Author Topic: [avast! heuristic - WARNING]  (Read 7157 times)

0 Members and 1 Guest are viewing this topic.

MadScientist

  • Guest
[avast! heuristic - WARNING]
« on: March 27, 2010, 06:17:42 AM »
I have been using Avast Free for years without problems, and have recommended it to many others (both free and paid). Yesterday an email problem showed up that is actually quite troublesome. After some trial and error with a friend, we have narrowed down how to produce/reproduce the problem.

My friend has a signature that is made up of text (html, so it can include colors and fonts) plus a .jpg image. Here is what happens:

1) He sent me a test message that had subject: "test", and the body was blank except for his signature text + image.   I received this, no problem.

2) I Replied back, without adding anything. He received this, no problem.

3) He replied back to my reply, without adding anything. I received the error message [avast! heuristic - WARNING] in the subject line and everything in the message was stripped. The body of the stripped message was as follows (I am changing his and my email addresses to be from "friend.com" for privacy reasons, but the error message is unchanged):

----------------------------------------------------
Very suspicious extension of attachment
 * part1.09010807.07010205@friend.com
Content-Type doesn't correspond with attachment's extension
 * part1.09010807.07010205@friend.com - image/jpeg


Sender:  "my friend" < friend @friend.com>
Recipient:  me @friend.com
Subject:  RE: test
.
----------------------------------------------------

Shortly before we did this test, he had sent an email to a few of us and one of the others did a "Reply All". The email reply I received from that person had the same error message.

It looks to me like anyone with a .jpg file in the signature will generate an Avast heuristic warning with message stripped out anytime anyone simply hits "Reply". Is there a reasonable fix any one can suggest? I don't really want to turn incoming email heuristic scanning off, but that seems to be the only way?  Any other ideas?


MadScientist

  • Guest
Re: [avast! heuristic - WARNING]
« Reply #1 on: March 27, 2010, 03:26:53 PM »
Here is a little additional info:

I use Thunderbird for my email.

I believe the other two friends use the Godaddy web based email access.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: [avast! heuristic - WARNING]
« Reply #2 on: March 27, 2010, 05:34:29 PM »
does it only happen with this -one- .jpg or with different ones?
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: [avast! heuristic - WARNING]
« Reply #3 on: March 29, 2010, 04:55:05 PM »
It's obviously the .com file extension that's causing this. We'll see what we can do to prevent this issue.

Thanks for reporting this btw.
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 76037
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: [avast! heuristic - WARNING]
« Reply #4 on: March 29, 2010, 04:59:48 PM »
It's obviously the .com file extension that's causing this. We'll see what we can do to prevent this issue.

Thanks for reporting this btw.
Vlk

you mean eg. this: part1.09010807.07010205@friend.com ???
the .com ending? so a @friend.net would b no prob, right..?
asyn
W8.1 [x64] - Avast Free AV 23.3.8047.BC [UI.757] - Firefox ESR 102.9 [NS/uBO/PB] - Thunderbird 102.9.1
Avast-Tools: Secure Browser 109.0 - Cleanup 23.1 - SecureLine 5.18 - DriverUpdater 23.1 - CCleaner 6.01
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

MossyRock

  • Guest
Re: [avast! heuristic - WARNING]
« Reply #5 on: March 29, 2010, 09:08:27 PM »
A customer that I support, who also uses Thunderbird, is having the EXACT same issue with Avast Free (recently downloaded and installed, most current version), except that my customer's logo in the signature is a .gif file (not .jpg), and the recipient's/replyer's email client is Outlook.  GoDaddy is the host for both my customer (the sender) and the receiver.

When my customer sends an email to this recipient who uses Outlook, any reply back has the signature broken apart into attachments with filetypes that don't match the contents, which triggers the heuristic warning.  No other Outlook recipients' replies cause this problem.  

I was beginning to think this was due to the way this one Outlook client is configured, but the fact that GoDaddy is in the loop for both me and MadScientist raises some suspicions that GoDaddy may be the culprit.

Unfortunately, it causes big problems because there is a lot of daily email traffic to/from this particular Outlook client.

The problem is further aggravated by Avast not asking the customer what to do when this happens, despite the fact that the settings are set to "ASK".  It just leaves an email stripped of its original contents with a warning in the subject.  I have a separate forum thread open for that issue, and there's been no solution.  I'd hate to have to abandon Avast because of these issues.

Hope this helps.
« Last Edit: March 29, 2010, 10:23:00 PM by MossyRock »