Thank you for setting the order No.475456

[tjerkotten]

Hi Everybody,

I have a problem. I am using Outlook Express 6.0.

I am using Avast 4.x Home edition and the last few weeks i constantly get lots of infected messages with the subject
Thank you for setting the order No.475456.

This is the message that is included in the e-mail.

> Dear Customer!
>
> Thank you for ordering at our online store.
> Your order: Sony VAIO A1133651A, was sent at your address.
> The tracking number of your postal parcel is indicated in the document attached to this letter.
> Please, print out the postal label for receiving the parcel.
>
> Internet Store.
>

Avast removes this trojan after i tell it to, but its so annoying to constantly remove the messages.
Im also using Spamfighter so after the trojan is deleted the message itself goes to the Spamfighter
folder. I want this to go automaticly so i don;t have to delete the trojan every message myself again. Its frustrating.

The same message comes from different people every time so i can't block or blacklist the domain. That's the problem.

Please help me,

Greets

Tjerk

[Pondus]

It is a spam / hoax / phishing mail. Mark as spam in your spam filter and delete. Do not open any file, do not answer
http://www.projecthoneypot.org/ip_200.21.18.145?vid=t995kgkint2mfhl8vpdgeltj64

[DavidR]

Im also using Spamfighter so after the trojan is deleted the message itself goes to the Spamfighter
folder. I want this to go automaticly so i don;t have to delete the trojan every message myself again. Its frustrating.

How does Spamfighter work, e.g. does it use a proxy to scan the email before they go to the inbox ?

Or does it scan the email at the email server level (by downloading a small part of it), deleting spam, before the email program downloads the remainder ?

This is how my MailWasher works and that limits the emails coming down to the email program (OE6 in my case also), so less likelihood of detections. I also exclude the MailWasher content from the email scans, but that is something else again.

I use MailWasher Pro, although it is primarily for Spam it is also easy to deal with suspicious emails. There is a free version, but this only works with a single email account. The Pro version works with multiple accounts.

[tjerkotten]

Hi,

thank you for your comment. The thing is, my spam filter already puts the e-mails in the spam folder.
Avast however is deleting the trojan that is attached. I Don't want to see that message from avast every time.
I have to delete the trojan every time the e-mails
come. As the e-mails come from different adresses i can't block the sender. That was the problem,

greets

[tjerkotten]

Im also using Spamfighter so after the trojan is deleted the message itself goes to the Spamfighter
folder. I want this to go automaticly so i don;t have to delete the trojan every message myself again. Its frustrating.

How does Spamfighter work, e.g. does it use a proxy to scan the email before they go to the inbox ?

................

Thank you for comment. The problem is Avast and not my spamfilter. The message goes into the spam folder, but avast detects a trojan inside that message everytime.
I want to get rid of that message. Avast should delete is immediately without asking if that trojan needs to be deleted, because its the same message every time.

[DavidR]

That is why I asked if it uses a proxy, as if it uses the normal pop3 protocol on port 110, then avast would redirect traffic on that port to its proxy and alert when it came into spamhunter.

This would have the effect of stopping spamhunter moving it into the OE spam folder (or does it go to a spamhunter spam folder). So there shouldn't be duplicate alerts and the difficulty avast would have of removing it from the spam email folder.

That's not really a problem - We aren't talking about blocking any sender as that is a pointless exercise as you would be trying to hit a moving target, but allowing your anti-spam do its job in conjunction with avast.

[tjerkotten]

That is why I asked if it uses a proxy, as if it uses the normal pop3 protocol on port 110, then avast would redirect traffic on that port to its proxy and alert when it came into spamhunter.

This would have the effect of stopping spamhunter moving it into the OE spam folder (or does it go to a spamhunter spam folder).........

Spamhunter uses its own spam folder. I don't know it uses a proxy...

[Pondus]

can your filter block on "mail subject" ? if the subject is the same every time?

[tjerkotten]

can your filter block on "mail subject" ? if the subject is the same every time?

Yes it can, but the problem is the trojan inside the message. The message itself gets deleted automatic. I have found an option in
Avast called silent mode. It say's yes to all the basic questions. Perhaps this works....

[DavidR]

I don't know if it uses a proxy, I'm not even sure what alert you are getting, the one from the Internet Mail provider (which covers OE), image1 ?

Or that of the Standard Shield when spamhunter saves the email to its spam folder on the HDD, image2 ?

Yes Silent mode with General answer No, should send the email to the chest (not delete), but where to set that would depend on which alert it was.

[tjerkotten]

I don't know if it uses a proxy, I'm not even sure what alert you are getting, the one from the Internet Mail provider (which covers OE), image1 ?

Or that of the Standard Shield when spamhunter saves the email to its spam folder on the HDD, image2 ?

Yes Silent mode with General answer No, should send the email to the chest (not delete), but where to set that would depend on which alert it was.

Im Getting messages like the first image. Do i have to set the General answer to NO of to YES in Silent mode to delete the trojan automatic in the message ?

[Pondus]

doesn't your mail provider have spam/virus filter on the mail servers?, if not maybe you should move to one that have, like gmail

[tjerkotten]

doesn't your mail provider have spam/virus filter on the mail servers?, if not maybe you should move to one that have, like gmail

Yeah, that has one too. This is my business e-mail, so im not moving to a gmail account. I think silent mode in Avast fixes the problem.

[DavidR]

That means it is the Internet Mail provider which is doing the detection (and also indicates spamhunter doesn't use a proxy). As far as I'm aware it should be set to No (I don't use this function), but some say yes, you can test both theories but I think start with no.

One of the issues is silent mode sends to the chest (it doesn't delete), but emails once in the chest can't be restored as a) there is no location to restore, e.g. inbox and b) it might corrupt the .dbx file if it knew where to restore it to.

I also don't know what form (file type) the email would be stored in the Chest as when saved from OE they are given, .eml file type, I don't know if this happens when sent to the Chest. You could check the virus chest Infected Files section and see how it is stored.

####
As Pondus mentions about spam filtering as email server level, I will say that downloading email to then filter it really is a pointless exercise as you have to download 'all' email spam included to filter it. That is why I like the way MailWasher works.

MailWasher doesn't download the complete email to do its analysis, it only downloads the headers, a small part of the body, it doesn't download images or attachments and it views what is downloaded in text only. Based on this I personally don't feel that any negligible risk worth scanning duplication, that is why I exclude it from scans, but the choice is yours.

I run MailWasher first it flags all spam for deletion (you can add more if suspect), when you click Process it deletes the emails flagged from the server and calls your email program to download the remainder. On dial-up this saves me lots of time by not having to download all email and avast isn't finding suspect/infected emails.