gmr-prog
-
Posts
10 -
Joined
-
Last visited
Posts posted by gmr-prog
-
-
-
1 hour ago, itman said:
This also brings up the question of if this issues manifest when using the Firefox browser?
I have tested this, and yes, it does.
-
4 minutes ago, itman said:
Reviewing the above posted response headers, it appears Eset is using GZip to compress the data again after analysis and that is where the issue lies. With Eset out of the picture, this header does not appear;
X-Content-Encoding-Over-Network: gzip
If ESET was re-compressing, I would expect the
Content-Encoding: gzip
header to remain in the response, but it doesn't. Because it doesn't, if ESET is re-compressing, then the browser would be lost every time, trying to interpret a compressed file as uncompressed.
I can't find any reference to "X-Content-Encoding-Over-Network" online other than in conjunction with ESET. I suspect it may be a proprietary header that indicates "this was compressed with GZIP when it reached ESET, but ESET decompressed it and had to remove the Content-Encoding header, so this is the record that that happened".
-
2 minutes ago, Marcos said:
I assume that the application doesn't expect the scanned content to be gzipped but it can be already unpacked. Or is that a wrong assumption? If gzip is expected then the only solution will be creating an exception.
It is ok if the content is already unpacked by the time it reaches the browser. Our issue is that it appears the content is not always being unpacked correctly, resulting in "ERR_INCOMPLETE_CHUNKED_ENCODING" errors reported by the browser.
-
17 hours ago, itman said:
In the same Eset GUI section, you can exclude SSL/TLS scanning based on the certificate associated with the domain/URL of your web based app.
I tried that, and with that rule in place, our content does indeed work as expected.
While we will still work towards a solution that will resolve the problem completely, this is a useful option to have in case it becomes necessary. Thanks for the information!
-
1 hour ago, Marcos said:
You can upload the generated archive to a safe location and drop me a private message with a download link.
PM sent. Thanks!
-
39 minutes ago, itman said:
Appears this a known issue: https://github.com/kucharzyk/spring-angular2-starter/issues/35 .
Yes, we found that Github page and the Stack Overflow page linked in it, among other pages, as part of our research. These pages pointed us in the direction of investigating ESET.
39 minutes ago, itman said:Have you tried excluding your app from Eset SSL/TLS protocol scanning by setting Scan action to "Ignore"?
Note that this does put your Eset customers at risk in the event your app may contain malware.
Our software is browser-based; it wouldn't be feasible to ask our clients to exclude their web browsers from their security scans.
-
I generated a log file. Because there is potentially confidential info in there (and this is a public forum), and also because it is over 500 MB, is there an alternate way to submit it directly to you?
-
We are a vendor of web-based software with multiple clients that use the ESET anti-virus package as a corporate standard. These clients have reported issues viewing our content in Chrome or Edge browsers. Sometimes a page will show up blank, and other times a string of nonsense characters is displayed on the screen. The developer tools revealed the presence of "ERR_INCOMPLETE_CHUNKED_ENCODING" errors when retrieving certain files, intermittently but frequently.We have narrowed down the problem to a conflict between our software and ESET. We do not experience these symptoms when running on machines not equipped with ESET, and we do not experience them when running on a machine with ESET for which specifically the "HTTP(S) traffic scanning" setting has been disabled (just turning off protection doesn't seem to make an impact).What appears to be happening is that we use GZIP compression on files retrieved from our server, and ESET decompresses them to scan them and delivers them to the browser uncompressed with the appropriate headers altered. However, something appears to be going wrong with the decompression, and the results being delivered to the browser are not always correct. In fact, for testing purposes we disabled compression on our server, and the software was delivered correctly with ESET running.Below is a sampling of the response headers that the browser gets when ESET is not running vs. the response headers that the browser gets when ESET is running and the issue occurs. (Monitoring at the server side, the response headers were the same in both cases, other than timestamps.) Is there something we can add to prevent ESET from having these issues? Alternatively, is there a setting that would allow our clients to bypass that scan just for our software? We tried experimenting with the "List of addresses excluded from content scan" setting, but that didn't seem to help. If it matters, our in-house testing has been with ESET Smart Security Premium.
Response headers without ESET:
Accept-Ranges: bytes Cache-Control: max-age=604800 Connection: keep-alive Content-Encoding: gzip Content-Range: bytes 0-30485/30486 Content-Type: text/html Date: [timestamp] Etag: [text-string] Expires: [timestamp] Last-Modified: [timestamp] Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains Transfer-Encoding: chunked Vary: origin, accept-encoding X-Content-Type-Options: nosniff X-Robots-Tag: noindex, nofollow, nosnippet, noarchive, notranslate, noimageindex, nocache, noodp X-Xss-Protection: 1; mode=block
Response headers with ESET:
Accept-Ranges: bytes Cache-Control: max-age=604800 Connection: keep-alive Content-Range: bytes 0-30485/30486 Content-Type: text/html Date: [timestamp] Etag: [text-string] Expires: [timestamp] Last-Modified: [timestamp] Referrer-Policy: strict-origin-when-cross-origin Strict-Transport-Security: max-age=31536000; includeSubDomains Transfer-Encoding: chunked Vary: origin, accept-encoding X-Content-Encoding-Over-Network: gzip X-Content-Type-Options: nosniff X-Robots-Tag: noindex, nofollow, nosnippet, noarchive, notranslate, noimageindex, nocache, noodp X-Xss-Protection: 1; mode=block
GZIP decompression not working correctly on web content
in ESET Internet Security & ESET Smart Security Premium
Posted
Hi, just wondering if there is any update to this. Thanks!