Avast Updates Fail!

  • (1.2-RC2  built on Fri Sep 7 14:23:10 EDT 2007 is my current version)

    Need to resolve issues with Avast Home Edition! They always fail over and over while using Squid, Snort across my network! Now there are a few thousand users and they all use the free edition of Avast! Most are using the same key so that might be an issue though Avast states that would not cause this issue! If I bypass the PF sense System all is cool! I am also seeing the issue with AVG, Kaspersky, and CA so what is the issue?

    Is it Squid Cache Server? Is Snort somehow screwing with the updates? Is Avast blocking the updates because there is to many updtes from one source! I am up for any IDEAS! This is a new issue within the past 3 months!

  • some toughts;

    if you want use Avast! on network .. you must consider pay for it !!! Avast Home like their name is to home user not for commercial or network use ….. the same to other Av solutions .. and no ... it's is not any trouble with Pfsense and Avast.... i have several users with PF+Squid+Squidguard+snort using paid version of Avast (Avast Professional with ADNM) and works very well... othe user using Avast Professional (Stand Alone Version ) on same network works well too....

    If you want use an AV solution and not pay for it ... consider ClamWin an GPL Av based on Clamav.. if you need realtime scanning consider Moon Secure Antivirus GPL Av too.....
    if you work  with IT ... you would like to make money with your job ... like Av developers ...

  • Now lets get things into prospective! I have a wireless network spanning a few hundred kilometers! Now when new business clients and home user do not have a good anti virus I suggests they use Avast! As to your diatribe about paying for it if you are not a home user in mute! I have a few thousand users and this is starting to be seen in all products! PAID and NOT PAID are seeing these same effects….

    So back to reality and to the question at hand! Could this be a result of the cache? Could it come from to many request from 2 primary distribution ips at the core router? Need a little help with this one! It needs to be answered by those running Large diverse networks cover the thousands of users!

  • I'm running a small home network (large family) with 9 computers.  I guess to your larger networks, you could consider me a lab.

    Running squid and snort (all rules except backdoor, misc, and netbios), with a mixture of Avast Home, Kaspersky 7, and Symantec AV and I'm not seeing any problems with updates.

    As you stated, size of the network might be a factor here.

  • I am not for sure…. I do not know if it is the AV Servers saying piss off! Or it is a incomplete cache issue with squid...... I have this on two separate systems in two different cities 100Km apart and on different providers! The on thing that is the same is the same! The are clones of each other and it is happening run both cities.... It is strange!  :-\

  • One simple test - bypass squid and try a download directly.  If it works you know it's squid related, if it doesn't then the problem lies elsewhere.

  • ok …
    little things to do .... 
    Avast .vpu files must not be cached ... for while you can use donotcache feature of squid package to sites of  updates of avast ... this sites can be retrieved in file servers.def (an text file) in Program Files\Alwil Software\Avast4\Setup

    this is to warranty of file was not modified on some way .....

  • Well after two days of testing the updates are working again across the board! Now if you just tell squid not to cache avast.com it will not allow the updates! But if you list the 200 freaking possible update server all works fine! So I need to list all the servers for Avast, Kysperski, and a few others that are getting pissy! So the big question is how to wild card the domains/sub domains so I do not have to edit a few thousand servers by hand!  :-\

  • this is a donotcache feature … but you can change this with some hacking on squid.inc

    the donotcache acl uses destdomain directive and to do what you want you need dstdom_regex directive..

    look your squid.conf and you will know what change in squid.inc

  • ;D

    Once I loaded the all of the 20 Thousand Update Servers for all of the Major Anti Virus Companies all is good! Someone should publish a no cache list for problems like this!

    Thanks for the suggestions…...


  • you can do this with some hackings … on Aliases code  ... and /cf/conf/config.xml
    and you can put server names directly

  • I live by the web interface and do not dig to deep into the config files! I have to have a "keep it simple stupid" policy! Because if I get hit by a truck there is NO ONE to keep the systems going! I am in Egypt and after 3 years here I now know that Aliens built the pyramids! Because there is now way in hell they got build by the Egyptian Minds and Egyptian Natives!

    So I did it the simple way and figured the naming convention for most of the primary virus protection companies and loaded it into a text file and maualy loaded it to all pfsense servers… Problem solved and all is quite!

    If wanted I can post the No Cache Virus Server Update List.... Let me know!

Log in to reply