Author Topic: Mac Beta Web Shield problem  (Read 8637 times)

0 Members and 1 Guest are viewing this topic.

tkamppin

  • Guest
Mac Beta Web Shield problem
« on: November 28, 2011, 10:04:30 PM »
Hey,

When I've activated the "web shield" I can't go to any normal web sites. Secure(https) websites do work but no other ones. And as soon as I deactivate the "web shield" everything works as it should...

Application version: 1.0(35600b)
VPS version: 111128-2
OSX version: 10.7.2

Safari just gives me a blank page and Chrome gives me this error code: Error 324 (net::ERR_EMPTY_RESPONSE): The server closed the connection without sending any data.


« Last Edit: November 28, 2011, 10:26:30 PM by tkamppin »

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: Mac Beta Web Shield problem
« Reply #1 on: November 29, 2011, 10:40:12 AM »
Please post here the system log file (/var/log/system.log) so we can analyze it.

tkamppin

  • Guest
Re: Mac Beta Web Shield problem
« Reply #2 on: November 29, 2011, 12:08:53 PM »
This is what I got when I opened avast settings(the "no such file...") and what I got after activating web shield:

Nov 29 13:02:25 dyn-218-048 [0x0-0x3f03f].com.apple.systempreferences[677]: Error opening configuration file: No such file or directory
Nov 29 13:02:43 dyn-218-048 authexec[691]: executing /bin/mv
Nov 29 13:02:43 dyn-218-048 authexec[692]: executing /bin/kill
Nov 29 13:02:43 dyn-218-048 proxy[65]: SIGHUP received. Restarting.
Nov 29 13:02:43 dyn-218-048 [0x0-0x3f03f].com.apple.systempreferences[677]: System Preferences(677,0x110404000) malloc: *** auto malloc[677]: error: GC operation on unregistered thread. Thread registered implicitly. Break on auto_zone_thread_registration_error() to debug.

This is what I get when I'm trying to open a website when web shield is active:

Nov 29 13:11:52 dyn-218-048 proxy[65]: Error creating connection socket: socket(): Too many open files
Nov 29 13:12:22: --- last message repeated 4 times ---

And this is what I get when I'm deactivating web shield:

Nov 29 13:12:50 dyn-218-048 authexec[774]: executing /bin/mv
Nov 29 13:12:51 dyn-218-048 authexec[775]: executing /bin/kill
Nov 29 13:12:51 dyn-218-048 proxy[65]: SIGHUP received. Restarting.

I hope it was this info you where looking for.. I'm new to mac so I'm not completely sure what info you want
if you want some other specific info just ask :)
« Last Edit: November 29, 2011, 12:15:04 PM by tkamppin »

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: Mac Beta Web Shield problem
« Reply #3 on: November 30, 2011, 10:28:50 AM »
Please run the following command (it lists the webshield's file descriptors) as root when the webshield is ON and the pages do not load and post here the output:

Code: [Select]
lsof -p `cat /var/run/avast/proxy.pid`

tkamppin

  • Guest
Re: Mac Beta Web Shield problem
« Reply #4 on: November 30, 2011, 05:34:12 PM »
I copied and pasted the code into the terminal and pressed enter resulting in nothing. Repeat, Nothing happened...

Should I have run another command first or?

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: Mac Beta Web Shield problem
« Reply #5 on: November 30, 2011, 05:51:42 PM »
As already said, You have to bee root before executing the command.

To do so, You either must enable the root account (http://support.apple.com/kb/ht1528) and use su to became root, or (if you are a user with administration rights) you can use sudo to run just the one command:

Code: [Select]
sudo lsof -p `cat /var/run/avast/proxy.pid`

tkamppin

  • Guest
Re: Mac Beta Web Shield problem
« Reply #6 on: November 30, 2011, 07:02:10 PM »
thanx for the info...

this is what I got:

