NOD32 suddenly messing up outgoing HTTP requests?

Discussion in 'ESET NOD32 Antivirus' started by Sunfox, Feb 7, 2008.

Thread Status:
Not open for further replies.
  1. Sunfox

    Sunfox Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    5
    I noticed just in the last couple of hours, that I've having trouble with outgoing requests to websites. If I fill out a form, about 75% of the time not all of the form elemants will make it to the server, and instead I get an error about missing data. I run my own site, so I was able to actually check into this, and most of the time not all of the parameters are making it to the server.

    I also now get occasional broken images on webpages, I've seen an advertisement IFrame that said "Method not implemented" and in my website's error logs I see the occasional line such as:

    Thu Feb 7 00:09:58 2008] [error] [client #.#.#.#] Invalid method in request FGET /images/background.gif HTTP/1.1

    ...However if I disable NOD32 (621) everything works perfectly. I've enabled/disabled it several times now to confirm what's causing the problem. Since I haven't seen this before I suspect it might have been caused by the last update (2854)?

    Any suggestions?
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    Could you provide us with an example of a website where this problem is occurring?
     
  3. Sunfox

    Sunfox Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    5
    I've noticed it mostly on my own site, which is the one I spend the most tiem on and would prefer not to give out right now, but I do have further information:

    1) It happens in IE7 but not Firefox.

    2) It only appears to happen on POST forms. It does not happen on all forms all the time; it's hard to figure out why.

    3) I can fix the problem by turning off HTTP checking in NOD32.

    4) I can fix the problem by placing an X on the Internet Explorer line in programs (however it occurs whether ticked or unticked).

    5) Generally the first item in the form is garbled/missing, for example on script.cgi?name=Bob&country=USA the program would only receive "USA" and not "Bob".

    6) The IFRAME problem with "bad method" or "FGET" only occurs on pages generated following a bad form submission.

    7) I've found that I can fix the problem (at least it seems to be fixed) by changing the ENCTYPE on these POST forms to "multipart/form-data". Normally they have no specific ENCTYPE named.
     
  4. Sunfox

    Sunfox Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    5
    More information:

    If I add a "dummy" value to the beginning of the form then I can get the rest submitted - however I noticed that on my favorite test page (favorite because it's guaranteed to cause the error) the very last character of the form input is a question mark. Which is URL-encoded to %3F. And when I submit the form using the dummy value, what I get back of the good data ends in no question mark, but instead just %3.

    Remember how I mentioned the error lines about "FGET"? I think that's where the "F" is coming from - the end of %3F is somehow getting mangled into the next HTTPD request. And I think that's what's happening to the beginning... perhaps the first character of a POST form is being dropped or corrupted.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.