Avast is slowing down my internet access.

[Lars-Erik]

But added more than the standard: DLLs, OCXs.

They're scanned as text (binary files) and I don't think this will help that much.

Also CLASS, scripts, web-pages extensions, JS, SWF and other binary types...

If this is a part of WebShield scanning, why do you do that? Let them to WebShield...

1) Are you saying all extra extensions addad to the standard shield is scanned as TXT files only?  Why is the default list full of binary files then?  I have only added some types to the allreday existing list...

2) Probably becuase webshield is quite new. I have used avast! longer.
    AND:  What if a JS, SWF or similar file is copy from somwere else (a CD)
    WebShield only scan port 80 traffic. I can get a SWF or JS file on CD too.
    If you don't have that in the list then, it won't be scanned, right... ?

Do you have a setup for Standard Shield that scans all binary files and possible script files (very tight) but no unneeded files as an example?

BTW:   I'll add my settings (from the Avast4.xml file (or Avast4.mdb)).
           Then you might comment on what is redundat (not necessary):

<STANDARD--ScanFlags>367</STANDARD--ScanFlags>
  <STANDARD--ExecScanFlags>7</STANDARD--ExecScanFlags>
  <STANDARD--BlockFlags>4096</STANDARD--BlockFlags>
  <STANDARD--Flags>4</STANDARD--Flags>
  <STANDARD--Exceptions>*\PAGEFILE.SYS,*\WIN386.SWP,*\SYSTEM.DA?,*\USER.DA?,C:\WINDOWS\TEMP\*.TMP,C:\MSDOS.SYS,C:\WINDOWS\TEMP\_AVAST4_\UNP*</STANDARD--Exceptions>
  <WS--Flags>25</WS--Flags>
  <WS--ExcTypes>APPLICATION/X-RTSP-TUNNELLED;AUDIO/*;IMAGE/GIF;IMAGE/JPEG;IMAGE/PNG;TEXT/CSS;VIDEO/*</WS--ExcTypes>
  <WS--HttpScanParamFlag>1</WS--HttpScanParamFlag>
  <WS--BlockEnable>0</WS--BlockEnable>
  <WS--AutoRedirect>1</WS--AutoRedirect>
  <WS--IgnoreLocalhost>1</WS--IgnoreLocalhost>
  <WS--HttpRedirectPort>80</WS--HttpRedirectPort>
  <STANDARD--ScanExtensions>?,ACE,ARC,ARJ,ASP*,CAB,ECE*,GZ*,LHA,LZH,RAR,TAR,ZIP,ZOO</STANDARD--ScanExtensions>
  <STANDARD--OpenExtensions>?,{*},386,AD?,ASP*,ASX,BAS,BAT,BIN,CH?,CLA*,CMD,COM,CPL,CRT,CSS,DLL,DO?,EML,ECE*,EXE,HLP,HT*,INF,INS,ISP,JS*,MDB,MDE,MHT,MS?,NWS,OCX,OV?,PCD,PDF,PIF,PO?,PP?,PRC,PRF,REG,RTF,SCF,SCR,SCT,SHB,SHS,SWF,SYS,VB?,VSD,VXD,WS?,XL?</STANDARD--OpenExtensions>
  <STANDARD--BlockExtensions>CLA*</STANDARD--BlockExtensions>

Also the packers are set to this streng (all of them, not just WS--):

<WS--ScanPackers>EXE;ZIP;MIME;RAR;ARJ;TAR;GZ;CAB;ARC;ACE;ZOO;BZIP2;WinExec;LHARC;CPIO;RPM;7ZIP;CHM;ISO;TNEF</WS--ScanPackers>

[Atomic_Ed]

Definately something to do with the Avast resident modules but it seems as if the webshield is only part of it.

Maybe a driver is 'conflicting' with WebShield...
Do you use any local proxy? Do you have any other residents running in background?

I was also thinking it might be a driver as well but ai run Avast Pro on my XP x64 system which is a laptop and as such I only have the core hardware drivers needed to run the system. Most of which there are not many options yet. One exception is my ATI Radeon 9600 Mobility graphics chip where ATI offers x64 driver updates frequently. So after all the slowdowns I went ahead and downloaded and installed a newer radeon driver just to see if that would help but it didn't help. I always have 35 processes running after a clean boot and still showing the same 35 processes even now after the slowdowns.

I also thought possibly a spyware or malware issue, but ruled that out by scanning with various anti spyware apps and also the system returns to normal speeds once Avast is disabled.

Not sure what happened with the recent program changes to Avast but apparently my system does not like them at all.

[Lisandro]

1) Are you saying all extra extensions addad to the standard shield is scanned as TXT files only?
 Why is the default list full of binary files then?  I have only added some types to the allreday existing list...

