Author Topic: avast seems to block websockets !!!  (Read 26794 times)

0 Members and 1 Guest are viewing this topic.

Offline BJ_GeOrgE

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 350
  • prevention is better than cure
Re: avast seems to block websockets !!!
« Reply #15 on: December 28, 2010, 02:17:35 PM »
I tried to exclude some URL's (the webpage URL, the WS server's URL with ws:// prefix and the same one with http prefix) and the problem persists.
The report file is empty, there are only start/stop logs.
Repair done, same problem.

@Nesivos thx for the links but I'm already aware about this situation. I enabled WS in firefox and chrome by disabling the default security setting etc, the problem is not there. Moreover when I disable avast web shield it works, so it's not a browser's configuration problem.
disabling avast web shield is really dangerous because its your first line of defense..as for the urls exlusion you have to add the urls like this..if that doesnt work either let me know..

I'm already over-documented about this.

The point is that it works perfectly without the web shield. There's not malicious code, it is just an echo response...
The problem is the same with other examples of WS.

The point is that Websockets at this point are a security risk.

Disable WS at your own risk.

Good luck :)




i agree with nesivos on this one..WS are considered a security risk and thats the reason web shield is blocking them..thats why i suggest the exclusion list which should work if you added the urls like the image above ;)
« Last Edit: December 28, 2010, 02:25:00 PM by BJ_GeOrgE »
OS:Windows 7 Professional 64-bit SP1
Antivirus: Avast Free v8.0.1497/Firewall: Windows Firewall/On Demand: Malwarebytes Free Edition/Other tools: CCleaner

Offline ClementN

  • Newbie
  • *
  • Posts: 13
Re: avast seems to block websockets !!!
« Reply #16 on: December 30, 2010, 04:53:46 PM »
I disabled 3 URL's as previously explained. But the websockets don't work either.

I know that this technology can be a security breach, but in this case I would like avast to show me a message, a notification explaining me that it has blocked something. I don't get any message in the logs.

Offline jan.carlin

  • Newbie
  • *
  • Posts: 4
Re: avast seems to block websockets !!!
« Reply #17 on: December 31, 2010, 12:50:10 AM »
Hi everyone,

I'm having problems to get websockets (new technology coming with HTML5) working.
In Google Chrome I tried to use : http://websocket.org/echo.html but I'm unable to connect. But as soon as I disable the web agent from avast there is no problem anymore !
No warnings are emitted and no events are logged...

Maybe avast thinks it's not a "normal" HTTP communication (websocket is using the port 80 but not the HTTP protocol)

EDIT1 : more information, my avast is up to date (27 december 2010)
avast free edition, language FR, version 5.0.677
engine and VPS : version 101226-2

EDIT2 : I've found only 1 link about this topic, in japanese : http://bl.oov.ch/2010/12/avast-web-websocket.html
Hi,
I am Jan Carlin. I work for Kaazing as the support director. I've been following this discussion and have a question: does our demo page kaazing.me work when using avast in the way described here? If it works, you should see the New York Times news feed and the Twitter feed and other demos running. I suspect that it will work. Could you please test ClementN?

Jan Carlin, Kaazing Support

Offline ClementN

  • Newbie
  • *
  • Posts: 13
Re: avast seems to block websockets !!!
« Reply #18 on: December 31, 2010, 12:55:55 AM »
Hi,

I know this page ;)

Webshield enabled : doesn't work.
Webshield disabled : works well.

Offline BJ_GeOrgE

  • Avast Evangelist
  • Sr. Member
  • ***
  • Posts: 350
  • prevention is better than cure
Re: avast seems to block websockets !!!
« Reply #19 on: December 31, 2010, 02:05:20 PM »
kaazing.me works fine with me with webshield on :S
OS:Windows 7 Professional 64-bit SP1
Antivirus: Avast Free v8.0.1497/Firewall: Windows Firewall/On Demand: Malwarebytes Free Edition/Other tools: CCleaner

Offline ClementN

  • Newbie
  • *
  • Posts: 13
Re: avast seems to block websockets !!!
« Reply #20 on: December 31, 2010, 02:38:22 PM »
More info : I don't have a firewall (except windows xp's one).

Offline jan.carlin

  • Newbie
  • *
  • Posts: 4
Re: avast seems to block websockets !!!
« Reply #21 on: January 04, 2011, 11:46:13 PM »
Hi,

I know this page ;)

Webshield enabled : doesn't work.
Webshield disabled : works well.
Clement,
Could I ask two questions:
--What browser are you using when you access kaazing.me?
--Would it be possible to ask for a Wireshark trace of this test? This would make it possible for us to determine what is going on. Let me know if you need help with the Wiresharking.

