Author Topic: What happens if!  (Read 76792 times)

0 Members and 1 Guest are viewing this topic.

techie101

  • Guest
Re:What happens if!
« Reply #105 on: December 22, 2003, 09:31:14 PM »
Walker,

Firstly....If Sygate logged 5000 open, then the traffic log should indicate which app called up the port.  You can then decide whether to block it under the individual app rules, or block the app internet access alltogether.

Secondly,   I don't think that Avast is running out of resources.  It is normal to see up to 3 Avast entries in the Sygate traffic connection log.  Avast uses these to see an available server first, then uses the other processes to download and install the update if Avast finds an update is needed it by comparing files it "sees" and files that it has already.  I believe Avast uses a time-stamp comparison.

I still believe that we are close to figuring this out.  We seem to always come back to the issue of login and access.

techie

Nice try, but no start this time.
« Last Edit: December 22, 2003, 09:32:40 PM by techie101 »

techie101

  • Guest
Re:What happens if!
« Reply #106 on: December 22, 2003, 10:09:11 PM »
Walker,

On the Port 5000 issue....

Port 5000 is usually reserved for a main application using TDP or UCP transfer.
Thiis might help isolate which app is calling it up.

techie

PS:  Boy, your giving my head a workout!  :D

Walker

  • Guest
Re:What happens if!
« Reply #107 on: December 22, 2003, 10:34:04 PM »
PS:  Boy, your giving my head a workout!  :D

Sorry Techie  :'( I'll be gone for the holidays soon, so you'll have a rest  :)

I closed the port, found a utility on the web to open and close it. Out of interest, it wasn't in the sygate log. But Sygates on-line scanner found it open!

I'm going to bow to your knowledge and forget the Avast/Alwil server communications. However, I did say that there were 3 or calls (either way) without updates . Just seemed to be a lot of action going on at the same time as I could be checking my mail servers. But I'll stay away from this theory at your suggestion  :)

Walker.

techie101

  • Guest
Re:What happens if!
« Reply #108 on: December 23, 2003, 05:15:50 AM »
Quote
Out of interest, it wasn't in the sygate log. But Sygates on-line scanner found it open!
Interesting!

Quote
I did say that there were 3 or calls (either way) without updates
Remember that Avast will seek a server connection to check for updates whenever it starts.  If it does not "see" a server connection, it will periocially check again.  That is why you see the traffic, but I do not fear or worry about any legitimate connection made by Avast.

Quote
But I'll stay away from this theory at your suggestion[/i]  :)
Then I am overjoyed!  ;D

Enjoy your holiday!

techie

techie101

  • Guest
Re:What happens if!
« Reply #109 on: December 23, 2003, 05:27:43 AM »
Walker,

If you really want to give your putter a good check, try these online security scans:

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
https://grc.com/x/ne.dll?bh0bkyd2
http://www.dslreports.com/scan

Now...Read this about Port 5000.  I don't give up (you should know that by now)  :D

Universal Plug and Play - Port 5000
"Universal Plug and Play (UPnP) is an architecture in Microsoft Windows Millennium Edition (Me) that supports peer-to-peer Plug and Play functionality for network devices. The UPnP specification is designed to simplify device and network service installation and management. UPnP accomplishes device and service discovery and control through a driver-less, standards-based protocol mechanisms. Universal Plug and Play devices can auto-configure network addressing, announce their presence on a network subnet, and enable the exchange of descriptions device and service descriptions. A Windows Me computer can act as a UPnP control point to discover and control the devices through a web or application interface."

Note: There are known vunerabilities in UPnP, and it should be disabled unless necessary.

Ok. Ok....  I'm done.  ::)
techie
« Last Edit: December 23, 2003, 05:46:02 AM by techie101 »

Walker

  • Guest
Re:What happens if!
« Reply #110 on: December 24, 2003, 01:02:09 PM »
Thanks for the info Techie.

I had already read a couple of those.. . grc.com being the application I used to shut the port.

I had thought (obviously wrongly) that MS had addressed this particular problem some time ago with a 'critical'. Oh well never listen to MS  8)

Best wishes,
Walker.

Walker

  • Guest
Re:What happens if!
« Reply #111 on: December 24, 2003, 01:07:32 PM »
Send me the file aswMaiSv.log from Avast4\DATA\log folder by mail after you encounter the problem.

Vojtech,

Have had an error that the log has picked up. It will be in your e-mail shortly.

Thanks again,
Walker.

techie101

  • Guest
Re:What happens if!
« Reply #112 on: December 24, 2003, 08:31:17 PM »
Walker,

I reviewed the log and came up with a few trouble spots that may lead us to the final solution.
To conserve room, I send the reply via IM.
If you can do me a favor, do a clip and paste for me (naturally without the logs.

It is looking more to me like a sync problem of sorts.
Authentication fails only when you gather email from all accounts, but not when you do it individually.

I will need to see what Vojtech says before I can hypothesize further.

