Avast WEBforum
Consumer Products => Avast Mac Security => Topic started by: tkamppin on November 28, 2011, 10:04:30 PM
-
Hey,
When I've activated the "web shield" I can't go to any normal web sites. Secure(https) websites do work but no other ones. And as soon as I deactivate the "web shield" everything works as it should...
Application version: 1.0(35600b)
VPS version: 111128-2
OSX version: 10.7.2
Safari just gives me a blank page and Chrome gives me this error code: Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data.
-
Please post here the system log file (/var/log/system.log) so we can analyze it.
-
This is what I got when I opened avast settings(the "no such file...") and what I got after activating web shield:
Nov 29 13:02:25 dyn-218-048 [0x0-0x3f03f].com.apple.systempreferences[677]: Error opening configuration file: No such file or directory
Nov 29 13:02:43 dyn-218-048 authexec[691]: executing /bin/mv
Nov 29 13:02:43 dyn-218-048 authexec[692]: executing /bin/kill
Nov 29 13:02:43 dyn-218-048 proxy[65]: SIGHUP received. Restarting.
Nov 29 13:02:43 dyn-218-048 [0x0-0x3f03f].com.apple.systempreferences[677]: System Preferences(677,0x110404000) malloc: *** auto malloc[677]: error: GC operation on unregistered thread. Thread registered implicitly. Break on auto_zone_thread_registration_error() to debug.
This is what I get when I'm trying to open a website when web shield is active:
Nov 29 13:11:52 dyn-218-048 proxy[65]: Error creating connection socket: socket(): Too many open files
Nov 29 13:12:22: --- last message repeated 4 times ---
And this is what I get when I'm deactivating web shield:
Nov 29 13:12:50 dyn-218-048 authexec[774]: executing /bin/mv
Nov 29 13:12:51 dyn-218-048 authexec[775]: executing /bin/kill
Nov 29 13:12:51 dyn-218-048 proxy[65]: SIGHUP received. Restarting.
I hope it was this info you where looking for.. I'm new to mac so I'm not completely sure what info you want
if you want some other specific info just ask :)
-
Please run the following command (it lists the webshield's file descriptors) as root when the webshield is ON and the pages do not load and post here the output:
lsof -p `cat /var/run/avast/proxy.pid`
-
I copied and pasted the code into the terminal and pressed enter resulting in nothing. Repeat, Nothing happened...
Should I have run another command first or?
-
As already said, You have to bee root before executing the command.
To do so, You either must enable the root account (http://support.apple.com/kb/ht1528 (http://support.apple.com/kb/ht1528)) and use su to became root, or (if you are a user with administration rights) you can use sudo to run just the one command:
sudo lsof -p `cat /var/run/avast/proxy.pid`
-
thanx for the info...
this is what I got:
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
com.avast 402 root cwd DIR 14,2 136 1143714 /private/var/run/avast
com.avast 402 root txt REG 14,2 181592 1143673 /Library/Application Support/Avast/proxy/com.avast.proxy
com.avast 402 root txt REG 14,2 428848 5740 /usr/lib/libssl.0.9.7.dylib
com.avast 402 root txt REG 14,2 2251584 5739 /usr/lib/libcrypto.0.9.7.dylib
com.avast 402 root txt REG 14,2 599232 8877 /usr/lib/dyld
com.avast 402 root txt REG 14,2 293953536 1073842 /private/var/db/dyld/dyld_shared_cache_x86_64
com.avast 402 root 0r CHR 3,2 0t0 304 /dev/null
com.avast 402 root 1w CHR 3,2 0t1170 304 /dev/null
com.avast 402 root 2w CHR 3,2 0t3789 304 /dev/null
com.avast 402 root 3u IPv4 0xffffff800e82f4e0 0t0 TCP localhost.localdomain:http-alt (LISTEN)
com.avast 402 root 4u IPv6 0xffffff800bf0a340 0t0 TCP localhost:http-alt (LISTEN)
com.avast 402 root 5u IPv4 0xffffff800e9544e0 0t0 TCP localhost.localdomain:pop3 (LISTEN)
com.avast 402 root 6u IPv6 0xffffff800bf09f80 0t0 TCP localhost:pop3 (LISTEN)
com.avast 402 root 7u IPv4 0xffffff800e8c54e0 0t0 TCP localhost.localdomain:imap (LISTEN)
com.avast 402 root 8u IPv6 0xffffff800bf09bc0 0t0 TCP localhost:imap (LISTEN)
com.avast 402 root 9u IPv4 0xffffff800bf0ffa0 0t0 TCP localhost.localdomain:pop3s (LISTEN)
com.avast 402 root 10u IPv6 0xffffff800bf09800 0t0 TCP localhost:pop3s (LISTEN)
com.avast 402 root 11u IPv4 0xffffff800e831160 0t0 TCP localhost.localdomain:imaps (LISTEN)
com.avast 402 root 12u IPv6 0xffffff800bf09440 0t0 TCP localhost:imaps (LISTEN)
com.avast 402 root 13u unix 0xffffff800c712388 0t0 ->0xffffff800d39c898
com.avast 402 root 14u IPv4 0xffffff800f8ee320 0t0 TCP localhost.localdomain:imaps->localhost.localdomain:49436 (ESTABLISHED)
com.avast 402 root 15u IPv4 0xffffff800e980c00 0t0 TCP 192.168.0.104:49437->lpp01m01-in-f108.1e100.net:imaps (ESTABLISHED)
com.avast 402 root 16u IPv4 0xffffff800f8ed4e0 0t0 TCP localhost.localdomain:imaps->localhost.localdomain:49438 (ESTABLISHED)
com.avast 402 root 17u IPv4 0xffffff800e9576c0 0t0 TCP 192.168.0.104:49439->lpp01m01-in-f108.1e100.net:imaps (ESTABLISHED)
com.avast 402 root 18u IPv4 0xffffff800e935fa0 0t0 TCP localhost.localdomain:imaps->localhost.localdomain:49440 (ESTABLISHED)
com.avast 402 root 19u IPv4 0xffffff800e983de0 0t0 TCP 192.168.0.104:49441->lpp01m01-in-f108.1e100.net:imaps (ESTABLISHED)
com.avast 402 root 20u IPv4 0xffffff800e982160 0t0 TCP localhost.localdomain:imaps->localhost.localdomain:49442 (ESTABLISHED)
com.avast 402 root 21u IPv4 0xffffff800e981320 0t0 TCP 192.168.0.104:49443->lpp01m01-in-f108.1e100.net:imaps (ESTABLISHED)
-
Was the command executed at the time, when the pages do not load? According to your log entries, the webshield was out of file descriptors, but according to this lsof output, the webshield has only a few file descriptors open...
