Author Topic: avast detects wikipedia as virus  (Read 15962 times)

0 Members and 1 Guest are viewing this topic.

Jahn

  • Guest
Re: avast detects wikipedia as virus
« Reply #15 on: December 28, 2008, 11:26:11 AM »
but why when some people go on the page avast don't detect it?

I don't know and as we only have one person saying they don't have an alert we would need to know what browser, OS and set-up they have as any of those things could lead to it not being detected.

I didn't watch the video (dial-up) so I have no idea what Jahn meant when he said he I followed the procedure you used in your video, and Avast doesn't detect anything.

Now why this didn't alert on one or more, is a different issue, but this detection is IMHO correct, why would a .jpg file be hacked in this way. It is still detected in the latest VPS 081227-0
I'm still not getting any detection on this page after a repair of Avast/reboot. I do believe Avast is working properly, though. Avast recently detected JS:XMLParse-A [Expl] during Scanit tests HERE, and later detected the leftover TIF's and SysVolume entries during a Standard demand scan.

My Avast providers are at default values, except I've added a redirected HTTP port (for proxy server) to Web Shield.

I can only guess that another security program is blocking the exploited jpg iframe before Avast sees it. XP SP2, Firefox 3.0.5 with ABP, Dr.Web link checker, Finjan, SiteAdvisor, NoScript, Perspectives and WOT. No detection either in IE7 with flash disabled by Toggle Flash, Finjan, WOT and Dr. Web link checker. I also use SAS Pro (my forever gratitude to CastleCops [R.I.P.] and Nick for my free lifetime licenses), Comodo Internet Security in ProActive Safe Modes (AV module not installed) and a custom Hosts file. I'm betting on CIS, though nothing shows in the firewall or Defense+ logs.

According to the video, mathboyx215 accessed the Wikipedia page via a link in a Google search for hunantv. I was attempting to duplicate the occurence, so that is what I meant when I said I went there in the same manner. Hope this clears some mud out, and sorry I couldn't get back here sooner. :)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89421
  • No support PMs thanks
Re: avast detects wikipedia as virus
« Reply #16 on: December 28, 2008, 03:57:43 PM »
I don't know why you needed to add to the redirect port (what application ?), but I believe that you would also need to uncheck the Ignore Local Communication, or whatever is coming through the other redirect port might not be being scanned.

You could check the avast web shield detailed view and see if your web traffic is actually being scanned. Or if none or only partially scanned as I haven't a clue what your other proxy is doing.

You could also uncheck the option ignore local communication (see image) and try the above link again and see what happens.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Jahn

  • Guest
Re: avast detects wikipedia as virus
« Reply #17 on: December 29, 2008, 03:41:44 AM »
I don't know why you needed to add to the redirect port (what application ?), but I believe that you would also need to uncheck the Ignore Local Communication, or whatever is coming through the other redirect port might not be being scanned.

You could check the avast web shield detailed view and see if your web traffic is actually being scanned. Or if none or only partially scanned as I haven't a clue what your other proxy is doing.

You could also uncheck the option ignore local communication (see image) and try the above link again and see what happens.
Hi David, I have to add the port to Web Shield to enable Avast to scan Proxyconn traffic on port 6198. I have just verified that Avast is indeed scanning both ports 80 and 6198. I bumped Web Shield sensitivity up to High and went to the Wikipedia page - nothing. But if I run all browser tests at Scanit, or try to open a zipped file with eicar in it Avast will alert. Avast seems to be working. Checking or unchecking Ignore local communication doesn't seem to make any difference.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89421
  • No support PMs thanks
Re: avast detects wikipedia as virus
« Reply #18 on: December 29, 2008, 03:51:51 PM »
All I think that is happening is the traffic is passing through the web shield and because it is effectively local traffic, it isn't being scanned. So why it isn't being detected when you uncheck the Ignore local communication is beyond me, but using additional port redirects you should uncheck that option.

