FileZilla could not download the new version

[carlosdias]

After open FileZilla, it detects a new version (3.29.0 (2017-11-06)) but can't download it. Here is the installed version:

FileZilla Client

---

Version: 3.28.0

Build information:

Compiled for: x86_64-w64-mingw32
Compiled on: x86_64-pc-linux-gnu
Build date: 2017-09-29
Compiled with: x86_64-w64-mingw32-gcc (GCC) 6.3.0 20170516
Compiler flags: -g -O2 -Wall

Linked against:

wxWidgets: 3.0.4
SQLite: 3.19.3
GnuTLS: 3.5.13

Operating system:

Name: Windows 7 (build 7601, Service Pack 1), 64-bit edition
Version: 6.1
Platform: 64-bit system
CPU features: sse sse2 sse3 ssse3 sse4.1 sse4.2
Settings dir: C:\Users\Carlos Dias\AppData\Roaming\FileZilla\

[Tim Kosse]

Please attach the complete log from the details.

[carlosdias]

Here is the complete log from the details:

Started update check on 2018-01-03 14:59:04
Own build type: official
Downloading /update.php?platform=x86_64-w64-mingw32&version=3.28.0&osversion=6.1&osarch=64&updated=1&cpuid=sse,sse2,sse3,ssse3,sse4.1,sse4.2&initial=0
Resolving address of update.filezilla-project.org
Connecting to 136.243.154.122:443...
Connection established, initializing TLS...
Verifying certificate...
TLS connection established, sending HTTP request
File transfer successful, transferred 1.583 bytes in 1 second
Parsing 1583 bytes of version information.
Found new nightly 2018-01-03
Found new release 3.29.0
Found new beta 3.30.0-rc1
Downloading /filezilla/FileZilla_3.29.0_win64-setup.exe
Resolving address of downloads.sourceforge.net
Connecting to 216.34.181.59:80...
Connection established, sending HTTP request
Resolving address of downloads.sourceforge.net
Connecting to 216.34.181.59:80...
Connection established, sending HTTP request
Resolving address of netix.dl.sourceforge.net
Connecting to 87.121.121.2:443...
Connection established, initializing TLS...
Verifying certificate...
TLS connection established, sending HTTP request
File transfer successful, transferred 7.916.104 bytes in 12 seconds

[Tim Kosse]

This makes no sense, according to the log the download was successful.

Do you by chance use any virus scanner or similar software that prevents access to the freshly downloaded file?

[carlosdias]

Thank you so much for trying to help.

Since I use Avast Free Antivirus, first I disabled Behavior Shield and it worked fine. But since I cannot have this shield disabled for obvious reasons, I tried other ways without success.

I added the following 5 URLs to the Avast's Behavior Shield Exclusion list (Avast » Settings » Components » Behavior Shield » Customize » Exclusions) and to the Web Shield Exclusions list (Avast » Settings » Components » Web Shield » Customize » Exclusions » URLs to exclude) but the download fails (and the downloaded file doesn't appear on the Avast's Virus Chest either):

​https://download.filezilla-project.org/*
​https://update.filezilla-project.org/*
https://filezilla-project.org/*
​https://downloads.sourceforge.net/*
​https://netix.dl.sourceforge.net/*

Are there any other URLs that might be used by FileZilla in the upgrade process?

[Tim Kosse]

You definitely want to uninstall your faulty antivirus product. The way it behaves is actually a security vulnerability!

Consider this: Let's say there's a new version of FileZilla that fixes a security vulnerability. Your AV prevents the update. Thus your AV, which is supposed to protect you, actually leaves you vulnerable.

In this case you at least get a dialog from FileZilla informing you about the update availability as the update check at least partially worked.

Unfortunately the same cannot be said for all software, there's many cases where update mechanisms silently fail if they are tampered with.

Using your AV product you wouldn't even know you are using outdated, insecure software. It's like walking through a mine-field, wearing a blindfold as protection.