Helpful ReplyHot!Avast web shield blocking http pages from MLA stack

Author
Chris79
Starting Member
  • Total Posts : 12
  • Reward points : 0
  • Joined: 2013/12/06 03:20:35
  • Location: 0
  • Status: offline
2017/05/10 03:03:37 (permalink)
4 (1)

Avast web shield blocking http pages from MLA stack

Hi everyone,
We have used the MLA stack in thousands of boards successfully but have received customer feedback that Avast web shield blocks the http pages. We have verified this and tried excluding the IP address from the scan, but nothing short of disabling the module allows pages to load correctly, most of the time the page will partially load and stick in the loading state.
Harmony appears to not show the issue and pages load correctly, has anyone else seen this?
#1
am.sh
Senior Member
  • Total Posts : 87
  • Reward points : 0
  • Joined: 2012/08/23 04:33:57
  • Location: 0
  • Status: offline
Re: Avast web shield blocking http pages from MLA stack 2017/05/10 04:36:15 (permalink)
0
Hi,
 
I think there is an update in the crypto libraries that are used in Harmony then the ones used in MLA.
The updated crypto library is probably aware of possible contents that may be considered as malware by Avast antivirus and takes care of the encryption accordingly. 
 
You may try using Harmony crypto library with your MLA HTTPs server.
However I am not sure how much is an effort or not even know if the Harmony cypto could be used with MLA.
 
You may also try to see of there are contents in the HTML pages, while decrypted might be considered as malware. Please check if the basic webpages on MLA works through AVAST shield.
 
Thanks,
 
 
#2
Chris79
Starting Member
  • Total Posts : 12
  • Reward points : 0
  • Joined: 2013/12/06 03:20:35
  • Location: 0
  • Status: offline
Re: Avast web shield blocking http pages from MLA stack 2017/05/10 04:39:41 (permalink)
3 (1)
Thanks for the reply, however the problem is showing up with http pages, it doesn't even need to be https.
#3
am.sh
Senior Member
  • Total Posts : 87
  • Reward points : 0
  • Joined: 2012/08/23 04:33:57
  • Location: 0
  • Status: offline
Re: Avast web shield blocking http pages from MLA stack 2017/05/10 04:41:54 (permalink)
0
Hi,
 
You may try a basic http page and see if the issue still occurs.
If so, then I would probably be looking at the Avast configurations.
 
Thanks,
Amit
#4
GianlucaL
New Member
  • Total Posts : 5
  • Reward points : 0
  • Joined: 2017/06/13 09:30:00
  • Location: 0
  • Status: offline
Re: Avast web shield blocking http pages from MLA stack 2017/06/14 01:21:31 (permalink)
3 (1)
Hi everyone!
I have the exact same problem: here my situation and maybe some clues..
I've made a custom board with pic24fj256gb406 and enc424j600 in spi mode and an spiflash on the same bus.
The software for now is a simple http2 server with only one super simple test page (about 100 byte)

I'm using the last tcpip stack included in mla, and I managed to port the encx424j600 driver from the legacy mla.

All seem to work correctly in PCs with no AV software or on my smartphone, but on my main pc Avast blocks the load of html pages.

I made some tests with wireshark and I noticed that all tcp pachets work fine except for the last two:
my page is tranfered with a single response packet (PHS,FIN,ACK). After that I receive an ACK from the client browser but the consequent FIN packet is missing! So the stack wait for 5 seconds (default wait FIN 2 timeout) and then send a RST packet before close the socket.

Now some very strange facts, just to make the problem more interesting:

0- Of course if I disable the AV, all work fine.

1- since my page is (for now) fixed size html, I added manually a Content-Length attribute on the http header. With this mod, the problem goes away. Unfortunately the pages i plan to upload are more complex and is not possible to compute the length of the http body before processing it..... (maybe we can implement a chucked solution but I think it's not easy as well)

2- this is absurd.... If I add DelayMs(3000); just before HTTPLoadConn(conn); (at the bottom lines of HTTPServer function) all work (of course a bit slow with some retransmission packet etc).... I can't figure out why this happen
#5
GianlucaL
New Member
  • Total Posts : 5
  • Reward points : 0
  • Joined: 2017/06/13 09:30:00
  • Location: 0
  • Status: offline
Re: Avast web shield blocking http pages from MLA stack 2017/06/14 07:08:15 (permalink)
0
Just a quick update:
looking at the point 2 of my previous message, if I use TCPFlush(sktHTTP); in place of DelayMs, it seem to work a bit... Avast allow the connection, but the sack is always slow.... (BTW I run SPIbus at about 1Mhz and PIC at 48MHz)
 
I can't understand how some example on youtube show an extreme fast led update by clicking the buttons on the demo page....
#6
Chris79
Starting Member
  • Total Posts : 12
  • Reward points : 0
  • Joined: 2013/12/06 03:20:35
  • Location: 0
  • Status: offline
Re: Avast web shield blocking http pages from MLA stack 2017/06/15 01:09:45 (permalink)
0
It sounds like this all a consequence of the packet not being complete, delays and extra flushes really are not a pleasant solution.
Can you post where you added the content length for the http header please? That sounds a very likely culprit...
 
