The answer Yes in Silent Mode keeps the virus in the file or into the message (attach) and continue the scanning. You can't configure 'delete the infected file' in the Home version.

You can do the same for Standard Shield provider, but it won't be a good idea...

Silent mode in the case of the WebShield provider simply means that avast will keep pressing the "Abort connection" button for the user automatically.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: Auto-deleting trojan-infected emails with avast! 4.8 Pro
« Reply #2 on: September 21, 2009, 06:58:43 PM »
I use MailWasher Pro also.

- Note avast's Internet Mail provider would scan the email traffic to MailWasher:
MailWasher doesn't download the complete email to do its analysis, it only downloads the headers, a small part of the body, it doesn't download images or attachments and it views what is downloaded in text only. Based on this I personally don't feel that any negligible risk worth scanning duplication, but the choice is yours.

By editing the avast4.ini file, [MailScanner] section using a text editor like notepad. It is best to save a copy of avast4.ini to another location in case of any problem, you can then copy the original back.
[MailScanner]
IgnoreProcess=MailWasher.exe add this line if you don't already have an IgnoreProcess line.
Save the changes to avast4.ini and exit, the avast self-defence module will ask are you sure about the changes, etc. answer Yes.

That should stop avast alerting on partial mailwasher email downloads and allow for the deletion by mailwasher of all the spam first, before handing off to your email client to download the remainder. At that point if there are any that weren't flagged and deleted by mailwasher, but were infected, avast would only then alert.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

chromecity

  • Guest
Re: Auto-deleting trojan-infected emails with avast! 4.8 Pro
« Reply #3 on: October 05, 2009, 08:39:33 AM »
You can use Silent Mode on version 4:

Left click the 'a' blue icon.
It will start On-access protection

Click on Internet Mail and then on Customize.
Go to Advanced tab and select Silent Mode and the default answer No. This will send the file (email) to Chest.
But take a look here: http://forum.avast.com/index.php?topic=28088.msg229736#msg229736

Do the same for the and Outlook/Exchange plugin.
The answer Yes in Silent Mode keeps the virus in the file or into the message (attach) and continue the scanning. You can't configure 'delete the infected file' in the Home version.

Okay, I've been running in this Silent Mode and things seem to working.  Thanks.  But you have shown that the only automated choice seems to be to send the infected file to the chest (and yes, I'm using Pro, as indicated in the thread title).  So where do I see these chest emails?  When I go through all the normal chest entries that I can find, they seem to just be for regular virus files that were found during a drive scan.  Where do all the email virus files go when they are sent to the chest by this automated mechanism?  I cannot find them anywhere but there must be hundreds of them according to the log viewer.  ???

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Auto-deleting trojan-infected emails with avast! 4.8 Pro
« Reply #4 on: October 05, 2009, 02:00:57 PM »
yes, I'm using Pro, as indicated in the thread title
So configure it into Virus page of the settings. You can fully automate the actions.
See picture here: http://forum.avast.com/index.php?topic=13315.msg112285#msg112285.

So where do I see these chest emails?  When I go through all the normal chest entries that I can find, they seem to just be for regular virus files that were found during a drive scan.  Where do all the email virus files go when they are sent to the chest by this automated mechanism?  I cannot find them anywhere but there must be hundreds of them according to the log viewer.  ???
I think only the attached files are sent there. Mail messages, if infected, could be deleted :'(
The best things in life are free.