COMMAND   PID USER   FD   TYPE             DEVICE  SIZE/OFF    NODE NAME
com.avast 402 root  cwd    DIR               14,2       136 1143714 /private/var/run/avast
com.avast 402 root  txt    REG               14,2    181592 1143673 /Library/Application Support/Avast/proxy/com.avast.proxy
com.avast 402 root  txt    REG               14,2    428848    5740 /usr/lib/libssl.0.9.7.dylib
com.avast 402 root  txt    REG               14,2   2251584    5739 /usr/lib/libcrypto.0.9.7.dylib
com.avast 402 root  txt    REG               14,2    599232    8877 /usr/lib/dyld
com.avast 402 root  txt    REG               14,2 293953536 1073842 /private/var/db/dyld/dyld_shared_cache_x86_64
com.avast 402 root    0r   CHR                3,2       0t0     304 /dev/null
com.avast 402 root    1w   CHR                3,2    0t1170     304 /dev/null
com.avast 402 root    2w   CHR                3,2    0t3789     304 /dev/null
com.avast 402 root    3u  IPv4 0xffffff800e82f4e0       0t0     TCP localhost.localdomain:http-alt (LISTEN)
com.avast 402 root    4u  IPv6 0xffffff800bf0a340       0t0     TCP localhost:http-alt (LISTEN)
com.avast 402 root    5u  IPv4 0xffffff800e9544e0       0t0     TCP localhost.localdomain:pop3 (LISTEN)
com.avast 402 root    6u  IPv6 0xffffff800bf09f80       0t0     TCP localhost:pop3 (LISTEN)
com.avast 402 root    7u  IPv4 0xffffff800e8c54e0       0t0     TCP localhost.localdomain:imap (LISTEN)
com.avast 402 root    8u  IPv6 0xffffff800bf09bc0       0t0     TCP localhost:imap (LISTEN)
com.avast 402 root    9u  IPv4 0xffffff800bf0ffa0       0t0     TCP localhost.localdomain:pop3s (LISTEN)
com.avast 402 root   10u  IPv6 0xffffff800bf09800       0t0     TCP localhost:pop3s (LISTEN)
com.avast 402 root   11u  IPv4 0xffffff800e831160       0t0     TCP localhost.localdomain:imaps (LISTEN)
com.avast 402 root   12u  IPv6 0xffffff800bf09440       0t0     TCP localhost:imaps (LISTEN)
com.avast 402 root   13u  unix 0xffffff800c712388       0t0         ->0xffffff800d39c898
com.avast 402 root   14u  IPv4 0xffffff800f8ee320       0t0     TCP localhost.localdomain:imaps->localhost.localdomain:49436 (ESTABLISHED)
com.avast 402 root   15u  IPv4 0xffffff800e980c00       0t0     TCP 192.168.0.104:49437->lpp01m01-in-f108.1e100.net:imaps (ESTABLISHED)
com.avast 402 root   16u  IPv4 0xffffff800f8ed4e0       0t0     TCP localhost.localdomain:imaps->localhost.localdomain:49438 (ESTABLISHED)
com.avast 402 root   17u  IPv4 0xffffff800e9576c0       0t0     TCP 192.168.0.104:49439->lpp01m01-in-f108.1e100.net:imaps (ESTABLISHED)
com.avast 402 root   18u  IPv4 0xffffff800e935fa0       0t0     TCP localhost.localdomain:imaps->localhost.localdomain:49440 (ESTABLISHED)
com.avast 402 root   19u  IPv4 0xffffff800e983de0       0t0     TCP 192.168.0.104:49441->lpp01m01-in-f108.1e100.net:imaps (ESTABLISHED)
com.avast 402 root   20u  IPv4 0xffffff800e982160       0t0     TCP localhost.localdomain:imaps->localhost.localdomain:49442 (ESTABLISHED)
com.avast 402 root   21u  IPv4 0xffffff800e981320       0t0     TCP 192.168.0.104:49443->lpp01m01-in-f108.1e100.net:imaps (ESTABLISHED)

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: Mac Beta Web Shield problem
« Reply #7 on: December 01, 2011, 02:13:07 PM »
Was the command executed at the time, when the pages do not load? According to your log entries, the webshield was out of file descriptors, but according to this lsof output, the webshield has only a few file descriptors open...

By the way, from the lsof output one can see, that you use the avast! mailshield but do not have SSL disabled in your mail client so the mailshield can not scan your mail traffic (you should get warning popups about this). The correct way is to disable SSL in the mail client and force SSL for that account in the avast! configuration in System Preferences.

tkamppin

  • Guest
Re: Mac Beta Web Shield problem
« Reply #8 on: December 01, 2011, 02:46:59 PM »
Thanx for the info about mail shield

I was quite sure I hade activated the web shield before running the command but apparently not..
Here is what I got when I had activated web shield

