Avast reporting to BBC News?

Avast Free Antivirus / Premium Security
1

I received a firewall message that Avast4 (ashwebsv.exe) was attempting to contact the network. I noticed that the destination IP was 212.58.226.8. I checked to see whose IP that was. It was BBC News.

Is this correct? If so, why?

2

ashwebsv.exe is the WebShield scanner of avast.
It just scan (not attempt to connect). I mean, the sequence of the data is:
Internet > Your firewall > Webshield > Your browser or any of your programs that uses http protocol to connect the Internet.
So, WebShield asks to ‘contact’ the Internet because a program in your computer is trying to do so…
If you try to use TCPView from www.sysinternals.com you’ll be able to see which program is trying to connect.

Oh, you can (there is a possibility) be infected, so, a thorough scanning of avast (ewido or other antitrojan program) will be very good too :wink:

3

What is your firewall ?
What were you doing when you received the alert ?

4

I am using the firewall, Jetico. I don’t remember exactly what I was doing but I do know that it did not have anything to do with BBC News.

5

I can’t think of any malware that would go to the bbc.com site, all I can’t think of is there might have been some content on a web page that was downloaded from the bbc site.

Is Jetico not able to determine the originating (parent) call by checking the logs most of the accesses for web shield are accompanied by browser requests to localhost (effectively web shield proxy) the same as in my Outpost Logs.

The important thing is that web shield doesn’t originate any of the connections, it just monitors the http traffic.

6

Thanks for the reply. I am in the Learning mode in Jetico. The log does not look like the one in Outpost. It is not as clear.

Do you like Outpost? I picked Jetico because it passed the “PCFlank Leaktest”. The most popular firewalls failed.
http://www.pcflank.com/pcflankleaktest.htm

7

I like Outpost Pro, I’m getting to grips with the latest update which is now 4.0 so it is also starting its learning phase again. It has also introduced a number of aditional features to stop many of the leaks from many methods of bypassing the firewall, so a lot of pop-ups at the moment. Unfortunately it isn’t free, outpost does very well in leak tests already in the 3.5 version that has improved with the latest version.

I’m waiting on some of the sites testing it, See some firewall tests for comparison, some are freeware but many are paid for versions http://www.firewallleaktester.com/tests.php this was 3.5.

Version 4.0 passes the pcflank test see images.

8

Thanks for the reply.

Probably several of the well known firewalls have taken steps so that their firewall passes the test now. PCFlank should update their list of firewalls that failed the test.

Doesn’t Outpost have a free version? I thought it did.

9

It does but it is very old http://www.agnitum.com/products/ version 1.0 now I wouldn’t us it I did a long time ago before I upgraded to the Pro version. Jetico does quite well in the filrewallleaktester.com tests and probably better than outpost 1.0.

10

Thanks for the information about the free Outpost firewall.