Bugtraq mailing list archives
Re: Esafe Protect Gateway (CVP) does not scan virus under some
From: ecchien () JPS NET (Eric Chien)
Date: Fri, 24 Mar 2000 12:20:38 +0100
Hello, At 08:17 PM 3/23/2000 +0100, Hugo.van.der.Kooij () CAIW NL wrote:
On Thu, 23 Mar 2000 alonr () eAladdin com wrote:
scanned for viruses, thus creating security holes. eSafe believes that relying on file extension in order to avoid threats and virus assaults is highly efficient. This is definitely not due to a "flawed design". We, at eSafe, believe that it is possible to achieve a high level of security and privacy, while relying on the files extensions. In order to gain good
As mentioned in previous threads, Word documents do NOT require a do? extension to spawn Word on a double-click. Word documents can have any (or no) extension. We saw W97M.Melissa.I (I think<?>) spread around with the extension ".i" (coincidentally).
It is agreed that files renaming is a common action that can be easily performed by anyone who can use an alphanumeric keyboard, but If a hacker sends an infected executable file masqueraded with a "TXT" or an "MPG" extension, it is the user's job to get the file, save it to his local disk, rename it to a valid executable, and then run it. Such a user can also
Agreed a user must purposely rename the file in the above cases. But not in a Word document case. In addition, new 'unsafe' extensions come about everyday. VBS, HTA, etc. Obviously, not in eSafe's case based on this thread, and not necessarily speaking for any particular vendor, but I believe most vendors understand that utilizing file extensions while previously was 'good enough', it isn't really any longer. Most products are undergoing (some already do it) file typing based on the header. Otherwise, utilize Scan All Files. Should all products do file typing? Yes and no. If utilizing Scan All Files doesn't incur any more major performance hit then I'm not sure it matters. But obviously, if they implement it, the product will probably be even faster (then when using Scan All Files). ...Eric
Current thread:
- Re: Esafe Protect Gateway (CVP) does not scan virus under some alonr () EALADDIN COM (Mar 23)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Hugo.van.der.Kooij () CAIW NL (Mar 23)
- <Possible follow-ups>
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Smith, Eric V. (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Alon Rotem (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Alon Rotem (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Hugo.van.der.Kooij () CAIW NL (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Eric Chien (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Jason Brvenik (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Lea, Michael (Mar 24)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
- Follow-Up: Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 28)
- privacy problems with HTTP cache-control Martin Pool (Mar 28)
- Objectserver vulnerability Howard M. Kash III (Mar 29)
- Citrix ICA Basic Encryption Dug Song (Mar 29)
- Re: Citrix ICA Basic Encryption Weld Pond (Mar 28)
- Re: Citrix ICA Basic Encryption Chris Knight (Mar 29)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
- Re: Security Problems with Linux 2.2.x IP Masquerading Olaf Kirch (Mar 30)