I'm not expert on this... but as further I could read in forums, yes, just scan as binaries (not unpack for instance).

Do you have a setup for Standard Shield that scans all binary files and possible script files (very tight) but no unneeded files as an example?

I never succeed to find a good group of settings for that... I've tried but some time after I've got avast! Pro and (un)fortunatelly I didn't need to dig more here.
Maybe Igor could give us a help...

[Umath]

AND traffic between WebWasher and Internet should never be scanned

If you set port 80 and check 'Ignore local communication', I think you will have what you want: avoid scanning between WebWasher and browser:
Internet > WebShield acting as a proxy at port 8080 for IE > at local communication you will pass the traffic from 8080 to 80 and WebShield will take it.
Maybe I'm wrong  

No I want the opposite: Avoid scanning between WebWasher and the net, and ONLY scanning between WebWaser (after its filter) and the browser.

I had been aware of your intension and the answer has already been in front of you.  I didn't simply cut and paste.

1.Open the file avast4.ini located in C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\DATA in Notepad.

2. Find the section [WebScanner] in this section add the following two lines:
UpstreamProxyHost=localhost
UpstreamProxyPort=8080

3.Restart the Web Shield provider – terminate and then start again

4.Configure your browser to use Web Shield as its proxy (server: localhost, port: 12080).

In this way, you can chain the proxy communications as you wanted.

Browser/Web Shield(12080)/Web Washer(8080)/Internet(80)

However, if you already put Web Washer's process name in [Web Scanner] section, you have to delete it.

Gotta go.

[Lars-Erik]

Do I have to change anything in the WebShild setup dialog as well?
Or should I just leave the "Transparent WebScanning" setting at "80"?

Just worried that it would make it go through WebShield one more like;

  Browser -> WebShield(12080) -> WebWasher(8080) -> "Transparent WebShield"(80) -> Intenet (80)

instead of

  Browser -> WebShield(12080) -> WebWasher(8080) -> Intenet (80)

BTW:  Is there a way to test what programs/proxies Internet access goes through?

[Lars-Erik]

Just noticed something else that is weird (and not good I think) :-(

With my old setting ("Transparent scanning" at "80", IE6 proxy set to WebWasher at 8080),
the WebShield of avast! isn't scanning anything (if I turn on the "Show details" it just show the
start URL, none of the elements on the page are scanned by WebShield at all).

In the setup dialog the number of scanned files is always "1" for each page loaded and the "last
file scanned" is always the main web-page adress (web-page files are scanned anyway when
stored in the cache because I have the ".htm" in the "Standard scanner" file extension list though).

Isn't this a security hole?  If a program acting as a proxy can access the Internet w/o WebShield
hooking on to that request and scanning the traffic?  Why isn't the traffic at port 80 scanned?

If I enter the "UpstreamProxyHost=localhost" and "UpstreamProxyPort=8080" then the web-page
files are scanned (after WebWasher has done the filtering, the ads removed are not scanned, and
that was the point too :-)  But again - scary that WebShield hasn't scanned anything before :-/

[Umath]

Lars-Erik, If you don't have any communication monitoring app e.g. with a personal firewall, for example, it is bit difficult to confirm how the communications are working but I think you were almost there.

As a transparent proxy, Avast! Web Shield scans only HTTP communications of applications in its list by default.  So, you don't need to put Internet Explorer, Firefox or Opera in "OptinProcess=" line in the ini file since they are already in the (hidden) list out of box.  In other words, Web Shield does not scan the communication of Proxomitron or Web Washer, which explains why you found that Web Shield is not scanning any communication through Web Washer.  Furthermore, this assures that you don't need to worry that Web Shield may scan communications between Internet and Web Washer at port 80.  Means, if you set Web Shield as a non-transparent proxy, it should not scan HTTP communications twice but once.

So, just follow the instruction I wrote in my previous post.  As for testing, try to download eicar anti-virus test files in "Download area using the standard protocol http" section at this page.  Forget about "Download area using the secure, SSL enabled protocol https" since WS doesn't provide HTTPS protection.

[Lars-Erik]

Yep. Turned on the "Show detailed info" and testet with some webpages.
And now it only scan the files that are not filtered out by WebWasher!

But what happends to other application trying to access web-pages now?
Will they still be scanned transparent, or will they not be scanned at all?
(in other words, must I add the 12080 proxy to all web-browsers now?)

That would be another security hole (then maybe its better to add WebWasher
to the "application-list" and use the normal transparent WebShield anyway?)

BTW:  The "Standard" scanner is also scanning all the web-pages (the html, js
and other files) as they are read from or written to the cache. Actually they are
scanned here BEFORE they are scanned by WebShield (checked by having the
"Show detailed info" on for both. Seems a bit like double work, but I don't see
how to avoid it (it must scan .js files etc when you open, copy or write too..)

