Files sent - (Curiousity)

Guy’s,

This is purely a question born out of curiousity and hopeful enlightenment :slight_smile:

Can anyone (Avast Team) tell me what files Avast poles off of my computer and an overview of what they are/why?.

Also how often?. It seems that Avast wants to connect quiet often according to the firewall log.

Thanks for any info.

Walker.

None. Avast did not send out any files from your computer.
Why do you think we are interested in your files? We have plenty of our own files here :wink:

Avast checks the Internet connection via ping to see if it can try to get the updates. Discussed on this boead many many times…

Pavel

Hi Johnnie,
again, it’s Saturday and we can have some conversation. How sweet! 8)

Are you saying that a simple ping is all it takes to identify which version of Avast I am running and when it's due for an update without gleaning any further info from my pc?

No. Let me explain how it works.
avast uses pings to find out whether the updating servers are reachable (that’s what ping is for anyway). If the ping works, it tries to fetch an update. It makes a HTTP GET request to one of our updating servers and downloads a couple of tiny files that hold the time stamps of the installation packages. Using these files, it can determine if there is something new on the servers. If there is, it downloads it and installs it. After the update, it sends a report of the update - this is the only point when it sends some data to our servers, and it only sends info about avast itself, mainly about how it worked, and also some licensing info so that we can blacklist those pirates, y’know :wink: But really, no files and/or avast-nonrelated info is leaked. Never.

For example, I was also wondering about the unp3676 (crash file). Is that information ever polled or sent.

The crash dump, and the chest files are only sent by e-mail (SMTP), and only when a user explicitly asks avast to do so.

Does Avast open any ports for it's own use?.

Not deliberately. :slight_smile:
Of course, things like the mail proxy need to do this but that shouldn’t surprise you. :wink:

So far,
Vlk

Hello sailor,

I’m not convinced, mainly from past comment from one of the ‘team’. ::slight_smile: But I have no concerns anyway… just curiousity ??? :wink: Topic closed :slight_smile:

HOWEVER ;D ;D ;D but my crash dump say’s Avast did it ::slight_smile: :-X ie crashed :o

And I’m not going out with you in that hat :-* :-* :-*

Ahoy there,

I'm not convinced, mainly from past comment from one of the 'team'.

Which comment, which member? (I suppose I know which team ::)).

HOWEVER but my crash dump say's Avast did it ie crashed

<talkin’ serious> But that’s the dump that I’ve looked at with the overwritten bits in the NTFS driver, right? The thing is, the way Windows “determines” which driver is in charge for a BSOD is rather “interesting” - it backtracks the stack and the first non-Microsoft driver is the one that’s guilty :slight_smile: :slight_smile: :)</talkin’ serious> And you know MS drivers are perfect, don’t you? :wink: :wink:

Something tells me he means me here http://www.avast.com/forum/index.php?board=2;action=display;threadid=1412;

Walker, what’s still unclear? I thought I already explained that. You may PM me for details, but you’ll get nothing than techno-geek stuff :wink:

Nope… I’m not telling :stuck_out_tongue: . It was only idle chit-chat with an ‘implication’ of what was being read, but as you say… nothing detremental… my credit card number… but my wife hs already distributed that to most of the stores in the country :cry:

But that's the dump that I've looked at with the overwritten bits in the NTFS driver, right?

No dear boy, I’m now talking about Avast’s own crash file (referred to above). That’s the one that’s poking the finger at Avast itself. My questions about the MS mini dump file where ignored by ‘a member of the team’ ::slight_smile: :slight_smile:

Now wait a minute, I know what your gonna say next… MS have hacked the ‘Avast’ crash file 8) :wink:

Hi kubej. No… HE doesn’t, thanks very much.

Walker, what's still unclear? I thought I already explained that. You may PM me for details, but you'll get nothing than techno-geek stuff ;)

kubej, your all jumping to conclusions that I have some ulterior motive… I DON’T, I’m curious because of other reasons that Vlk knows a little about. I don’t mind ‘Geek’ stuff, I plod my way through it. 8)

The avast crash dump is generated when avast crashes - the file is only written to avast log directory at the moment; then, the crash window (“avast! has encountered an error…”) should appear, having a part to write your own comment and two buttons - “Send report” and “Don’t send”. Only when you press the “Send” button, the crash dump file is sent (using SMTP) afterwards.

Hi Igor,

Thanks for the info.

I don’t remember any crash window popping up, but out of interest and to put you guys minds at rest that I’m not asking for some ‘other’ reason, here is extract from the unp3676 crash file…

Crash list of Avast Antivirus, v.4.1.280


------------------
System Information
------------------
Time of this report: 16/10/2003, 13:29:02
      Computer name: SERVER-02
   Operating System: Microsoft Windows XP Personal (Build 2600) Service Pack 1
          Processor:               Intel(R) Pentium(R) 4 CPU 3.00GHz, MMX, ~2982Mhz
      System memory: 1048044 KB (installed), 804500 KB (available), 2097024 KB (virtual)
           Language: 0809-0809-0809-0809 (SLangID, SLCID, ULangID, ULCID), 0409-0409 (SUILang, UUILang)
------------
Fault source
------------
D:\Alwil Software\Avast4\ashserv.exe caused an Access Violation at location 7ffefdfd Reading from location 7ffefdfd.

-----------


Walker.

Johnnie, please send me the file. I’ll take a look at it.

And about the crash dumps - the last I got from you was Mini101303-01.dmp which is the NTFS one. Nothing else since that. :-*

Hi Andy :stuck_out_tongue:

Okay… see, you guy’s get ‘curious’ as well :wink: I’ll send it as an e-mail attachment in a few minutes.

And about the crash dumps - the last I got from you was Mini101303-01.dmp which is the NTFS one. Nothing else since that. :-*

Sent two e-mails after your reply to that mini-dump and a memory jog by IM… it’s still there in my forum sent box… but no reply :-X :cry: :wink:

File sent Andy.

Okay.... see, you guy's get 'curious' as well I'll send it as an e-mail attachment in a few minutes.

Got it, and am totally confused. This crash dump is a complete mess. I can’t find anything useful in that file, sorry… :frowning:

Sent two e-mails after your reply to that mini-dump and a memory jog by IM... it's still there in my forum sent box... but no reply

OK, OK, I’m not denying but the truth is that you haven’t sent me any other crash dump, have you? Just the original one. :-*

A’humm

Really ??? … you surprise me Vlk

OK, OK, I'm not denying but the truth is that you haven't sent me any other crash dump, have you? Just the original one. :-*

Can you send me a bottle of whatever you were sipping last night 8) :stuck_out_tongue: . I didn’t say I had sent you any more crash dump files ???. Unless of course I’m trying to access my own invalid memory location. ::slight_smile: ::slight_smile: ::slight_smile: :wink:

Vlk,

Sent you the other info by e-mail.

Walker

I can make some suggestions about piracy if anybody in Alwil is interested…
Just let me know. :wink: