Avast Caution Potential Infection Was Detected: Suspicious whitespace sequence

[donnie]

I often get the WinXP Avast verbal warning when downloading usenet photos:
Caution: Potential Infection Was Detected: Suspicious whitespace sequence

What is a "suspicious whitespace sequence" in a digital JPEG photograph?
Can I download the usenet photo and "see" the suspicous whitespace
sequence?

Is it really a virus?
If not, what?

donnie

[David J Taylor]

Most likely the program is objecting to the HTML (text) content from the
Web server rather than any image content.

David

[Mr. Arnold]

donnie wrote:
> I often get the WinXP Avast verbal warning when downloading usenet photos:
> Caution: Potential Infection Was Detected: Suspicious whitespace sequence
>
> What is a "suspicious whitespace sequence" in a digital JPEG photograph?

Delimiters

> Can I download the usenet photo and "see" the suspicous whitespace
> sequence?

Yeah with an editor that can read the file and display it in a binary
format.

>
> Is it really a virus?

No

> If not, what?
>

Your friend Google will tell you.

http://www.google.com/search?hl=en&q=%22whitespace%22+delimiter&btnG=Search

[Lars-Erik Østerud]

donnie wrote:

> I often get the WinXP Avast verbal warning when downloading usenet photos:
> Caution: Potential Infection Was Detected: Suspicious whitespace sequence

Isn't this the security whole in Windows graphics that could make
binary code inside a picture execute on the system if a fault
happened? Maybe that is what it is warning you about?

I have used avast! for several years and NEVER seen that message, so I
would be very careful with those images if I were you. Suspicious...
--
Lars-Erik - http://www.osterud.name - ICQ 7297605

[David J Taylor]

Lars-Erik Řsterud wrote:
> donnie wrote:
>
>> I often get the WinXP Avast verbal warning when downloading usenet
>> photos: Caution: Potential Infection Was Detected: Suspicious
>> whitespace sequence
>
> Isn't this the security whole in Windows graphics that could make
> binary code inside a picture execute on the system if a fault
> happened? Maybe that is what it is warning you about?

Good point - many pieces of software may have such faults as they may be
derived from common libraries.

> I have used avast! for several years and NEVER seen that message, so I
> would be very careful with those images if I were you. Suspicious...

Doesn't "whitespace" suggest the HTML code, though?

David

[ASAAR]

On Sun, 25 Mar 2007 12:55:15 GMT, David J Taylor wrote:

>> I have used avast! for several years and NEVER seen that message, so I
>> would be very careful with those images if I were you. Suspicious...
>
> Doesn't "whitespace" suggest the HTML code, though?

It could also suggest a reserved block used for EXIF comments.
Perhaps the EXIF data could be stripped from the photo to see if it
would then get by the Avast security check.

[Sudee]

Maybe it's this?
http://en.wikipedia.org/wiki/Whitespace_(programming_language)

--
Sue

Life may not be the party we hoped for, but while we are here we might as well
dance.
Unknown

[Bert Hyman]

In news:qi603v9e8cta$.14bq5dnk...@40tude.net donnie
<drb...@sbcglobal.net> wrote:

> What is a "suspicious whitespace sequence" in a digital JPEG photograph?
> Can I download the usenet photo and "see" the suspicous whitespace
> sequence?

From what I've read the warning is about suspicious spaces in the filename,
not the image.

Some folks send executables with many spaces in the name, in hopes that the
".exe" extension will be missed by the downloader.

--
Bert Hyman St. Paul, MN be...@iphouse.com

[Thomas T. Veldhouse]

The problem is the filename ... and that fact that Avast is very cheap.

If you really want good coverage and fast performance, consider NOD32 from
http://www.eset.com

--
Thomas T. Veldhouse
Key Fingerprint: D281 77A5 63EE 82C5 5E68 00E4 7868 0ADC 4EFB 39F0

[Craig]

Thomas T. Veldhouse wrote:

> In donnie wrote:
>> I often get the WinXP Avast verbal warning when downloading usenet photos:
>> Caution: Potential Infection Was Detected: Suspicious whitespace sequence
>>

...
> The problem is ...that Avast is very cheap.

Fatally flawed argument, Thomas. Apache is free as well but your
internet experience depends on it everyday. The cost of Avast is fine
and, if you look at comparative AV tests, so is its effectiveness which,
really, is what matters.

Doesn't it?

>
> If you really want good coverage and fast performance, consider NOD32 from

> http://www.eset.com/afinebut$$$ware
>

Y.a. fine option but, happily, OT for our group.

