Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: treker96mk2 on June 02, 2009, 03:24:12 AM
-
it says it well send doing next update but i see no mention in the log and no email.
the first is a trojan pws been in the chest for about a day since i hit the send botton yes my email was included in the email field.
the second is a pdf exploit i added to chest hit send and filled out the email field then i started a manual database update still no message.
how can i tell if they have been sent successfully?
-
Getting your reply MAY take up to two weeks...
-
it would be nice if they had an automated email that tells you it was received.
-
-= I remember someone told me that if no dialog box appears, it will be sent to ALWIL via next update but I have no knowledge of how to confirm if file was successfully sent..
-= I think it would be nice if avast has a dedicated server for allowing users to upload infected files in ZIP or RAR format.. ??? Just a wish.. ;D
-
Right lets clarify:
Send it from the User Files section of the chest (select the file, right click, email to Alwil Software), you should get a pop-up form to complete giving brief details about the submission, see image1. It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done, see image2.
it would be nice if they had an automated email that tells you it was received.
So it doesn't get sent by email but is uploaded directly to Alwil, your email is unknown so you won't get a reply.
Even if you emailed it directly to Alwil, you don't normally get a reply unless they need more information.
-= I remember someone told me that if no dialog box appears, it will be sent to ALWIL via next update but I have no knowledge of how to confirm if file was successfully sent..
Wrong, I believe you are mis-quoting something I said, if the pop-up form (dialog box you mention) doesn't appear, then you can't complete it and you 'can't' submit it as that is where the Submit button is.
-= I think it would be nice if avast has a dedicated server for allowing users to upload infected files in ZIP or RAR format.. ??? Just a wish.. ;D[/font]
They already have any email you send zipped and password protected going to virus (at) avast (dot) com is filtered. There is also an ftp function but that isn't designed for that, but for large files that couldn't be emailed, etc. and then only when you receive instructions to do so.
The new submission process from the chest is I believe in some way automatically processed (mini analysis), like a sort of triage process to try and assign some sort of priority of action.
-
i entered my email in the optional email field.
and i did not see the upload info doing update but it probably went by to fast to catch.
so i will assume it got there but it would be nice to at least have a log entry stating that the upload accord.
thanks for the help.
-
Check the C:\Program Files\Alwil Software\Avast4\Setup\setup.log using notepad, that should hold info on submissions as part of the update process.
-
-= I checked the logs but my file [zip.zip] wasn't on the log.. Though I clicked Email to ALWIL [no dialog box]..
-
is this it?
14:06:39 nrm/pkg Submit: files 0, bytes 0, time 0 ms
14:06:39 nrm/pkg Submit success: files 0, bytes 0, time 0 ms
-
-= Sorry about the previous post.. Found mine too.. Thanks.. ;)
-
i entered my email in the optional email field.
and i did not see the upload info doing update but it probably went by to fast to catch.
so i will assume it got there but it would be nice to at least have a log entry stating that the upload accord.
thanks for the help.
if you want to send the file immediately then make a manual update and you will see the dialog sending the file
-
is this it?
14:06:39 nrm/pkg Submit: files 0, bytes 0, time 0 ms
14:06:39 nrm/pkg Submit success: files 0, bytes 0, time 0 ms
Yes that is the part of the log that shows it, you would have to look back in the log to a time after your submission as this part doesn't show any files to submit (files 0)...
-
none of those have a number other then 0.
searched the entire log.
-
i just submitted the pdf file again and it had the sending dialog
but the setup.log has not been modified since june 2.?
-
this is new an acces denied on manual update home edition.
here is the log.
