Re: Esafe Protect Gateway (CVP) does not scan virus under some

[Hugo.van.der.Kooij () CAIW NL (Hugo.van.der.Kooij () CAIW NL)]

On Fri, 24 Mar 2000 alonr () eAladdin com wrote:

> > On Thu, 23 Mar 2000 alonr () eAladdin com wrote:
> >
> > > The trade off between performance and protection sufficiency is a well
> > > known issue in the world of data security. As suggested by Mr. Van der
> > > Kooij, it is possible to make files go through eSafe Gateway without
> being
> > > scanned for viruses, thus creating security holes. eSafe believes that
> > > relying on file extension in order to avoid threats and virus assaults
> is
> > > highly efficient. This is definitely not due to a "flawed design". We,
> at
> > > eSafe, believe that it is possible to achieve a high level of security
> and
> > > privacy, while relying on the files extensions. In order to gain good
> > > security, and, at the same time, good network performance, it is
> possible
> > > (and recommended) to avoid scanning of files that are predefined as
> "Safe"
> > > (or files that are not defined as "Dangerous"). It would often be
> redundant
> > > to scan each and every file which goes through the system.
> >
> > The fact that ESP does not allow a security officer to make a company
> > strategy but forces a strategy upon it's customers is dangerous and for
> > some clients unacceptable.
>
> You may have overlooked the paragraph prior to that one: It is possible to
> inspect each and every file on the system. eSafe Gateway allows any system
> administrator implement any company security policy. Again, we believe that
> cutting down the number of files which are defined as dangerous is an
> optimal balance, but a worried administrator can avoid that policy and
> suspect any file regardless of its extension.

The lab tests performed by my client and duplicated in my own lab have
proven that any file using the MIME header TEXT/HTML is passed without
verificationi regardless of the extension. We used all settings as
advocated by your Dutch office to stop and scan ALL files.

Using another vendor's CVP server I was able to verify the issue was not a
FireWall-1 problem but in fact that of the ESPG CVP server. Trend Micro
did find the virus in both TEXT/PLAIN and TEXT/HTML MIME types.

I suggest you try the case with HTTP resources on a FireWall-1 v4.0 SP4
installed on a Nokia IP-440 with IPSO v3.2.0 to duplicate the test before
claiming to be bugfree.

I also suggest you verify things with the Dutch office where I did report
the issue some time ago.

Hugo.

--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij () caiw nl     http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
Use of any of my email addresses for unsollicited (commercial)
    email is a clear intrusion of my privacy and illegal!