Avast blocking legitimate Java function

I posted about this in the general forum but avast webshield has been blocking Sun Java on www.moneyam.com I have a subscription there and the live streaming in the stockwatch section will not activate the Java feed with web shield running, but works when i turn off webshield.
I have included an exception which means i can operate it, but that should not be the situation.

Also the level2 data will not download either (free for a week at the moment by the way, by using the investors room link) and I have not been able to find a way around that, except by disabling webshield. Can technical help me on this, I can assure you it is a legitimate Java application and I need it for work. Thanks.

Do you get a “virus found” dialog? If not, avast! is not blocking it, at least not intentionally.
Might be a conflict with the WebShield operation…

Hi Igor, no I don’t get a virus message, but when I turn off webshield, it works, which is rather self-defeating.
Another poster freewheelinfrank found the same problem. When i contacted the website they sdaid that other users had similar problems when using avast. Don’t worry I am an avast fan tho’!
http://forum.avast.com/index.php?topic=13840.0

Hawick, insert 193.243.128.76 into the Ignored Addresses field (webshield configuration / Basic tab). That should help and this address will be added to the ignore list with the next VPS update.

Edit: concerning the “legitimate Java” in the title: well, this app communicates on port 80, which is usually understood as the port for HTTP data. Avast intercepts this communication and waits for the document to download completely to scan it for viruses. But it never downloads! MoneyAM does not provide any content type which might be used to exclude this particular content from scanning, it does not indicate that this is not a regular HTTP request/response communication but instead a live stream of data which is parsed in the realtime and never ends. It does not even indicate in the headers that this content can not be cached by any intermediate HTTP proxies (not that it would make any difference with avast!) and so on. I don’t know if this is the correct use of HTTP protocol and if it violates RFC standards or not but the streaming nature of the content and no sufficient indication of this nature is the reason of your troubles.

Please try to use the ignore address workaround and let us know.

Lukas

Thank you Lukor. Appreciate the swift reply!!! :slight_smile:
That works for the stockwatch, but not for the level 2.

hmm. How can I test the Level2 with the free account?

You can go here to sign up; the first topic has the link. http://www.moneyam.com/InvestorsRoom/

well, it seems that adding 193.243.128.78 would help in this case. So both addresses should be there:

like this: 193.243.128.76,193.243.128.78

Of course we can not garantee that these addresses will not be changed in the future by moneyam. sorry.

Don’t apologise that’s fantastic thanks!! ;D

One last question if i may, I put in streamer.moneyam in webshield exceptions, which enabled the java in webshield, but it doesn’t enable the level two; and if they do change the number, what would i put in for level 2?
Thanks.

if its ignored on the basic tab it won’t ever go to the webshield - so it does not matter if the scanning is enabled or disabled and you can safely remove the streamer.moneyam if you like.

Yes Lukor I see, but if they do change the number, as you mention, then the ignore in the basic tab will not apply.
That’s why i was wondering if there was a similar entry to streamer, that i could put in exceptions to enable the Level 2. or if they do change the number, is there any way for me to find the number?
And once again, thanks for your time and help.

Yes you are right. In fact you can enter “streamer.moneyam.com” into the ignored address box too - WebShield will convert it into IP address on startup (if you are connected to the net). There is however no reverse DNS record for the second IP, 193.243.128.78. There might be some DNS name, but you would have to guess it ::slight_smile: I’ve tried streamer1.moneyam.com, streamer2… with no luck.

Edit: OK, just guessed correctly: it’s level2.moneyam.com, so you can enter both these names into the ignored address box.
Edit2: an alternate method would be to enter moneyam.com into the exception URL list.

You’re a star!! Take the rest of the day off! ;D

Forget about that…!
http://malware-research.co.uk/Smileys/default/rofl6.gif