Hi!

I´am using avast and the kerio firewall. The software firewall was configured for the iAVS Update function. Since the last autoupdate, avast is “asking” peramnently for new network ports. it starts with 1050, then 1051 and so on…

Is this a feature of the new update pack?
Can somebody tell me the common ports of this antivirus application?

thanks in advance

It sounds as though you are describing the normal way that every program in existence accesses the net.

Whenever any application wants to go get something from the net be it your browser, your email your p2p client it sends out a request to a server and contacts that server on the ‘well known’ port that it expects communications on (80 for http, 110 for POP3 email etc).

That has nothing whatsoever to do with that port on your system it is the port that the other system is using for communications to be established.

Your program then has to ask the operating system for an available port on your system that it will advise the other system to send back the requested information on.

The program then sits and ‘listens’ on that requested port for the information to be returned. When all the information is returned the port is released. The system just allocates the ports sequentially as your system session progresses.

There is no magic here this is just how communications between your system and the rest of the world works.

avast has not just started doing this - this is the way TCP/IP communications has always worked.

i´ve looked through the log files;

7.03.2006 10:09:04 general: InvalidateCurrent: invalidated server ‘Download30 AVAST server’ from ‘main’
07.03.2006 10:09:04 general: SelectCurrent: selected server ‘Download5 AVAST server’ from ‘main’
07.03.2006 10:09:04 package: GetPackages - set proxy for inet
07.03.2006 10:09:04 internet: SYNCER: Proxy 127.0.0.1:8080
07.03.2006 10:09:04 internet: SYNCER: Type: standard HTTP proxy (rfc2616,2617)

as you can see, i´am using a http proxy tool; this solution worked before, but shortly after the last program update, i get alot of failure messages dropped in my log

the log says that the update function is unable to reach the update server,
in order to get a update, the app tries to reach another update server through a new tcp connection with a new port
again, the access is denied or not possible, the app is iterating the update server name and port number.

it doesen´t matter if i block or allow this connection with my firewall, the update program keeps on trying to reach different servers, it doesn´t stop this behaviour until i´ll block everything in my firewall.

at the moment i stop the auto update function, but this is not the solution for this problem.

i proved the configured connection, the proxy connection is working, what else can be wrong?

Can you check your browser settings and your firewall.
WebShield is a local proxy too, you’ll have to uncheck the option ‘Ignore local communication’ and redirect the scanning to port 8080 (as seems your other http proxy uses this port).

Well, the updater is trying its best to reach at least one server to update… this is the expected behavior: the strengh of the updater to do its job.

Many Thanks!

Problem seems to be solved; unchecking local comminication solved my problem.

well, it’s a good & usefull feature; but why are the ports permanently changing when the update servers are changed ?

I’m using my localhost:8080 local proxy app as something like a “proxy switcher & ad-blocker”, therefore i turn off the “real” http-proxy inside this tool on or off; when i forget to change the proxy after switching to any other network where this local http-proxy is not supported, the updater is running berserk and any firewall will produce annoying false alarms

OK, now i’m aware of it… IMHO it isn’t the best solution, maybe it can be tweak or configured, how the updater should react after a certain amount of failed connection attemps. Is there a solution, maybe something over at the .INI file?

OMG!

just rebooted my computer…
… xp login screen idle… suddenly, the firewall popped up, asking for the updater to open a port…
Hey, there is NO wlan / lan available, yet! Therefore, there is no connection possible…

I think i should switch the updater back to manual update function, because this so called “strong” algorithm drives me crazy… asking again and again for new ports&update-server connection

You’re probably misreading the firewall status screens.

The connection is usually

localhost:someport → ourserver:80

if you have proxy on your comp, it is:

localhost:someport → localhost:8080

Since ‘ourserver’ may be one of many servers, there may be many tries. And ‘someport’ is also periodically changing.

If you want an easy solution, simply give the updater all rights to connect outside. It does just some http traffic, you shouldn’t worry about that (if we’d be the bad boys, we’d have the bad code on your comp anyway 8))

So the result:
avast updater does connect only on port 80 if run without proxy and connects on the proxy port if you’re using it.