TheBat, Avast and Sandboxie

Please post your problem description here

Moderator: Barb@Invincea

Post Reply

TheBat, Avast and Sandboxie

Post by atomheart » Wed Oct 24, 2012 6:02 pm

Sandboxie 3.74 64-bit
Windows 7 64-bit
Avast free 7.0.1473
TheBAT E-mail client


I use TheBat as e-mail client and have configured Sandboxie that TheBat can write e-mail data (including attachment files) outside the sandbox. I use Avast free as my antivirus software. When I recveive mails with file attachments these files will be stored in a separate folder called "Attach". These folder is within the folder path which I have specified in Sandboxie as the folder for "theBat". When I get mails with malware attachments (for example a pdf file with a trojan inside) these files will be stored in the Attach folder as well. The problem is that Avast cannot detect this file as malware in the moment when it was stored first time in that folder. Only when I for example move or copy the file into another folder or when I let Avast check the file Avast will detect the file as malware. May it be possible that Sandboxie prevents Avast from scanning the files?

Sandboxie Founder
Sandboxie Founder
Posts: 16076
Joined: Tue Jun 22, 2004 5:57 pm

Post by tzuk » Wed Oct 24, 2012 9:12 pm

And you are sure that if Sandboxie is not the mix, then avast detects the malware as soon the file is placed in the Attach folder?

Posts: 5115
Joined: Sun Apr 27, 2008 10:24 pm
Location: Ohio, USA

Post by Guest10 » Thu Oct 25, 2012 12:24 am

If you can exclude some folder from Avast scanning, you can probably use Notepad to create a .txt file in that folder that contains the EICAR test file.

See the one-line test string listed under "Design":
(Don't include the [1] footnote symbol)

You need to create the file in a folder that Avast isn't scanning. Otherwise, Avast will "clean" the file right away.
Then, see if you can attach that file to two emails to yourself.
Open one when sandboxed and one when not sandboxed, to compare the two.
Win 10 Home 64-bit - Zone Alarm Pro Firewall, Malwarebytes Premium A/V, Cyberfox, Thunderbird
Sandboxie user since March 2007


Post by atomheart » Thu Oct 25, 2012 10:26 am

it was not Sandboxie, it was Avast who was not fast enough with updates for virus signatures. That was the reason why Avast did not detect it when it was written first time on the harddisk. Later (few hours) I checked the file again and it was detected. Amazing how fast malware distributes these days.

Post Reply

Who is online

Users browsing this forum: Bing [Bot], Yahoo [Bot] and 8 guests