Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Trebacz on October 29, 2011, 06:55:45 AM

Title: Avast blocking SSH connection on port 8080 using putty
Post by: Trebacz on October 29, 2011, 06:55:45 AM
Avast seems to be blocking connections on two machines on my network. Neither (One XP and one Windows 7) can connect to two Linux machines, without disabling Avast protection. SSH is functioning on the Linux machines. The Linux machines can connect to each other over SSH. It seems to have happened with a recent upgrade of Avast. I'm on version 6.0.1289 with definitions 111028-2. This took me a long time to figure out why putty connection were failing.
Title: Re: Avast blocking SSH connection on port 8080 using putty
Post by: Trebacz on October 29, 2011, 07:10:09 AM
After further investigation -it seems that the web shield protection is blocking this connection. If I just disable it I can connect using putty over SSH on port 8080.

I can't seem to find any reasonable way to exclude my SSH connection over port 8080 in the web shield protection advanced settings. I'm assuming it's the port that causes Avast issues. I checked another connection on my network to a Linux server that uses port 22 -and it has no problem making the connection from either Windows machine (running Avast). At least if Avast would give a message when it's blocking the 8080 connection, it wouldn't take so long to figure out.

Avast please reconsider whatever changed in the most recent version.
Title: Re: Avast blocking SSH connection on port 8080 using putty
Post by: ady4um on October 29, 2011, 08:08:57 AM
IF you have firewall rules, you may want to delete your firewall rules for Avast, and re-add avastsvc.exe, avastui.exe and avast.setup (the latest may be a little tricky) to your firewall rules, reboot and test again.

ONLY if that is not enough, *then* try Avast main GUI -> web shield -> EXPERT settings -> "...well known browsers only".

Please report back.
Title: Re: Avast blocking SSH connection on port 8080 using putty
Post by: DavidR on October 29, 2011, 01:36:25 PM
I don't know why Putty would use port 8080 a common HTTP proxy port for a secure connection and not a Secure port

Since port 8080 is a common HTTP proxy port it is monitored by the Web Shield and it is expecting HTTP protocol over that port.

http://www.itworld.com/nls_unixssh0500506 (http://www.itworld.com/nls_unixssh0500506)
Quote
SSH servers almost always run on port 22. That port is, after all, the well known port that is assigned to the service. If you're not feeling particularly devious, you might run the service on port 2222 instead or you might run it on some seemingly random number such as 9140 or 6188. Any unused port above 1024 (and below 65537) will do.

You could try using a different port, as in the above article.
Title: Re: Avast blocking SSH connection on port 8080 using putty
Post by: Trebacz on November 05, 2011, 11:15:24 PM
The clients currently only runs windows firewall. I didn't find any settings particular to Avast in the windows firewall configuration.

I have figured out two work arounds:

1) Disable the webshield for 10 minutes, open putty and connect to the remote server, and once connected to the server via SSH webshield doesn't affect future communication.

or

2) try Avast main GUI -> web shield -> EXPERT settings -> "...well known browsers only". This is a permanent solution, but probably also reduces Avast web protection.

I run ssh on port 8080 to get around some firewall restrictions in certain enviroments. Know it's non-standard, but work for me ::)
Title: Re: Avast blocking SSH connection on port 8080 using putty
Post by: FlyingRobot on November 05, 2011, 11:31:55 PM
In Web Shield Expert Settings Exclusions there is an ability to enter "URLs to exclude".  There the descriptive text refers to extensions, but have you tried playing around with that to see if it is more flexible?
Title: Re: Avast blocking SSH connection on port 8080 using putty
Post by: FlyingRobot on November 09, 2011, 07:16:47 PM
Perhaps this will come as no surprise to the regulars, but I did try using that exclusions feature to prevent the avast WebShield from mucking with connections to my webserver on port 8080.  Nothing I could think of worked.  If indeed there is no way to configure WebShield to transparently pass everything to/from a specific HOST:PORT, that would be a nice feature to add.  Even if HOST had to be an IP Address rather than hostname.
Title: Re: Avast blocking SSH connection on port 8080 using putty
Post by: DavidR on November 09, 2011, 07:26:10 PM
@ Trebacz
You could try this - I don't know what the IP address is of this remote server, but it may be possible to place that IP in the avastUI, Settings, Troubleshooting, Redirect Settings, WEB: Ignored addresses and enter the IP address.