Avast 2015 with external Squid / IP tables proxy

Dear all,

In my network (for security) I run a small proxy server with Squid, and also I use IP tables to redirect all traffic trough Squid.

I recently installed Avast Free Antivirus 2015.
Now I completely whitelisted avast.com with all subdomains. (No proxy autentication needed, passtrough)

Avast perfectly gets his AV signature updates.

However, when I chick the register (Dutch: Registreren) buttun, I get some error that I have no internet access (Dutch: De online-inhoud is niet beschikbaar. Controlleer uw internetverbinding en probeer het opnieuw.)
I looked in my Squid logging, and I can see NO traffic related to this. Even having verbose Squid logging, I see, between me clicking the register button, and getting 10 seconds later the error message, I get no logging at all in my squid logging.

Is it possible to inform me what kind of connectivity Avast needs for this to work?

Note: I get the same issue / error when I try to manage my browser addons from Avast.
Also, when I try to login to avast. I get an error.

I already tried to configure my proxy server in Avast’s config. But this also does not help.

Greetings,
Samuel

Also, when I try to login to avast. I get an error.
What is the exact error ? What OS/SP ? What exact version of avast ? What other security (related) software is installed ? (or what was)

I attached the exact error.
I run Windows 7 / SP1 / Fully patched.
It is Avast Free 2015.10.2.2218
For the rest, there is Microsoft Securtiy essentials installed, but not activated, and nothing else installed / was ever installed.

However, Note again, I run an extreme restricted external Squid proxy server.
So I need to make in the proxy server changes. But I don’t know what.
And that is what I want to know.

You may be better off getting you help in the following section of the forum:
https://forum.avast.com/index.php?board=31.0

Well, my question is simply, “what tries Avast to do on the web when I click the register button.”.
And in my opinion, avast developers/… can best assist with this question, and I think they will be better able to read English then Dutch.

Oh, this is maybe relevant squid logging:

When opening Avast:
1433602810.009 1 192.168.7.100 NONE/400 4033 NONE error:invalid-request - NONE/- text/html [HTTP/1.0 400 Bad Request\r\nServer: squid/3.1.20\r\nMime-Version: 1.0\r\nDate: Sat, 06 Jun 2015 15:00:10 GMT\r\nContent-Type: text/html\r\nContent-Length: 3675\r\nX-Squid-Error: ERR_INVALID_REQ 0\r\nVary: Accept-Language\r\nContent-Language: en\r\n\r]
1433602810.011 0 192.168.7.100 NONE/400 4033 NONE error:invalid-request - NONE/- text/html [HTTP/1.0 400 Bad Request\r\nServer: squid/3.1.20\r\nMime-Version: 1.0\r\nDate: Sat, 06 Jun 2015 15:00:10 GMT\r\nContent-Type: text/html\r\nContent-Length: 3675\r\nX-Squid-Error: ERR_INVALID_REQ 0\r\nVary: Accept-Language\r\nContent-Language: en\r\n\r]
1433602810.035 1 192.168.7.100 NONE/400 4033 NONE error:invalid-request - NONE/- text/html [HTTP/1.0 400 Bad Request\r\nServer: squid/3.1.20\r\nMime-Version: 1.0\r\nDate: Sat, 06 Jun 2015 15:00:10 GMT\r\nContent-Type: text/html\r\nContent-Length: 3675\r\nX-Squid-Error: ERR_INVALID_REQ 0\r\nVary: Accept-Language\r\nContent-Language: en\r\n\r]
1433602810.050 1 192.168.7.100 NONE/400 4033 NONE error:invalid-request - NONE/- text/html [HTTP/1.0 400 Bad Request\r\nServer: squid/3.1.20\r\nMime-Version: 1.0\r\nDate: Sat, 06 Jun 2015 15:00:10 GMT\r\nContent-Type: text/html\r\nContent-Length: 3675\r\nX-Squid-Error: ERR_INVALID_REQ 0\r\nVary: Accept-Language\r\nContent-Language: en\r\n\r]
1433602810.358 1 192.168.7.100 NONE/400 4033 NONE error:invalid-request - NONE/- text/html [HTTP/1.0 400 Bad Request\r\nServer: squid/3.1.20\r\nMime-Version: 1.0\r\nDate: Sat, 06 Jun 2015 15:00:10 GMT\r\nContent-Type: text/html\r\nContent-Length: 3675\r\nX-Squid-Error: ERR_INVALID_REQ 0\r\nVary: Accept-Language\r\nContent-Language: en\r\n\r]
1433602810.374 1 192.168.7.100 NONE/400 4033 NONE error:invalid-request - NONE/- text/html [HTTP/1.0 400 Bad Request\r\nServer: squid/3.1.20\r\nMime-Version: 1.0\r\nDate: Sat, 06 Jun 2015 15:00:10 GMT\r\nContent-Type: text/html\r\nContent-Length: 3675\r\nX-Squid-Error: ERR_INVALID_REQ 0\r\nVary: Accept-Language\r\nContent-Language: en\r\n\r]
1433602810.922 8 192.168.7.100 TCP_MISS/200 656 GET http://www.google-analytics.com/__utm.gif? - DIRECT/192.168.7.77 text/html [Connection: Keep-Alive\r\nUser-Agent: avast! SimpleHTTP\r\nHost: www.google-analytics.com\r\n] [HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 06 Jun 2015 15:00:10 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.39-0+deb7u2\r\n\r]