Well I haven't got a clue what Proxyconn does or how it goes about its task, so I don't know what might go through its proxy port.
« Last Edit: December 29, 2008, 03:55:10 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89421
  • No support PMs thanks
Re: avast detects wikipedia as virus
« Reply #19 on: December 29, 2008, 04:13:55 PM »
After a little googling, I now know a little more about proxyconn that I did earlier and now possible a little more than you in one regard :P

The probably reason nothing is found, proxyconn is supposed to detect and block viruses, see image.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Jahn

  • Guest
Re: avast detects wikipedia as virus
« Reply #20 on: December 30, 2008, 03:50:34 AM »
After a little googling, I now know a little more about proxyconn that I did earlier and now possible a little more than you in one regard :P

The probably reason nothing is found, proxyconn is supposed to detect and block viruses, see image.
Thanks David, what you found through Google is Proxyconn's hard-sell product. I only use the accelerator, not their security suite. But it got me thinking about what security software they may have on their servers. I disabled Proxyconn and removed port 6198 from Web Shield. I went back to the Wikipedia page which did show as being scanned now on port 80, still no detection. I will leave Ignore local communication unchecked.

I don't know. I have turned off/disabled every security software I can think of; ran Firefox and IE in safe modes. Avast just isn't seeing it, yet does see other malware. Since a repair of Avast didn't help I will try a fresh download/install later tonight.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89421
  • No support PMs thanks
Re: avast detects wikipedia as virus
« Reply #21 on: December 30, 2008, 02:48:03 PM »
Well I still get the alert, so I don't know what is going on in your system.

If you aren't going to use proxyconn (It didn't come out as making a significant difference in browsing according to comparative reviews, can't recall which) and you remove the proxy port redirect, then you should leave the ignore local communication enabled.

Only when addition ports are added to the web shield redirect should the ignore local communication be disabled.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Jahn

  • Guest
Re: avast detects wikipedia as virus
« Reply #22 on: December 31, 2008, 03:37:19 AM »
Success! Well, eventually... After a complete Avast uninstall including aswclear, a fresh install and VPS updates, Avast still didn't detect anything on the Wiki page and showed no last scanned activity in Web Shield. But after I added port 6198 to Web Shield and returned to the Wiki page, Avast alerted me to the jpg issue and I selected Abort the connection. I then deselected Ignore local communication since you say I should.

At this point my best guess is Avast became corrupted maybe through a VPS update. It's been more than a year since I installed the whole program.

I couldn't survive the net without Proxyconn which boosts my surfing speed from 40KB/s to 100KB/s according to CNET's bandwidth meter. It does nothing for download speeds, however. When I tried the local DSL it kept disconnecting me every few hours. The techs were out here weekly swapping modems and filters. Nothing helped so I finally told them to take it out.

I think I'm in good shape now, a thorough and boot scan with archives revealed no problems. Thanks again for your help, David. And thanks to mathboyx215 for starting this thread or I wouldn't have known there was a problem.

Offline mathboyx215

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 449
Re: avast detects wikipedia as virus
« Reply #23 on: December 31, 2008, 07:16:49 AM »
i'm glad that i helped you through my thread ;D
It is not possible to divide anything by zero

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89421
  • No support PMs thanks
Re: avast detects wikipedia as virus
« Reply #24 on: December 31, 2008, 03:10:08 PM »
You're welcome.

Getting other proxies to work in co-operation with the web shield proxy can take a little tweaking, though what you did previously should have resolved it as it was after all picking up the eicar test file. If the VPS was actually corrupt the avast integrity checking should have (I believe) picked up on that.

The main thing is that everything is now working as it should.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

zone12

  • Guest
Re: avast detects wikipedia as virus
« Reply #25 on: January 02, 2009, 11:29:18 PM »
It  isnt a virus if you still get this come back and post what does the thing say about the page.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89421
  • No support PMs thanks
Re: avast detects wikipedia as virus
« Reply #26 on: January 03, 2009, 12:40:45 AM »
I think you should read this topic again, this is most certainly not an FP, see the code in the .jpg that is causing the alert in my post, http://forum.avast.com/index.php?topic=41300.msg346726#msg346726.

Now that, no matter how you try to paint it shouldn't be in a .jpg file, so it has been modified.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security