03.06.2009 11:12:58 general: Started: 03.06.2009, 11:12:58
03.06.2009 11:12:58 general: Running setup_av_pro-537 (1335)
03.06.2009 11:12:58 system: Operating system: WindowsXP ver 5.1, build 2600, sp 3.0 [Service Pack 3]
03.06.2009 11:12:58 system: Memory: 72% load. Phys:292852/1047216K free, Page:1637736/2518356K free, Virt:2069088/2097024K free
03.06.2009 11:12:58 system: Computer WinName: HOME-PC
03.06.2009 11:12:58 system: Windows Net User: HOME-PC\ed-admin
03.06.2009 11:12:58 general: Cmdline: /downloadpkgs /noreboot /updatevps /silent /progress
03.06.2009 11:12:58 general: DldSrc set to inet
03.06.2009 11:12:58 general: Operation set to INST_OP_UPDATE_GET_PACKAGES
03.06.2009 11:12:58 general: Old version: 537 (1335)
03.06.2009 11:12:58 registry: Error deleting registry: Software\Alwil Software\Avast\4.0\UpdateReady (0x00000005)
03.06.2009 11:12:58 system: Using temp: C:\DOCUME~1\ed-admin\LOCALS~1\Temp\_av_proI.tm~a02108 (43194M free)
03.06.2009 11:12:58 general: SGW32P::CheckIfInstalled set m_bAlreadyInstalled to 1
03.06.2009 11:12:58 internet: SYNCER: Agent=Syncer/4.80 (av_pro-1335;p)
03.06.2009 11:12:58 system: Computer DnsName: home-pc
03.06.2009 11:12:58 system: Computer Ip Addr: 192.168.0.2
03.06.2009 11:12:58 system: Installed in: C:\Program Files\Alwil Software\Avast4 (43194M free)
03.06.2009 11:12:58 internet: SYNCER: Type: use IE settings
03.06.2009 11:12:58 internet: SYNCER: Auth: another authentication, use WinInet
03.06.2009 11:12:58 package: Part prg_av_pro-537 is installed
03.06.2009 11:12:58 package: Part vps-9060200 is installed
03.06.2009 11:12:58 package: Part news-50 is installed
03.06.2009 11:12:58 package: Part setup_av_pro-537 is installed
03.06.2009 11:12:58 package: Part jrog-128 is installed
03.06.2009 11:12:58 general: Old version: 537 (1335)
03.06.2009 11:12:58 general: GUID: 6c8af49f-7615-4be2-be04-0e3811168543
03.06.2009 11:12:59 general: Server definition(s) loaded for 'main': 255 (maintenance:0)
03.06.2009 11:12:59 general: SelectCurrent: selected server 'Download908 AVAST Server' from 'main'
03.06.2009 11:12:59 internet: SYNCER: Type: use IE settings
03.06.2009 11:12:59 internet: SYNCER: Auth: another authentication, use WinInet
03.06.2009 11:12:59 general: Entered SetupProcessPro::Do( INST_OP_UPDATE_GET_PACKAGES )
03.06.2009 11:12:59 general: Entered SetupProcessWin32Avast::Do( INST_OP_UPDATE_GET_PACKAGES )
03.06.2009 11:12:59 general: Entered SetupProcessWin32::Do( INST_OP_UPDATE_GET_PACKAGES )
03.06.2009 11:12:59 general: Entered SetupProcess::Do( INST_OP_UPDATE_GET_PACKAGES )
03.06.2009 11:12:59 general: progress thread start
03.06.2009 11:12:59 internet: SYNCER: Agent=Syncer/4.80 (av_pro-1335;f)
03.06.2009 11:13:00 internet: Used server: http://download908.avast.com/iavs4x
03.06.2009 11:13:00 package: Download servers.def, servers.def.vpu failed with error 0x00000005.
03.06.2009 11:13:00 internet: Used server: http://download908.avast.com/iavs4x
03.06.2009 11:13:01 general: Server definition(s) loaded for 'main': 255 (maintenance:0)
03.06.2009 11:13:01 general: SelectCurrent: selected server 'Download661 AVAST Server' from 'main'
03.06.2009 11:13:01 internet: SYNCER: Type: use IE settings
03.06.2009 11:13:01 internet: SYNCER: Auth: another authentication, use WinInet
03.06.2009 11:13:01 internet: Used server: http://69.93.227.242/iavs4x
03.06.2009 11:13:01 internet: Used server: http://69.93.227.242/iavs4x
03.06.2009 11:13:01 file: GetFileWithRetry: prod-av_pro.vpu downloaded .
03.06.2009 11:13:01 file: GetNewerStampedFile:compatCopyFile failed: C:\DOCUME~1\ed-admin\LOCALS~1\Temp\_av_proI.tm~a02108\onefile, C:\Program Files\Alwil Software\Avast4\Setup\prod-av_pro.vpu, error: 0x00000005
03.06.2009 11:13:01 package: Tried to download prod-av_pro.vpu but failed with error 0x00000005
03.06.2009 11:13:01 package: LoadAllDefs failed 0x00000005
03.06.2009 11:13:01 general: Err:Access is denied.
-
03.06.2009 11:12:58 system: Windows Net User: HOME-PC\ed-admin
03.06.2009 11:13:01 package: LoadAllDefs failed 0x00000005
03.06.2009 11:13:01 general: Err:Access is denied.
You seem to be the admin and even though, the access error 5 is listed there... strange uh? I'm empty on guessing what is happening...
-
i just submitted the pdf file again and it had the sending dialog
but the setup.log has not been modified since june 2.?
Confusingly there is another setup.log file and I never know which is used for what (they look the same) check out the other one, C:\Program Files\Alwil Software\Avast4\DATA\log\Setup.log.
Are there any files in the C:\Program Files\Alwil Software\Avast4\DATA\spool\suspic folder ?
That is where they are stored before upload.
-
other log still says 0
and the folder you mentioned is empty.
-
okay i have set the pdf exploit to send again and there is now a file in the folder you mentioned.
-
When the folder is empty there are no files awaiting upload, either they haven't been submitted or they have been sent.
So now that is in the folder the submission is ready to be uploaded during either the next auto update or on a manual iAVS update. I suggest doing a manual update and watch its progress, first it will download any update, then it will upload the file from the suspic folder (you should see that part of the process and clear the folder) and finally it will complete the update process and display the update details.
-
when i woke up and read you reply an update check had already accord the folder is empty and the pdf exploit is now detected.
the log still has 0.
can others please see if this is a bug or is it just me?
-
This is what the log should look like from a previous submission, see image extract.
Check both log files, and check back further, you can even search for the package submit: string.
-
Update:
OK I have resubmitted a file previously submitted, see image1 the file being uploaded and image2 and extract of the C:\Program Files\Alwil Software\Avast4\Setup\setup.log showing successful upload.
So it is working as expected on my system.
-
the only suspic in both setup logs were .wav.
-
The only files in there should be those with weird looking names contained in the {wriggly brackets}.suspic, as in my images as it doesn't retain its original file name as it is also encrypted I believe.
You aren't looking for suspicious files in the log but the specific line entries for the upload:
17:34:17 min/int file C:\Program Files\Alwil Software\Avast4\DATA\spool\suspic\{44A437B5-6482-456B-B2E5-CB49EBE1F233}.suspic submitted (6F48D34BDA1E1D52173818F6061C23AE411408B91EA07AB7660112B7741BE093)
17:34:17 nrm/pkg Submit: files 1, bytes 91502, time 35844 ms
17:34:17 nrm/pkg Submit success: files 1, bytes 91502, time 35844 ms
-
okey i do not remember seeing that a search for suspic only showed entry's for .wav probably for the sounds avast uses.
29.05.2009 14:03:07.000 1243630987 file Direct move of file: C:\Program Files\Alwil Software\Avast4\ENGLISH\suspic.wav
29.05.2009 14:03:07.000 1243630987 file Installed file:C:\Program Files\Alwil Software\Avast4\ENGLISH\suspic.wav
-
That is just the audio file for notifying you of a suspicious email, etc.
You should be searching within the setup.log (for the Submit: files string) using notepad.
-
data log setup.log
Submit:
29.05.2009 14:06:39.000 1243631199 package Submit: files 0, bytes 0, time 0 ms
29.05.2009 14:06:39.000 1243631199 package Submit success: files 0, bytes 0, time 0 ms
there are more but there the same zeros just different times.
-
That is from 29/5/2009 8 days ago so doesn't correspond to your submissions as topic only started on the 2nd and first submissions after that. The log is in chronological order with new lines added at the bottom (appended) so any submit: files entry would be near the bottom of the file.
-
all submit are like that just 0 for the entire log.
-
So there is either something weird going on with your system as it isn't getting submitted, are you actually getting the pop-up form (image posted earlier) when you click the email to Alwil Software option ?
If you aren't then as explained earlier it won't be submitted as you have to complete the form and click the Submit button.
-
when i click email the form does show up i then entered my email checked the i know what i am doing box and clicked send. i have noticed the sending dialog but it's not recorded in the log?
-
sent an adware installer toolbar from one of those send an ecard emails 2mb the dialog showed and it was logged,
sorry about my previous response i originally meant to say i checked the little box in the sending dialog the says i know what im doing or something like that. i have since edited my previous response to correct that.
thank you.
09.06.2009 05:18:08.000 1244549888 internet file C:\Program Files\Alwil Software\Avast4\DATA\spool\suspic\{00BA3AE1-9E46-4084-9B74-539CBF02AEA5}.suspic submitted (7BDD537BFB47E3377F335DFD72CA729B960BB18129E7A67C51D28897ABBFFA38)
09.06.2009 05:18:08.000 1244549888 package Submit: files 1, bytes 2763862, time 33031 ms
09.06.2009 05:18:08.000 1244549888 package Submit success: files 1, bytes 2763862, time 33031 ms
-
Well it looks to be working as expected now, hopefully it was a computer glitch before.
-
yep
thanks for the help and ill keep an i on it.
-
You're welcome.