COMMAND   PID USER   FD   TYPE             DEVICE  SIZE/OFF    NODE NAME
com.avast 402 root  cwd    DIR               14,2       136 1143714 /private/var/run/avast
com.avast 402 root  txt    REG               14,2    181592 1143673 /Library/Application Support/Avast/proxy/com.avast.proxy
com.avast 402 root  txt    REG               14,2    428848    5740 /usr/lib/libssl.0.9.7.dylib
com.avast 402 root  txt    REG               14,2   2251584    5739 /usr/lib/libcrypto.0.9.7.dylib
com.avast 402 root  txt    REG               14,2    599232    8877 /usr/lib/dyld
com.avast 402 root  txt    REG               14,2 293953536 1073842 /private/var/db/dyld/dyld_shared_cache_x86_64
com.avast 402 root    0r   CHR                3,2       0t0     304 /dev/null
com.avast 402 root    1w   CHR                3,2    0t2430     304 /dev/null
com.avast 402 root    2w   CHR                3,2    0t8527     304 /dev/null
com.avast 402 root    3u  IPv4 0xffffff80100644e0       0t0     TCP localhost.localdomain:http-alt (LISTEN)
com.avast 402 root    4u  IPv6 0xffffff800bf0b240       0t0     TCP localhost:http-alt (LISTEN)
com.avast 402 root    5u  IPv4 0xffffff8010793320       0t0     TCP localhost.localdomain:pop3 (LISTEN)
com.avast 402 root    6u  IPv6 0xffffff800bf0ae80       0t0     TCP localhost:pop3 (LISTEN)
com.avast 402 root    7u  IPv4 0xffffff800e935160       0t0     TCP localhost.localdomain:imap (LISTEN)
com.avast 402 root    8u  IPv6 0xffffff800bf0aac0       0t0     TCP localhost:imap (LISTEN)
com.avast 402 root    9u  IPv4 0xffffff801077bc00       0t0     TCP localhost.localdomain:pop3s (LISTEN)
com.avast 402 root   10u  IPv6 0xffffff800bf0a700       0t0     TCP localhost:pop3s (LISTEN)
com.avast 402 root   11u  IPv4 0xffffff80107d46c0       0t0     TCP localhost.localdomain:imaps->localhost.localdomain:50395 (ESTABLISHED)
com.avast 402 root   12u  IPv4 0xffffff8010792c00       0t0     TCP 192.168.0.104:50396->lpp01m01-in-f108.1e100.net:imaps (ESTABLISHED)
com.avast 402 root   13u  unix 0xffffff800c712388       0t0         ->0xffffff800d2112c0
com.avast 402 root   14u  IPv4 0xffffff80107c94e0       0t0     TCP localhost.localdomain:imaps (LISTEN)
com.avast 402 root   15u  IPv6 0xffffff800bf09440       0t0     TCP localhost:imaps (LISTEN)

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: Mac Beta Web Shield problem
« Reply #9 on: December 01, 2011, 03:33:22 PM »
The webshield was ON too, when you executed the lsof command the last time, this is visible from the output. But the problem can not be caused by exhausting the file descriptors as I suggested from the system log you pasted, if lsof was executed at the moment when the webshield does not work.

The problem must be somewhere else. Do you have some kind of firewall set up? What does the command
Code: [Select]
sudo ipfw list (ipfw list executed as root)
show? And can you post here the whole output of

Code: [Select]
grep proxy /var/log/system.log

tkamppin

  • Guest
Re: Mac Beta Web Shield problem
« Reply #10 on: December 01, 2011, 04:02:04 PM »
About the firewall I have tried with both having the apple firewall enabled and disabled but that did not affect anything

the first command gives me this:

65535 allow ip from any to any

the second this:

see .txt, too many characters to just put it in this post
« Last Edit: December 01, 2011, 04:07:18 PM by tkamppin »

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: Mac Beta Web Shield problem
« Reply #11 on: December 01, 2011, 04:57:33 PM »
Hmm, the log looks really weird... can you post here the list of loaded kernel extensions?
Code: [Select]
sudo kextstat
As you have 10.7 Lion, there might be some pf firewall rules, can you post the output from pfctl?
Code: [Select]
sudo pfctl -s all
And finally, did you try to reboot the machine? If not, please try it and see, if it has not fixed the issue. If not, please attach again the system log entries.

Code: [Select]
grep proxy /var/log/system.log

tkamppin

  • Guest
Re: Mac Beta Web Shield problem
« Reply #12 on: December 01, 2011, 06:08:18 PM »
Dosen't sound good :/

Results as txt files

all results should be what I got when web shield was activated

Offline tumic

  • Avast team
  • Advanced Poster
  • *
  • Posts: 723
Re: Mac Beta Web Shield problem
« Reply #13 on: December 02, 2011, 11:54:56 AM »
According to the kernel extension list you have also installed the AVG antivirus and its network shield:

Code: [Select]
  121    0 0xffffff7f81b0c000 0x4000     0x4000     com.avg.netshield.kext (1.1) <4 1>
This will not work. Having installed two antiviruses at the same time is always a bad idea as there will most probably be interferences between them (as you could see :) ). If you remove AVG, the webshield should start working correctly.

tkamppin

  • Guest
Re: Mac Beta Web Shield problem
« Reply #14 on: December 02, 2011, 12:18:50 PM »

I thought I had completely removed AVG but appearently there where still a lot of files left...

So far this is the only bad thing with Mac, no uninstallation program..

Thank you! now it works as it should :D