--Jan Carlin

Offline ClementN

  • Newbie
  • *
  • Posts: 13
Re: avast seems to block websockets !!!
« Reply #22 on: January 05, 2011, 12:00:23 AM »
I'm using FF 4.0 bĂȘta 8.


Important news : when acquiring wireshark trace I left kaazing hanging, trying to establish a socket... And it worked with avast web shield enabled !

Web shield seems to delay (not block) (about 20sec) the connection...

Sorry but after a few sec I thought it wouldn't work, even after more time... This behaviour is less buggy but not perfect yet.

EDIT : do you still want the trace ? (I know how to use wireshark)
« Last Edit: January 05, 2011, 12:02:07 AM by ClementN »

Offline jan.carlin

  • Newbie
  • *
  • Posts: 4
Re: avast seems to block websockets !!!
« Reply #23 on: January 05, 2011, 09:16:32 PM »
I'm using FF 4.0 bĂȘta 8.


Important news : when acquiring wireshark trace I left kaazing hanging, trying to establish a socket... And it worked with avast web shield enabled !

Web shield seems to delay (not block) (about 20sec) the connection...

Sorry but after a few sec I thought it wouldn't work, even after more time... This behaviour is less buggy but not perfect yet.

EDIT : do you still want the trace ? (I know how to use wireshark)

Clement
Could you please send me the Wireshark trace. I should be able to, at a minimum, tell you more about what is going on.
--Jan Carlin

Offline ClementN

  • Newbie
  • *
  • Posts: 13
Re: avast seems to block websockets !!!
« Reply #24 on: January 05, 2011, 09:42:59 PM »
http://fex.insa-lyon.fr/get?k=rqdDyjZPEabOFdQM8HV

First try : without web shield : works well.
Second try (there is a few blank seconds between the two) : with web shield. It worked with a 20 seconds delay (between the page loading and the first dynamic data coming).

Offline Charyb

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2286
Re: avast seems to block websockets !!!
« Reply #25 on: January 05, 2011, 10:13:39 PM »
This may be a shot in the dark, but could you try adding port 443 into the avast redirect settings to see if this may help? Open the avast gui, click settings, and go down to troubleshooting. I know you have tried the advanced settings in avast but I'm not sure which ones. Maybe try 8080. Another shot in the dark!
« Last Edit: January 05, 2011, 10:36:09 PM by Charyb »

Offline jan.carlin

  • Newbie
  • *
  • Posts: 4
Re: avast seems to block websockets !!!
« Reply #26 on: January 06, 2011, 01:29:43 AM »
http://fex.insa-lyon.fr/get?k=rqdDyjZPEabOFdQM8HV

First try : without web shield : works well.
Second try (there is a few blank seconds between the two) : with web shield. It worked with a 20 seconds delay (between the page loading and the first dynamic data coming).
Clement
Looking at the pcap you supplied I see a 20 second delay (exactly in fact) between a failed native (FF 4 supports native WS if you turn it on) connect attempt (#1802) and our fallback emulation implementation (#1902). See #722 for a successful connection.

The reason that 1802 fails is that the 8 bytes the client ends the request with are not there. Sending the 8 bytes is done to be compliant to the spec, see http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76#section-4.1 point 26. Without these 8 bytes the Kaazing Server will not respond, which again is according to spec. Since this does not happen when web-shield is turned off, the cause of this appears to be that the web-shield blocks them.
The emulation succeeds, after the delay, because it uses a different protocol, which avast doesn't appear to interfere with. The delay seems to be introduced by the browser.

I will bring this issue up with avast

--Jan Carlin
Kaazing Global Support

Offline ClementN

  • Newbie
  • *
  • Posts: 13
Re: avast seems to block websockets !!!
« Reply #27 on: January 06, 2011, 11:27:58 PM »
@Charyb I added 443 and 8080 to the "http ports" in troubleshooting. Same problem :(

@Jan Carlin thx for the explanations. Let me know if you have more informations

Offline Charyb

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2286
Re: avast seems to block websockets !!!
« Reply #28 on: January 06, 2011, 11:34:04 PM »
Sorry about that. It was I shot in the dark. I was wondering if websockets used a different port other than 80 and found 443.

There is an Avast pre-release update 5.1.874 if you would like to try it out. http://forum.avast.com/index.php?topic=68927.0
I have no clue if anything included in the update would help this or not.

jan.carlin has a good idea of what is going on though.
« Last Edit: January 06, 2011, 11:49:18 PM by Charyb »

Offline ClementN

  • Newbie
  • *
  • Posts: 13
Re: avast seems to block websockets !!!
« Reply #29 on: January 09, 2011, 09:26:41 PM »
I have installed the new beta avast as you proposed. Same problem...