Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Esafe Protect Gateway (CVP) does not scan virus under some

From: alonr () EALADDIN COM (Alon Rotem)
Date: Fri, 24 Mar 2000 11:00:17 +0200

Hi Daniel,

I also wrote:


This should not be a surprise to Mr. Van der Kooij, that eSafe's security

policy does not have to depend on files extensions. A network
administrator, worried >lest malicious files should enter his network due
to a scenario described hereinafter, has an option to scan files regardless
of their extensions. Such a solution >would usually be redundant, and cost
in network performance, which is often considered valuable. The procedure
by which such a configuration is set up is >described by Mr. Van der Kooij
himself.

As I wrote in my reply , if you are afraid of such incidents, you may
configure eSafe Gateway scan each and every file, regardless of their
extension. Of course this will have an effect on your network performance,
since the majority of files going though the net are not harmful.
A worried administrator can implement this alternative configuration within
seconds. There is no 100% security, but eSafe Gateway offers a very good,
very reliable, solution for any network administrator.

            Sincerely,
                Alon Rotem
               Software Engineer

Phone: [+972 4] 8811441
e-mail: alonr () eAladdin com
Listen to my music at:
http://www.audiogalaxy.com/bands/alonrotem

Aladdin. Securing The Global Village

Ashlag 22, Haifa, Israel
Tel:   +972 4 872-8899 Fax: +972 4 872-9966
Visit us at our Web site!  http://www.esafe.com

Aladdin supports Idealist. Visit http://www.idealist.org

On 24/03/2000 09:28:39 CET dfages wrote:


Hi,

Alon wrote:

It is agreed that files renaming is a common action that can be easily
performed by anyone who can use an alphanumeric keyboard, but If a

hacker

sends an infected executable file masqueraded with a "TXT" or an "MPG"
extension, it is the user's job to get the file, save it to his local
disk, rename it to a valid executable, and then run it. Such a user can
also bring an infected floppy disk from home and spread a virus in the
company's internal network, or format his own hard disk manually. The
damage and the user's involvement in damaging the system would be more

or

less equivalent.


I don't agree with this. Imagine the following scenario:
- A hacker send a trojan executable renamed in something non-
executable ; so, it won't be scanned by ESafe.
- Then, he sends an other executable (not a trojan), not renamed,
which just looks for the previous file and executes it.

This way, the trojan exe will be executed without ESafe scanning
it.

Just my 2 cents ...
*** Daniel Fages, NetGuards
*** Internet/Security Consultant
*** E-Mail : dfages () netguards net
Previous By Date Next
Previous By Thread Next

Current thread: