Author Topic: WebShield 4.7-491 Vista HP 32Bit Connections  (Read 5838 times)

0 Members and 1 Guest are viewing this topic.

rbeane

  • Guest
WebShield 4.7-491 Vista HP 32Bit Connections
« on: April 10, 2007, 11:03:02 PM »
Should a HTML email message that comes into Outlook 2007 connect through the webshield when it accesses information from the website?  If I open show that message in preview mode under outlook it shows the connection from my IP address to the foreign address when running netstat command.  Also if I look at the webshield last scanned field it doesn't show up.

I also have problems with other programs not going through the webshield.  Rssreader.exe which I mentioned in another thread.  Could there be a problem with the asrdr.sys(I assume this is what controls the automatic proxy webshield)? 

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: WebShield 4.7-491 Vista HP 32Bit Connections
« Reply #1 on: April 10, 2007, 11:14:02 PM »
WebShield scans - by default - only HTTP traffic through port 80.
Do the other two programs fill this requirements? Did you change WebShield settings?
The best things in life are free.

rbeane

  • Guest
Re: WebShield 4.7-491 Vista HP 32Bit Connections
« Reply #2 on: April 10, 2007, 11:17:00 PM »
Yes port 80 and no except 3 urls to exclude under exceptions.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: WebShield 4.7-491 Vista HP 32Bit Connections
« Reply #3 on: April 10, 2007, 11:18:03 PM »
Yes port 80 and no except 3 urls to exclude under exceptions.
But do they use protocol HTTP or use POP/SMTP or other one?
The best things in life are free.

rbeane

  • Guest
Re: WebShield 4.7-491 Vista HP 32Bit Connections
« Reply #4 on: April 10, 2007, 11:20:56 PM »
It is http.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: WebShield 4.7-491 Vista HP 32Bit Connections
« Reply #5 on: April 10, 2007, 11:22:01 PM »
Hmmm...
Maybe you should activate logging in WebShield:
1. Edit <avast>\data\avast4.ini file
2. Find the section [WebScanner]
3. Add the line:
    EnableLogging=1
4. Restart Web Shield in XP (terminate and start again) or whole PC in case of Win98
5. Browse (trying to access some webpages)

The log file are <avast>\data\log\ashwebsv.log and ashwebsv.ws.
They would be accessible when WebShield is terminated again.
Post them here or send by mail to rypacek (at) asw.cz
After that, disable the logging to avoid a big log file.
The best things in life are free.

rbeane

  • Guest
Re: WebShield 4.7-491 Vista HP 32Bit Connections
« Reply #6 on: April 10, 2007, 11:23:46 PM »
I will try that and post back. thanks

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: WebShield 4.7-491 Vista HP 32Bit Connections
« Reply #7 on: April 11, 2007, 12:57:17 AM »
Just a couple of other points.

One (that has already been mentioned I believe) is that scanning of http traffic is by an inclusion list managed by avast.  So only the http connections initiated by processes in the list will be scanned.
You can include extra processes yourself by editing the avast4.ini file. 

I believe that avast should be scanning the http accesses involved in rendering your html messages when they are displayed by Outlook.  However, if you are re-reading a message or reading a message that has a common access with a previous message then those pages are likely to still be in the cache so the http outbound access is avoided and avast will not show it in the "last scanned" entry.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: WebShield 4.7-491 Vista HP 32Bit Connections
« Reply #8 on: April 11, 2007, 01:03:41 AM »
Outlook is not on the "safe browser for webshield" list because of possible HTTP webmail (MSN/Hotmail) connections. MSN uses nonstandard extensions to WebDAV that can somehow confuse WebShield.

If you're not using Outlook to grab email from Hotmail (via the "HTTP" nonstandard interface) you can add Outlook.exe to the list of processes that will be scanned. To do this, add the following line

OptinProcess=Outlook.exe

to the [WebScanner] section of the file <avast>\data\avast4.ini. Then restart the WebShield provider and you should be all set.

Cheers
Vlk
If at first you don't succeed, then skydiving's not for you.

rbeane

  • Guest
Re: WebShield 4.7-491 Vista HP 32Bit Connections
« Reply #9 on: April 11, 2007, 01:04:41 AM »
There was nothing in the log file for the outlook html message with web content in it.  Nor anything from the rssreader software.  I will try the optin for the rssreader.  As for outlook even if the message has been read if there is web content that is retrieved online when the message is viewed it should go through the scanner.  Otherwise, couldn't a message be sent with something malicious retrieved from the web page

rbeane

  • Guest
Re: WebShield 4.7-491 Vista HP 32Bit Connections
« Reply #10 on: April 11, 2007, 01:19:58 AM »
Optin=1
OptinProcess=rssreader.exe, outlook.exe

Is the above correct because it doesn't pick up the outlook web content?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: WebShield 4.7-491 Vista HP 32Bit Connections
« Reply #11 on: April 11, 2007, 02:40:32 AM »
Optin=1
OptinProcess=rssreader.exe, outlook.exe

Is the above correct because it doesn't pick up the outlook web content?
Remove the blank space:
OptinProcess=rssreader.exe,outlook.exe
The best things in life are free.

Online DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: WebShield 4.7-491 Vista HP 32Bit Connections
« Reply #12 on: April 11, 2007, 02:50:44 AM »
I don't think you need the Optin=1 line, though it doesn't seem to have any effect.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: WebShield 4.7-491 Vista HP 32Bit Connections
« Reply #13 on: April 11, 2007, 05:39:59 AM »
Vlk,

I will always bow to your judgement in these matters.

However, I retrieve my email from Hotmail all day every day (as do others I support) using Thunderbird.  Ah, you are about to say, you are using an http screenscraper.   Well, no we are not.  We all have WebDav enabled Hotmail accounts and we are all using the WebDav interface to retrieve and send mail as supported by the Thunderbird Webmail extensions. 

Thunderbird is in your "scan http" list and it works just fine - not a problem since the day you added it to your list.   

 

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: WebShield 4.7-491 Vista HP 32Bit Connections
« Reply #14 on: April 11, 2007, 06:03:17 AM »
David,

been a while since we talked about the Optin process for Webshield.

If you recall its default value is Optin=1 which means that the avast Optin process is to be used and the unknown avast list and any extra user specified inclusions are to be scanned by the Webshield.   The value of Optin=0 means that that the Webshield is simply to scan all http accesses by all processes.