Bugtraq mailing list archives
Re: Esafe Protect Gateway (CVP) does not scan virus under some
From: Hugo.van.der.Kooij () CAIW NL (Hugo.van.der.Kooij () CAIW NL)
Date: Fri, 24 Mar 2000 23:17:17 +0100
On Fri, 24 Mar 2000 alonr () eAladdin com wrote:
On Thu, 23 Mar 2000 alonr () eAladdin com wrote:The trade off between performance and protection sufficiency is a well known issue in the world of data security. As suggested by Mr. Van der Kooij, it is possible to make files go through eSafe Gateway withoutbeingscanned for viruses, thus creating security holes. eSafe believes that relying on file extension in order to avoid threats and virus assaultsishighly efficient. This is definitely not due to a "flawed design". We,ateSafe, believe that it is possible to achieve a high level of securityandprivacy, while relying on the files extensions. In order to gain good security, and, at the same time, good network performance, it ispossible(and recommended) to avoid scanning of files that are predefined as"Safe"(or files that are not defined as "Dangerous"). It would often beredundantto scan each and every file which goes through the system.The fact that ESP does not allow a security officer to make a company strategy but forces a strategy upon it's customers is dangerous and for some clients unacceptable.You may have overlooked the paragraph prior to that one: It is possible to inspect each and every file on the system. eSafe Gateway allows any system administrator implement any company security policy. Again, we believe that cutting down the number of files which are defined as dangerous is an optimal balance, but a worried administrator can avoid that policy and suspect any file regardless of its extension.
The lab tests performed by my client and duplicated in my own lab have proven that any file using the MIME header TEXT/HTML is passed without verificationi regardless of the extension. We used all settings as advocated by your Dutch office to stop and scan ALL files. Using another vendor's CVP server I was able to verify the issue was not a FireWall-1 problem but in fact that of the ESPG CVP server. Trend Micro did find the virus in both TEXT/PLAIN and TEXT/HTML MIME types. I suggest you try the case with HTTP resources on a FireWall-1 v4.0 SP4 installed on a Nokia IP-440 with IPSO v3.2.0 to duplicate the test before claiming to be bugfree. I also suggest you verify things with the Dutch office where I did report the issue some time ago. Hugo. -- Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland hvdkooij () caiw nl http://home.kabelfoon.nl/~hvdkooij/ -------------------------------------------------------------- Use of any of my email addresses for unsollicited (commercial) email is a clear intrusion of my privacy and illegal!
Current thread:
- Re: Esafe Protect Gateway (CVP) does not scan virus under some alonr () EALADDIN COM (Mar 23)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Hugo.van.der.Kooij () CAIW NL (Mar 23)
- <Possible follow-ups>
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Smith, Eric V. (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Alon Rotem (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Alon Rotem (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Hugo.van.der.Kooij () CAIW NL (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Eric Chien (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Jason Brvenik (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Lea, Michael (Mar 24)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
- Follow-Up: Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 28)
- privacy problems with HTTP cache-control Martin Pool (Mar 28)
- Objectserver vulnerability Howard M. Kash III (Mar 29)
- Citrix ICA Basic Encryption Dug Song (Mar 29)
- Re: Citrix ICA Basic Encryption Weld Pond (Mar 28)
- Re: Citrix ICA Basic Encryption Chris Knight (Mar 29)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)