By the way, from the lsof output one can see, that you use the avast! mailshield but do not have SSL disabled in your mail client so the mailshield can not scan your mail traffic (you should get warning popups about this). The correct way is to disable SSL in the mail client and force SSL for that account in the avast! configuration in System Preferences.
-
Thanx for the info about mail shield
I was quite sure I hade activated the web shield before running the command but apparently not..
Here is what I got when I had activated web shield
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
com.avast 402 root cwd DIR 14,2 136 1143714 /private/var/run/avast
com.avast 402 root txt REG 14,2 181592 1143673 /Library/Application Support/Avast/proxy/com.avast.proxy
com.avast 402 root txt REG 14,2 428848 5740 /usr/lib/libssl.0.9.7.dylib
com.avast 402 root txt REG 14,2 2251584 5739 /usr/lib/libcrypto.0.9.7.dylib
com.avast 402 root txt REG 14,2 599232 8877 /usr/lib/dyld
com.avast 402 root txt REG 14,2 293953536 1073842 /private/var/db/dyld/dyld_shared_cache_x86_64
com.avast 402 root 0r CHR 3,2 0t0 304 /dev/null
com.avast 402 root 1w CHR 3,2 0t2430 304 /dev/null
com.avast 402 root 2w CHR 3,2 0t8527 304 /dev/null
com.avast 402 root 3u IPv4 0xffffff80100644e0 0t0 TCP localhost.localdomain:http-alt (LISTEN)
com.avast 402 root 4u IPv6 0xffffff800bf0b240 0t0 TCP localhost:http-alt (LISTEN)
com.avast 402 root 5u IPv4 0xffffff8010793320 0t0 TCP localhost.localdomain:pop3 (LISTEN)
com.avast 402 root 6u IPv6 0xffffff800bf0ae80 0t0 TCP localhost:pop3 (LISTEN)
com.avast 402 root 7u IPv4 0xffffff800e935160 0t0 TCP localhost.localdomain:imap (LISTEN)
com.avast 402 root 8u IPv6 0xffffff800bf0aac0 0t0 TCP localhost:imap (LISTEN)
com.avast 402 root 9u IPv4 0xffffff801077bc00 0t0 TCP localhost.localdomain:pop3s (LISTEN)
com.avast 402 root 10u IPv6 0xffffff800bf0a700 0t0 TCP localhost:pop3s (LISTEN)
com.avast 402 root 11u IPv4 0xffffff80107d46c0 0t0 TCP localhost.localdomain:imaps->localhost.localdomain:50395 (ESTABLISHED)
com.avast 402 root 12u IPv4 0xffffff8010792c00 0t0 TCP 192.168.0.104:50396->lpp01m01-in-f108.1e100.net:imaps (ESTABLISHED)
com.avast 402 root 13u unix 0xffffff800c712388 0t0 ->0xffffff800d2112c0
com.avast 402 root 14u IPv4 0xffffff80107c94e0 0t0 TCP localhost.localdomain:imaps (LISTEN)
com.avast 402 root 15u IPv6 0xffffff800bf09440 0t0 TCP localhost:imaps (LISTEN)
-
The webshield was ON too, when you executed the lsof command the last time, this is visible from the output. But the problem can not be caused by exhausting the file descriptors as I suggested from the system log you pasted, if lsof was executed at the moment when the webshield does not work.
The problem must be somewhere else. Do you have some kind of firewall set up? What does the command
sudo ipfw list
(ipfw list executed as root)
show? And can you post here the whole output of
grep proxy /var/log/system.log
-
About the firewall I have tried with both having the apple firewall enabled and disabled but that did not affect anything
the first command gives me this:
65535 allow ip from any to any
the second this:
see .txt, too many characters to just put it in this post
-
Hmm, the log looks really weird... can you post here the list of loaded kernel extensions?
sudo kextstat
As you have 10.7 Lion, there might be some pf firewall rules, can you post the output from pfctl?
sudo pfctl -s all
And finally, did you try to reboot the machine? If not, please try it and see, if it has not fixed the issue. If not, please attach again the system log entries.
grep proxy /var/log/system.log
-
Dosen't sound good :/
Results as txt files
all results should be what I got when web shield was activated
-
According to the kernel extension list you have also installed the AVG antivirus and its network shield:
121 0 0xffffff7f81b0c000 0x4000 0x4000 com.avg.netshield.kext (1.1) <4 1>
This will not work. Having installed two antiviruses at the same time is always a bad idea as there will most probably be interferences between them (as you could see :) ). If you remove AVG, the webshield should start working correctly.
-
I thought I had completely removed AVG but appearently there where still a lot of files left...
So far this is the only bad thing with Mac, no uninstallation program..
Thank you! now it works as it should :D