NOD32 suddenly messing up outgoing HTTP requests?

I noticed just in the last couple of hours, that I've having trouble with outgoing requests to websites. If I fill out a form, about 75% of the time not all of the form elemants will make it to the server, and instead I get an error about missing data. I run my own site, so I was able to actually check into this, and most of the time not all of the parameters are making it to the server.

I also now get occasional broken images on webpages, I've seen an advertisement IFrame that said "Method not implemented" and in my website's error logs I see the occasional line such as:

Thu Feb 7 00:09:58 2008] [error] [client #.#.#.#] Invalid method in request FGET /images/background.gif HTTP/1.1

...However if I disable NOD32 (621) everything works perfectly. I've enabled/disabled it several times now to confirm what's causing the problem. Since I haven't seen this before I suspect it might have been caused by the last update (2854)?

Any suggestions?

 

Could you provide us with an example of a website where this problem is occurring?

 

I've noticed it mostly on my own site, which is the one I spend the most tiem on and would prefer not to give out right now, but I do have further information:

1) It happens in IE7 but not Firefox.

2) It only appears to happen on POST forms. It does not happen on all forms all the time; it's hard to figure out why.

3) I can fix the problem by turning off HTTP checking in NOD32.

4) I can fix the problem by placing an X on the Internet Explorer line in programs (however it occurs whether ticked or unticked).

5) Generally the first item in the form is garbled/missing, for example on script.cgi?name=Bob&country=USA the program would only receive "USA" and not "Bob".

6) The IFRAME problem with "bad method" or "FGET" only occurs on pages generated following a bad form submission.

7) I've found that I can fix the problem (at least it seems to be fixed) by changing the ENCTYPE on these POST forms to "multipart/form-data". Normally they have no specific ENCTYPE named.

 

More information:

If I add a "dummy" value to the beginning of the form then I can get the rest submitted - however I noticed that on my favorite test page (favorite because it's guaranteed to cause the error) the very last character of the form input is a question mark. Which is URL-encoded to %3F. And when I submit the form using the dummy value, what I get back of the good data ends in no question mark, but instead just %3.

Remember how I mentioned the error lines about "FGET"? I think that's where the "F" is coming from - the end of %3F is somehow getting mangled into the next HTTPD request. And I think that's what's happening to the beginning... perhaps the first character of a POST form is being dropped or corrupted.