When clicking the register button:
1433602818.147 1 192.168.7.100 NONE/400 4033 NONE error:invalid-request - NONE/- text/html [HTTP/1.0 400 Bad Request\r\nServer: squid/3.1.20\r\nMime-Version: 1.0\r\nDate: Sat, 06 Jun 2015 15:00:18 GMT\r\nContent-Type: text/html\r\nContent-Length: 3675\r\nX-Squid-Error: ERR_INVALID_REQ 0\r\nVary: Accept-Language\r\nContent-Language: en\r\n\r]
1433602818.940 9 192.168.7.100 TCP_MISS/200 673 GET http://www.google-analytics.com/__utm.gif? - DIRECT/192.168.7.77 text/html [Connection: Keep-Alive\r\nUser-Agent: avast! SimpleHTTP\r\nHost: www.google-analytics.com\r\n] [HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 06 Jun 2015 15:00:18 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.39-0+deb7u2\r\n\r]
1433602818.960 5 192.168.7.100 TCP_MISS/200 657 GET http://www.google-analytics.com/__utm.gif? - DIRECT/192.168.7.77 text/html [Connection: Keep-Alive\r\nUser-Agent: avast! SimpleHTTP\r\nHost: www.google-analytics.com\r\n] [HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 06 Jun 2015 15:00:18 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nX-Powered-By: PHP/5.4.39-0+deb7u2\r\n\r]

Hi,

it might be blocked because of requests to Google Analytics. Could you please also try to whitelist *.google-analytics.com and *.google.com ?

I tried these 2 things:

  • explicit whitelist *.google-analytics.com and *.google.com, so that no autentication is needed. (Like I have whitelisting for avast.com in place)
  • Both configure Avast so it uses proxy without autentication (I checked with browser, this works for *.avast.com, *.google-analytics.com and *.google.com) as also configuring it with a user that has access to everything. (I checked with browserr with random sites.)

In both cases, I still get the same error that I cannot connect.

Now in squid log I see this, when I click the register button:

1434134836.147 1 192.168.7.52 NONE/400 2047 NONE error:invalid-request - NONE/- text/html [HTTP/1.0 400 Bad Request\r\nServer: squid/3.1.20\r\nMime-Version: 1.0\r\nDate: Fri, 12 Jun 2015 18:47:16 GMT\r\nContent-Type: text/html\r\nContent-Length: 1689\r\nX-Squid-Error: ERR_INVALID_REQ 0\r\nVary: Accept-Language\r\nContent-Language: en\r\n\r]
1434134836.263 91 192.168.7.52 TCP_MISS/200 539 GET http://www.google-analytics.com/__utm.gif? - DIRECT/216.58.211.110 image/gif [Connection: Keep-Alive\r\nUser-Agent: avast! SimpleHTTP\r\nHost: www.google-analytics.com\r\n] [HTTP/1.1 200 OK\r\nPragma: no-cache\r\nExpires: Wed, 19 Apr 2000 11:43:00 GMT\r\nLast-Modified: Wed, 21 Jan 2004 19:51:30 GMT\r\nX-Content-Type-Options: nosniff\r\nContent-Type: image/gif\r\nDate: Tue, 09 Jun 2015 03:13:12 GMT\r\nServer: Golfe2\r\nContent-Length: 35\r\nCache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate\r\nAge: 315240\r\nAlternate-Protocol: 80:quic,p=0\r\n\r]
1434134836.320 49 192.168.7.52 TCP_MISS/200 539 GET http://www.google-analytics.com/__utm.gif? - DIRECT/216.58.211.110 image/gif [Connection: Keep-Alive\r\nUser-Agent: avast! SimpleHTTP\r\nHost: www.google-analytics.com\r\n] [HTTP/1.1 200 OK\r\nPragma: no-cache\r\nExpires: Wed, 19 Apr 2000 11:43:00 GMT\r\nLast-Modified: Wed, 21 Jan 2004 19:51:30 GMT\r\nX-Content-Type-Options: nosniff\r\nContent-Type: image/gif\r\nDate: Tue, 09 Jun 2015 03:13:12 GMT\r\nServer: Golfe2\r\nContent-Length: 35\r\nCache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate\r\nAge: 315240\r\nAlternate-Protocol: 80:quic,p=0\r\n\r]

And I get NO logging when I click the try-again button. Nothing happens! So in other words, Avast tries to do something special. Tries to use some non standard port or so. (I block almost all ports.)
Please let me know how I can allow this?