The http server is called from the main code body, if you are delaying for other things within your code then it will impact on the speed of processing. I am assuming you have left the javascript at the standard call rate in the webpage build? 
#7
GianlucaL
New Member
  • Total Posts : 5
  • Reward points : 0
  • Joined: 2017/06/13 09:30:00
  • Location: 0
  • Status: offline
Re: Avast web shield blocking http pages from MLA stack 2017/06/15 01:52:09 (permalink)
0
Yes I know this is not a solution but i wonder why avast don't make any harm if I flush packets as described...
now, back to your questions:
1- Yes, I tested with a .bin file containing just an index.html. here the code inside the "page":
<!DOCTYPE html>
<html>
<body>

<h1>My First Heading</h1>

<p>My first paragraph.</p>

</body>
</html>
as simple as possible... So in HttpProcess case SM_HTTP_SERVE_HEADERS i changed this
TCPPutROMString(sktHTTP, (ROM uint8_t *) "Content-Encoding: gzip\r\n");
in
TCPPutROMString(sktHTTP, (ROM uint8_t *) "Content-Encoding: gzip\r\nContent-Length: 98\r\n");
This of course work only for this particular page and is not a solution, but was extremely fast just for doing a test.
With this mod avast let the comunication going on without interfere....
 
2-After this simple test I tried with the demopage from the mla example. Of course I turned off Avast. I haven't made any modification to the js, so the update rate should be 10ms or so (maybe is too fast?) but the led toggling function is very slow to respond and sometimes the page tells the connection was lost
 
3- just to confirm that IMHO the problem is quiet severe you can do this test. I found a webpage (seem from Wirelesslogic Ltd in UK) at this address 193.192.206.185
It is some kind of domotic project based on microchip tcpip stack (v5.25). If you open this page with avast turned on the page start load then after a while the connection is interrupted. Now, if you trust me, try to visit the same page turning off avast and all will work normally.........
#8
NorthGuy
Super Member
  • Total Posts : 4244
  • Reward points : 0
  • Joined: 2014/02/23 14:23:23
  • Location: Northern Canada
  • Status: online
Re: Avast web shield blocking http pages from MLA stack 2017/06/15 06:51:01 (permalink)
4.5 (2)
Have you tried contacting Avast?
#9
GianlucaL
New Member
  • Total Posts : 5
  • Reward points : 0
  • Joined: 2017/06/13 09:30:00
  • Location: 0
  • Status: offline
Re: Avast web shield blocking http pages from MLA stack 2017/06/15 07:06:12 (permalink)
3 (1)
@NorthGuy: No, I haven't... in 2011 a similar problem came up with AVG. The problem seemed to be related with the stack: infact Cuginis pointed out a noncompilance bug in the stack...
Here the link to te forum post http://www.microchip.com/forums/FindPost/687457
I don't think avast will worries about the microchip tcpip stack...
Moreover, why this problem show up only with the stack?
Last but not least, I'm interested in improving the stack if it contains bugs
 
#10
Jim Nickerson
User 452 _
  • Total Posts : 3873
  • Reward points : 0
  • Joined: 2003/11/07 12:35:10
  • Location: San Diego, CA
  • Status: online
Re: Avast web shield blocking http pages from MLA stack 2017/06/15 07:11:00 (permalink)
3 (1)
Maybe there is another Avast update like this one https://forum.avast.com/index.php?topic=199715.0
This seems to have happened before...
#11
Chris79
Starting Member
  • Total Posts : 12
  • Reward points : 0
  • Joined: 2013/12/06 03:20:35
  • Location: 0
  • Status: offline
Re: Avast web shield blocking http pages from MLA stack 2017/06/15 08:12:25 (permalink)
4 (1)
I contacted Avast at the start of May, see response:

Hello,

 
Thank you for contacting Avast, although we wish it were under better circumstances.
 
I discussed this problem with our developers and they're currently working on a fix. Do you want to be notified when the fix will be available?

We are sorry for the inconvenience and I look forward to your response.

Prokop
The Avast Support Team
 
Avast Software s.r.o., Enterprise Office Center, Pikrtova 1737/1A, 140 00 Prague 4, Czech Republic

 
I am not sure how keen they are to fix this though...
Currently I am thinking of padding the response to a known size that can be passed in the header, the problem seems to be with pages that are using dynamic variables.
#12
GianlucaL
New Member
  • Total Posts : 5
  • Reward points : 0
  • Joined: 2017/06/13 09:30:00
  • Location: 0
  • Status: offline
Re: Avast web shield blocking http pages from MLA stack 2017/06/15 09:02:24 (permalink)
4 (1)
Maybe is possible to implement a chunked protocol (I don't know if is going to work)
Instead of declare the content-length is possible to specify Transfer-Encoding: chunked in the http header
Then we can create a chunked version of TCPPutArray in tcp.h. This function simply read his len parameter and perform the same as the original TCPPutArray but adding the length of the chunk in hex value and the CRLF before and after the chunk itself.
So we can use TCPPutArrayChunked in place of TCPPutArray when serving a http body (including dynamic variables etc)
At the end of the body azero length chunk terminate the transfer
 
Please excuse me if I've tell something wrong in this idea.... I'm not an expert in TCP protocol
#13
Chris79
Starting Member
  • Total Posts : 12
  • Reward points : 0
  • Joined: 2013/12/06 03:20:35
  • Location: 0
  • Status: offline
Re: Avast web shield blocking http pages from MLA stack 2017/06/27 05:25:06 (permalink) ☄ Helpfulby GianlucaL 2017/06/27 05:50:25
4.5 (6)
Avast have now corrected the issue in the latest release following our bug report, hats off to them for getting the fix together!
 

Hi Chris,

 
This problem should now be fixed in the latest Avast program update 17.5.
 
You can update your Avast installation in the menu - Settings - Update - Program - Update. Please don't forget to restart your computer once you're asked.
 
Please let me know if you encounter any issues.

Prokop
 
The Avast Support Team







 
I have checked the update and all is now well :-)
 
#14
Jump to:
© 2017 APG vNext Commercial Version 4.5