-Craig

[Thomas T. Veldhouse]

In rec.photo.digital Craig <netbu...@removegmail.com> wrote:
> Thomas T. Veldhouse wrote:
>> In donnie wrote:
>>> I often get the WinXP Avast verbal warning when downloading usenet photos:
>>> Caution: Potential Infection Was Detected: Suspicious whitespace sequence
>>>
> ...
>> The problem is ...that Avast is very cheap.
>
> Fatally flawed argument, Thomas. Apache is free as well but your
> internet experience depends on it everyday. The cost of Avast is fine
> and, if you look at comparative AV tests, so is its effectiveness which,
> really, is what matters.
>

The Avast method of using filename to block viruses/worms/malware/etc is what
is fatally flawed. My comment about Avast being very cheap should be taken
contextually.

>
> Y.a. fine option but, happily, OT for our group.
>

I have chosen NOD32 because it works VERY WELL and impacts my system minimally
compared to all over antivirus/antimalware options that I have tried. I
suggest it for that reason only. It is your option to ignore my suggestion.

[Lars-Erik Østerud]

Thomas T. Veldhouse wrote:

> The Avast method of using filename to block viruses/worms/malware/etc is what
> is fatally flawed. My comment about Avast being very cheap should be taken

The e-mail methods of alerting can be setup by the user. So if you
don't like that you can disable it. It still uses many other methods

[Thomas T. Veldhouse]

In rec.photo.digital Lars-Erik ?sterud <.@.> wrote:
> Thomas T. Veldhouse wrote:
>
>> The Avast method of using filename to block viruses/worms/malware/etc is what
>> is fatally flawed. My comment about Avast being very cheap should be taken
>
> The e-mail methods of alerting can be setup by the user. So if you
> don't like that you can disable it. It still uses many other methods

Excellent. I had doubts that it was picking up spyware or malware with any
accuracy. Certainly, NOD32 was able to find things that Avast missed [as did
McAffee and the five minutes of Norton 360]. I do recall that everything it
found was stored in my cookies or a couple of zip files I had stored [inside
emails].

[Craig]

Thomas T. Veldhouse wrote:

> Craig wrote:
>> Thomas T. Veldhouse wrote:
>>> donnie wrote:
>>>> I often get the WinXP Avast verbal warning when downloading usenet photos:
>>>> Caution: Potential Infection Was Detected: Suspicious whitespace sequence
>>>>
>> ...
>>> The problem is ...that Avast is very cheap.
>> Fatally flawed argument, Thomas. Apache is free as well but your
>> internet experience depends on it everyday. The cost of Avast is fine
>> and, if you look at comparative AV tests, so is its effectiveness which,
>> really, is what matters.
>>
>
> The Avast method of using filename to block viruses/worms/malware/etc is what
> is fatally flawed.

Uh, that's /one/ method used by, among others, Avast. Another method is
file fingerprinting, etc. Neither are unique to Avast. If you've
somehow configured *any* AV to use this one method of detection, well,
yea, that decision was fatally flawed.

> It is your option to ignore my suggestion.

I wasn't addressing your suggestion. I was correcting an error in your
post.

-Craig

[Thomas T. Veldhouse]

In rec.photo.digital Craig <netbu...@removegmail.com> wrote:
>

>> It is your option to ignore my suggestion.
>
> I wasn't addressing your suggestion. I was correcting an error in your
> post.
>

There was no error in my post. What you didn't agree with is this:

"The problem is ...that Avast is very cheap."

Avast does not perform as well as several higher end scanners; most notably
NOD32 and Kaspersky. You have to pay for both of these beyond the trial
period, which is why I posted it as such. It was not a literal suggestion,
but one meant to be taken in context and just a little bit of salt.

[Craig]

Thomas T. Veldhouse wrote:
> In rec.photo.digital Craig <netbu...@removegmail.com> wrote:
>>> It is your option to ignore my suggestion.
>> I wasn't addressing your suggestion. I was correcting an error in your
>> post.
>>
>
> There was no error in my post. What you didn't agree with is this:
>
> "The problem is ...that Avast is very cheap."
>
> Avast does not perform as well as several higher end scanners; most notably
> NOD32 and Kaspersky. You have to pay for both of these beyond the trial
> period, which is why I posted it as such. It was not a literal suggestion,
> but one meant to be taken in context and just a little bit of salt.
>

Acknowledged. Thanks for the clarification and the bit of flavor enhancer.

best,
-Craig

[Shadow Rider]

I believe It is an alert that is coming from the heuristic scanning of
avast in the mail scanner. I'm thinking that the email scanner is active
when you are viewing usenet posts.

Under the Heuristics tab click on "Customize".

On the next screen look for an Option called " Whitespace sequence check
in the name of attachment" with a setting number under it. Mine is set
to 5.

You can up this number to make it less reactive if you get this
frequently or even turn off this part of the scanner by unchecking the
option.

I suggest just upping the number a bit to maybe a value that won't react
when you get these photos instead of turning it off completely.