Jump to content

gmr-prog

Members
 View Profile  See their activity

  • Posts

    10

  • Joined

  • Last visited

 Content Type 

Posts posted by gmr-prog

    GZIP decompression not working correctly on web content

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    4 minutes ago, itman said:

    Reviewing the above posted response headers, it appears Eset is using GZip to compress the data again after analysis and that is where the issue lies. With Eset out of the picture, this header does not appear; 

    X-Content-Encoding-Over-Network: gzip

    If ESET was re-compressing, I would expect the  

    Content-Encoding: gzip

    header to remain in the response, but it doesn't. Because it doesn't, if ESET is re-compressing, then the browser would be lost every time, trying to interpret a compressed file as uncompressed.

    I can't find any reference to "X-Content-Encoding-Over-Network" online other than in conjunction with ESET. I suspect it may be a proprietary header that indicates "this was compressed with GZIP when it reached ESET, but ESET decompressed it and had to remove the Content-Encoding header, so this is the record that that happened".

    GZIP decompression not working correctly on web content

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    2 minutes ago, Marcos said:

    I assume that the application doesn't expect the scanned content to be gzipped but it can be already unpacked. Or is that a wrong assumption? If gzip is expected then the only solution will be creating an exception.

    It is ok if the content is already unpacked by the time it reaches the browser. Our issue is that it appears the content is not always being unpacked correctly, resulting in "ERR_INCOMPLETE_CHUNKED_ENCODING" errors reported by the browser.

    GZIP decompression not working correctly on web content

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    17 hours ago, itman said:

    In the same Eset GUI section, you can exclude SSL/TLS scanning based on the certificate associated with the domain/URL of your web based app.

    I tried that, and with that rule in place, our content does indeed work as expected.

    While we will still work towards a solution that will resolve the problem completely, this is a useful option to have in case it becomes necessary. Thanks for the information!

    GZIP decompression not working correctly on web content

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    39 minutes ago, itman said:

    Appears this a known issue: https://github.com/kucharzyk/spring-angular2-starter/issues/35 .

    Yes, we found that Github page and the Stack Overflow page linked in it, among other pages, as part of our research. These pages pointed us in the direction of investigating ESET.

    39 minutes ago, itman said:

    Have you tried excluding your app from Eset SSL/TLS protocol scanning by setting Scan action to "Ignore"?

     

    Note that this does put your Eset customers at risk in the event your app may contain malware.

    Our software is browser-based; it wouldn't be feasible to ask our clients to exclude their web browsers from their security scans.

    GZIP decompression not working correctly on web content

    in ESET Internet Security & ESET Smart Security Premium

    Posted

    We are a vendor of web-based software with multiple clients that use the ESET anti-virus package as a corporate standard. These clients have reported issues viewing our content in Chrome or Edge browsers. Sometimes a page will show up blank, and other times a string of nonsense characters is displayed on the screen. The developer tools revealed the presence of "ERR_INCOMPLETE_CHUNKED_ENCODING" errors when retrieving certain files, intermittently but frequently.

     

    We have narrowed down the problem to a conflict between our software and ESET. We do not experience these symptoms when running on machines not equipped with ESET, and we do not experience them when running on a machine with ESET for which specifically the "HTTP(S) traffic scanning" setting has been disabled (just turning off protection doesn't seem to make an impact).
     
    What appears to be happening is that we use GZIP compression on files retrieved from our server, and ESET decompresses them to scan them and delivers them to the browser uncompressed with the appropriate headers altered. However, something appears to be going wrong with the decompression, and the results being delivered to the browser are not always correct. In fact, for testing purposes we disabled compression on our server, and the software was delivered correctly with ESET running.
    Below is a sampling of the response headers that the browser gets when ESET is not running vs. the response headers that the browser gets when ESET is running and the issue occurs. (Monitoring at the server side, the response headers were the same in both cases, other than timestamps.) Is there something we can add to prevent ESET from having these issues? Alternatively, is there a setting that would allow our clients to bypass that scan just for our software? We tried experimenting with the "List of addresses excluded from content scan" setting, but that didn't seem to help. If it matters, our in-house testing has been with ESET Smart Security Premium.

    Response headers without ESET: 

    Accept-Ranges: bytes
Cache-Control: max-age=604800
Connection: keep-alive
Content-Encoding: gzip
Content-Range: bytes 0-30485/30486
Content-Type: text/html
Date: [timestamp]
Etag: [text-string]
Expires: [timestamp]
Last-Modified: [timestamp]
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transfer-Encoding: chunked
Vary: origin, accept-encoding
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive, notranslate, noimageindex, nocache, noodp
X-Xss-Protection: 1; mode=block

    Response headers with ESET: 

    Accept-Ranges: bytes
Cache-Control: max-age=604800
Connection: keep-alive
Content-Range: bytes 0-30485/30486
Content-Type: text/html
Date: [timestamp]
Etag: [text-string]
Expires: [timestamp]
Last-Modified: [timestamp]
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transfer-Encoding: chunked
Vary: origin, accept-encoding
X-Content-Encoding-Over-Network: gzip
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive, notranslate, noimageindex, nocache, noodp
X-Xss-Protection: 1; mode=block
×
×
  • Create New...