Network Shield in avast! v5.0.545

I am running avast! v5.0.545 (free edition) under Win 7.

I have had several instances where avast! is blocking access to a Hotfile download server (specifically s138.hotfile.com). avast! Network Shield reports “URL:Mal” (malformed URL) and the connection is immediately aborted. There’s not anything wrong with the URL nor the file itself. If I temporarily disable the Network Shield I am able to download the file without issue.

Does anyone know if there is a way to specify a domain exception for the Network Shield? It doesn’t happen with all Hotfile servers – I have only experienced the problem with s138.hotfile.com and a138.hotfile.com.

This is really bothersome. I really don’t like having to turn off the Network Shield, even for just a few minutes, because that totally defeats the purpose of the Network Shield in the first place.

I couldn’t find any previous post about this problem and if there has been I apologize in. Thanks in advance for any help you can provide.

First an unrelated issue (as it won’t make any difference in this case), the latest avast version is 5.0.594, so I would suggest that you use the avastUI and do a program update.

It isn’t a malformed URL, but considered malicious that is what the Mal in URL:Mal means.

The problem with this style of hosting is that there are many such sub domains in the hosting and when you get malware alerts on these sub-domains sometimes the whole domain or a server IP address could get tarred with the same brush and blocked by the network shield. So it may be that there was something on there previously that caused avast to block it.

However, just visiting the main hotfile.com site doesn’t trigger an alert by the network shield. Though I do get an alert from the network shield on the s138 sub domain, but the a138 doesn’t get me anything as it doesn’t seem to be recognised.

The site does feature on the malware domains list - http://www.malwaredomainlist.com/mdl.php?search=hotfile.com&colsearch=All&quantity=50, but not for those two you mentioned.

Unfortunately I can’t check out anything as the url is incomplete so even with the network shield stopped I just get 404 error.

You could post the full URL, change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.

Unfortunately that is me for the night, after 4am here.

i get this problem with a138 and also the latest problem ive had it with was on s156.

The most recent problematic URL was:
hxxp://s138.hotfile.com/get/89f40dc761fe8fc151b82050462e50c1f63a7404/4c33db9b/1/aa7729f6abef15f5/32905a6/194075/WFMax%20%26%20The%20City.avi.003

Thanks.

also now had one on s425

Hi urlvoid says its clean…

Report 2010-05-25 01:17:39 (GMT 1)
Website s138.hotfile.com
Domain Hash 0dd6c708da37fc02f889363bc5dae751
IP Address 74.120.8.241 [SCAN]
IP Hostname s138.hotfile.com
IP Country US (United States)
AS Number 7366
AS Name LEMURIACO - Lemuria Communications Inc.
Detections 0 / 12 (0 %)
Status CLEAN

Scanning site with: BrowserDefender CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee Trusted Source CLEAN
Scanning site with: MyWOT CLEAN
Scanning site with: Norton SafeWeb CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: Web Security Guard CLEAN
Scanning site with: ZeuS Tracker CLEAN

NoVirusThanks Scan Website
SenderBase View Reputation
Anubis Analyze URL
Robtex DNS Information
Alexa Traffic Rank