Avast scans my local web servers

I have several local machines on my network.

  1. Laptop running Ubuntu 20.04 LTS
  2. VMWare virtual machine (2) running CentOS 7

All three machines are running Apache HTTPD to support both work and learning. While looking at my access logs, I find the following entries (examples below):

192.168.254.229 - - [28/Oct/2021:12:55:40 -0700] “GET / HTTP/1.1” 200 710 “-” “Avast Antivirus”
192.168.254.229 - - [28/Oct/2021:12:55:40 -0700] “GET /HNAP1/ HTTP/1.1” 404 204 “-” “Avast Antivirus”

More disturbing:

192.168.254.229 - - [19/Oct/2021:17:47:25 -0700] “GET /cgi-bin/webproc?getpage=/etc/shadow&errorpage=html/main.html&var:language=en_us&var:menu=setup&var:page=wizard HTTP/1.1” 404 213 “-” “Avast Antivirus”

and:

192.168.254.229 - - [19/Oct/2021:17:47:25 -0700] “GET /cgi-bin/webproc?getpage=/…/…/etc/passwd&var:language=en_us&var:page=* HTTP/1.1” 404 213 “-” “Avast Antivirus”

192.168.254.229 is my Windows 10 Professional desktop (latest patches) running Avast! 21.8.2487 (build 21.8.6586.697) and virus definitions 211028-4.

Why is Avast! probing other machines on my network? What other probes does it make? There are several systems on this home network that are not mine. Is Avast! probing them as well?

Why?!

This is truly not acceptable, and could be viewed by other members of the household as malicious.

Hi, you can turn it off in the settings, see screenshot.

I did that, went to San Francisco on a business trip, and came back to “13 unsuccessful logins” on one of my Linux machines.

When I looked at the log, they were all coming from my Windows machine with Avast! installed.

Here’s the screen shot of my configuration:

  • Which Avast…? (Free/Premium/One)
  • Which version/build of Avast…?
  • OS…? (32/64 Bit…? - which SP/Build…?)
  • Other security related software installed…?
  • Which AV(s) did you use before Avast…?
  • Which Avast…? Free
  • Which version/build of Avast…? 21.9.2494 (build 21.9.6698.703)
  • OS…? (32/64 Bit…? - which SP/Build…?) Windows 10 Pro 64 bit, 21H1, 19043.1348, WFE 120.2212.3920.0
  • Other security related software installed…? None
  • Which AV(s) did you use before Avast…? None

You can submit a bug report in “About Avast”. (Add a link to this thread)

Hi toastman, thank you for reaching out.

First of all, I can confirm that these scans are from Avast Wi-Fi Inspector. I suspect you may have marked your network as a “private” network, which may lead to some periodic scanning. The scan can also be initiated by other Avast features, such as Smart Scan.

The best way to prevent this from happening is by uninstalling the Wi-Fi Inspector component. This article describes how you can do that: Add or remove Avast components.

We apologize for the confusion. We’re working on improvements for our network scanning features. We’ll try to give users more control and provide a better explanation.

Hi,
I found Avast free antivirus not only scan the ports of my private network server, but it try to login, too, via ssh brute force attack (ten times x second). I found this behavior unacceptable, expecially because you can move with your laptop on others private network of work, school etc and is not so polite you are attemp to go inside other servers.

Moreover, I left a router with a monitor account w/o password, and it found it and enter but no related messages were reported to me.

I was running Win 7, Avast free V 22.7.6025