Bugtraq mailing list archives
Re: Esafe Protect Gateway (CVP) does not scan virus under some
From: alonr () EALADDIN COM (Alon Rotem)
Date: Fri, 24 Mar 2000 11:00:17 +0200
Hi Daniel, I also wrote:
This should not be a surprise to Mr. Van der Kooij, that eSafe's security
policy does not have to depend on files extensions. A network administrator, worried >lest malicious files should enter his network due to a scenario described hereinafter, has an option to scan files regardless of their extensions. Such a solution >would usually be redundant, and cost in network performance, which is often considered valuable. The procedure by which such a configuration is set up is >described by Mr. Van der Kooij himself. As I wrote in my reply , if you are afraid of such incidents, you may configure eSafe Gateway scan each and every file, regardless of their extension. Of course this will have an effect on your network performance, since the majority of files going though the net are not harmful. A worried administrator can implement this alternative configuration within seconds. There is no 100% security, but eSafe Gateway offers a very good, very reliable, solution for any network administrator. Sincerely, Alon Rotem Software Engineer Phone: [+972 4] 8811441 e-mail: alonr () eAladdin com Listen to my music at: http://www.audiogalaxy.com/bands/alonrotem Aladdin. Securing The Global Village Ashlag 22, Haifa, Israel Tel: +972 4 872-8899 Fax: +972 4 872-9966 Visit us at our Web site! http://www.esafe.com Aladdin supports Idealist. Visit http://www.idealist.org On 24/03/2000 09:28:39 CET dfages wrote:
Hi, Alon wrote:It is agreed that files renaming is a common action that can be easily performed by anyone who can use an alphanumeric keyboard, but If a
hacker
sends an infected executable file masqueraded with a "TXT" or an "MPG" extension, it is the user's job to get the file, save it to his local disk, rename it to a valid executable, and then run it. Such a user can also bring an infected floppy disk from home and spread a virus in the company's internal network, or format his own hard disk manually. The damage and the user's involvement in damaging the system would be more
or
less equivalent.I don't agree with this. Imagine the following scenario: - A hacker send a trojan executable renamed in something non- executable ; so, it won't be scanned by ESafe. - Then, he sends an other executable (not a trojan), not renamed, which just looks for the previous file and executes it. This way, the trojan exe will be executed without ESafe scanning it. Just my 2 cents ... *** Daniel Fages, NetGuards *** Internet/Security Consultant *** E-Mail : dfages () netguards net
Current thread:
- Re: Esafe Protect Gateway (CVP) does not scan virus under some alonr () EALADDIN COM (Mar 23)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Hugo.van.der.Kooij () CAIW NL (Mar 23)
- <Possible follow-ups>
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Smith, Eric V. (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Alon Rotem (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Alon Rotem (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Hugo.van.der.Kooij () CAIW NL (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Eric Chien (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Jason Brvenik (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Lea, Michael (Mar 24)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
- Follow-Up: Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 28)
- privacy problems with HTTP cache-control Martin Pool (Mar 28)
- Objectserver vulnerability Howard M. Kash III (Mar 29)
- Citrix ICA Basic Encryption Dug Song (Mar 29)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
(Thread continues...)