Re: Are Proxy Firewalls a Security Hole?

[Stephanus J Alex Taidri <securityfocus.ae () taidri com>]

Dav,

The 68 chars of EICAR virus-test signature must not be combined with
any other larger test file.
It may optionally be appended by any combination of whitespace
characters (not exceeding 128 chars in length) and use only allowed
whitespace chars such as: space character, tab, LF, CR, CTRL-Z.

The reason why most proxy firewall do not perform deep inspection for
larger file (more than X MB of size) because commonly virus (or
dropper) will have much smaller size to infect the victim effectively.
It may later download the real payload of virus once successfully
exploit the victim host and stay persistent.

Kind regards,
SJ Alex Taidri

On Fri, Jun 1, 2012 at 6:54 AM, Dav Fisher <dfisher3202 () gmail com> wrote:
> Given that people are sending larger and larger files, proxy firewalls
> seem to be limited since they can't inspect files after a certain
> point and the 'stream', 'flow', 'express' AV options of many of the
> proxy firewall vendors inspect only a portion of the large file. I've
> been able to put the Eicar virus in different locations of a large
> test file and successfully get the file through the firewall.
>
> So, are proxy firewalls a security hole?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------