(I love big words.  :P)

techie

Walker

  • Guest
Re:What happens if!
« Reply #113 on: December 24, 2003, 08:39:48 PM »
If you can do me a favor, do a clip and paste for me (naturally without the logs.

Hi Techie,

I leaning towards something too.. . maybe it's the house moving  :P

Sorry, clip and paste what?.

Walker.

techie101

  • Guest
Re:What happens if!
« Reply #114 on: December 24, 2003, 09:01:38 PM »
Walker,

Your wacky!  Cut and paste the IM I sent you without the logs.

Now, something else I came up with.  The error POP3 0xFFFFFFF indicates a Root system error indicative of maximum users. ?????

You can try this.  Do not collect all your acs at once.  Set up the duplicate account to check....say...only 3 or 4.
See if this makes a difference.

techie

Walker

  • Guest
Re:What happens if!
« Reply #115 on: December 28, 2003, 11:25:05 PM »
Hi Techie,

Sorry for the delay in replying.. . alchohol affected my ability to stand up (or sit)long enough :-[

Walker,

Your wacky!  Cut and paste the IM I sent you without the logs.

I'm not disagreeing with you  8) . OK, I 'cut' the IM, where do you want me to paste it.. . remember this is a family forum  :o

Now, something else I came up with.  The error POP3 0xFFFFFFF indicates a Root system error indicative of maximum users. ?????.

Any more info on that Techie.. which 'root system', Windows?.

You can try this.  Do not collect all your acs at once.  Set up the duplicate account to check....say...only 3 or 4. See if this makes a difference..

Well we 'are' already doing this, ie your previous suggestion of not checking all a/c's, is the way I am going at present AND  :) it doesn't seem to get the error.

Walker.

PS; haven't had any more from Vojtech yet on the 'log' and I don't know if Vlk had any more to say about the 'parallel' theory. .. they're waiting till the hols are over I guess.
« Last Edit: December 28, 2003, 11:28:48 PM by Walker »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:What happens if!
« Reply #116 on: December 29, 2003, 01:11:25 AM »
Walker and Techie: I did not 'give up' of this forum but, now, I feel completely not able to help you. You have gone to far from my knowleadge... I'm impressed but lost in technical terms and troubles. I can only pray for you right now, if you feel this usefull  ;D
The best things in life are free.

Walker

  • Guest
Re:What happens if!
« Reply #117 on: December 29, 2003, 01:55:52 AM »
Walker and Techie: I did not 'give up' of this forum but.. .. ..

Hi Tech,

Not to worry, WE know your thinking of us  :)

Hope your holidays are going well.

Walker

Walker

  • Guest
Re:What happens if!
« Reply #118 on: January 03, 2004, 09:16:26 PM »
Techie,

For info. and re our previous message(s).

As said, things appear to work fine with your suggestion of working one a/c .

Being that it had been some time since the last error, I thought I'd see what happened if I reverted to checking ALL a/c's. Gues what.. first attempt and nada!.. Avast didn't kick in, so my isp returned invalid user/pass.

We have been moving down the path of interaction/communication between the mail client and Avast, so.. I closed Pegasus, shut down the dial-up.. see where I'm going with this  ;) . OK, let's assume the only thing left in memory (relavent to this issue) is Avast y/n?. So I established another dial-up, opened Pegasus and tried again.. same thing.. Avast didn't kick in.

My thinking is (rightly or wrongly ??? what do you think).. Avast is was the only 'contributing' app that was left running and had not been restarted and the problem persisted.

I re-booted the machine and all a/c's where checked normally. Avast obviously gets re-booted at this stage too, so the assumption can be that Avast was the culprit because function returned after Avast was rebooted.

I've sent the 3rd report to Vojtech as he requested. For info., this is what the error bit looks like;..


01/03/04 20:31:10:   POP  accept connection from: 127.0.0.1
01/03/04 20:31:10:   --XXX sleep
01/03/04 20:31:11:   ->FAK  (USER USERNAME.isp)#pop3.terra.es
01/03/04 20:31:11:   Cannot connect to POP server pop3.terra.es:110. Invalid host.
01/03/04 20:31:11:   <-POP  -ERR Server 'pop3.terra.es' unavailable
01/03/04 20:31:11:   --XXX sleep
01/03/04 20:31:11:   --XXX sleep
01/03/04 20:31:11:   --XXX sleep

Same old thing still  :-\

Walker.

techie101

  • Guest
Re:What happens if!
« Reply #119 on: January 03, 2004, 11:21:42 PM »
Quote
My thinking is (rightly or wrongly ??? what do you think).. Avast is was the only 'contributing' app that was left running and had not been restarted and the problem persisted.
I agree fully.  Apparently there is some kind of sync problem between Pegasus and Avast when Pegasus is in the process of compiling a/cs.
At this point, the remedy lies with the Avast team.  WE have done the ground work.  It is now up to them to fix the darn thing!!

As always, your friend,
techie101