Will the "Standard" scanner actually be enough (since the files are scanned
there first when written to the cache, a virus will be stopped there first)?

[Umath]

Yep. Turned on the "Show detailed info" and testet with some webpages.
And now it only scan the files that are not filtered out by WebWasher!

That's natural as I wrote above.

But what happends to other application trying to access web-pages now?
Will they still be scanned transparent, or will they not be scanned at all?
(in other words, must I add the 12080 proxy to all web-browsers now?)

If you'd like to have Web Shield scan local HTTP communications at port 8080 only once I think you need to follow the instruction I posted.  Edit:  And yes, about other HTTP apps, as long as they are on the (hidden) list, they will be scanned by Web Shield in non-transparent way.  If they are not on the list, you can add them to "OptinProcess=" line in the ini file.  However, normally, you don't need to do this.

(then maybe its better to add WebWasher
to the "application-list" and use the normal transparent WebShield anyway?)

I think it makes thing easier and you can do that by adding the process name of Web Washer "OptinProcess=" line in the ini file but it makes the communication as below.

Browser/Web Washer(8080)/Web Shield (12080)/Internet(80)

Which you don't seem to like since this makes Web Shield scan the communications before Web Washer.  This is why I recommended the other way, means, direct HTTP communications of your browser to port Web Shield(12080) instead of Web Washer(8080).  In fact, why not just give it a try and examine the results with eicar test?

Will the "Standard" scanner actually be enough (since the files are scanned
there first when written to the cache, a virus will be stopped there first)?

At least, DavidR is against it. 

[Lars-Erik]

(then maybe its better to add WebWasher
to the "application-list" and use the normal transparent WebShield anyway?)

I think it makes thing easier and you can do that by adding the process name of Web Washer "OptinProcess=" line in the ini file but it makes the communication as below.

Browser/Web Washer(8080)/Web Shield (12080)/Internet(80)

Which you don't seem to like since this makes Web Shield scan the communications before Web Washer.  This is why I recommended the other way, means, direct HTTP communications of your browser to port 12080 instead of 8080.  In fact, why not just give it a try and examine the results with eicar test?

Since the WebShield doesn't scan all files (not images) it might not be that much difference.
And it might be nice to know if there is any virus in the element WebWasher filters out :-)

BTW:  If WebWasher works OK after using the "OptinProcess=WWASHER.EXE" could it be added as
default? Then people using it doesn't have to "hack" to get WebShield working on their system too.

[Lars-Erik]

Will the "Standard" scanner actually be enough (since the files are scanned
there first when written to the cache, a virus will be stopped there first)?

At least, DavidR is against it. 

Doesn't that imply that you will get TWO virus warnings?

First one from the "Standard" scanner when the browser tries to store the file in the cache.
Then one more when the "WebShield" scans the content of the load webpage.

Or will the WebShield never detect it since it was stopped by the "Standard" scanner?

Is there a way to test that (a link for downloading a test virus :-)

[Umath]

BTW:  If WebWasher works OK after using the "OptinProcess=WWASHER.EXE" could it be added as
default? Then people using it doesn't have to "hack" to get WebShield working on their system too.

I wonder if this is a good idea since once added to the hidden list, users cannot configure it as they like, which is, IMO, not good for local proxy. 

[Lars-Erik]

BTW:  I'm afraid I was a bit tired in this thread I realize now :-)

I doesn't matter were WebShield scans the stream. The commercials filtered
out by WebWasher is never asked for anyway. Beacuse of the order of things:

1) HTML page is loaded from net to WebWasher.
2) WebWashers filters that and send to browser.
2) Browser asks for objects in document (that is ALLREADY filtered).

The browser can't ask for the ads as the links are allready gone :-)

So the normal transparent scanner with the "OptinProcess=WWASHER.EXE"
is the better way to do it then (and much easier to configure as well).

[Umath]

BTW:  I'm afraid I was a bit tired in this thread I realize now :-)

Then, it must be easy for you to guess how I am tired of this by now since we could end this discussion long time ago. (Sigh)

AND traffic between WebWasher and Internet should never be scanned

If you set port 80 and check 'Ignore local communication', I think you will have what you want: avoid scanning between WebWasher and browser:
Internet > WebShield acting as a proxy at port 8080 for IE > at local communication you will pass the traffic from 8080 to 80 and WebShield will take it.
Maybe I'm wrong 

No I want the opposite: Avoid scanning between WebWasher and the net, and ONLY scanning between WebWaser (after its filter) and the browser.

[bascheew]

I'm not using a proxy or software firewall or any other Virus software, so most of this discussion doesn't really address the problem.  Anyone else have any suggestions or ideas?