Bugtraq mailing list archives
Re: Esafe Protect Gateway (CVP) does not scan virus under some
From: Hugo.van.der.Kooij () CAIW NL (Hugo.van.der.Kooij () CAIW NL)
Date: Thu, 23 Mar 2000 20:17:33 +0100
On Thu, 23 Mar 2000 alonr () eAladdin com wrote:
The trade off between performance and protection sufficiency is a well known issue in the world of data security. As suggested by Mr. Van der Kooij, it is possible to make files go through eSafe Gateway without being scanned for viruses, thus creating security holes. eSafe believes that relying on file extension in order to avoid threats and virus assaults is highly efficient. This is definitely not due to a "flawed design". We, at eSafe, believe that it is possible to achieve a high level of security and privacy, while relying on the files extensions. In order to gain good security, and, at the same time, good network performance, it is possible (and recommended) to avoid scanning of files that are predefined as "Safe" (or files that are not defined as "Dangerous"). It would often be redundant to scan each and every file which goes through the system.
The fact that ESP does not allow a security officer to make a company strategy but forces a strategy upon it's customers is dangerous and for some clients unacceptable.
It is agreed that files renaming is a common action that can be easily performed by anyone who can use an alphanumeric keyboard, but If a hacker sends an infected executable file masqueraded with a "TXT" or an "MPG" extension, it is the user's job to get the file, save it to his local disk, rename it to a valid executable, and then run it. Such a user can also bring an infected floppy disk from home and spread a virus in the company's internal network, or format his own hard disk manually. The damage and the user's involvement in damaging the system would be more or less equivalent.
Using a system without floppy drives and using an operating systems that does not allow users to do such harmfull activities is a path chosen by some companies. Telling someone they should not put a lock on the frontdoor because they may have an open backdoor is a poor excuse for a locksmit that was ordered to secure the frontdoor.
In conclusion, Mr. Van der Kooij has insinuated that according to eSafe there is "No fix available". The subject described above is not a bug, nor a security problem. Hence, no fix is needed. eSafe Gateway provides excellent security and safe network environments.
Unfortunatlyy your Dutch office does not concur nor does your development centre. The Dutch office informed me the issue is no know by the ID: DR/047 and being handled by the development crew. The overal message you are sending is that we should be confident that any file passed through uninspected can't be harmfull in any way. However my customers don't agree and find this unacceptable and so do I. The purpose of the BugTraq mailinglist is to inform people of known problems and if possible to solutions or at least of workarounds. Unfortunatly there is no usable workaround. My customers don't just expect that they will not be harmed by a virus but that a maximum effort is done to prevent any harmfull activities. At present ESP does not live up to that expectation because someone made a choice that they find an unacceptable security breach. Hugo. -- Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland hvdkooij () caiw nl http://home.kabelfoon.nl/~hvdkooij/ -------------------------------------------------------------- Use of any of my email addresses for unsollicited (commercial) email is a clear intrusion of my privacy and illegal!
Current thread:
- Re: Esafe Protect Gateway (CVP) does not scan virus under some alonr () EALADDIN COM (Mar 23)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Hugo.van.der.Kooij () CAIW NL (Mar 23)
- <Possible follow-ups>
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Smith, Eric V. (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Alon Rotem (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Alon Rotem (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Hugo.van.der.Kooij () CAIW NL (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Eric Chien (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Jason Brvenik (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Lea, Michael (Mar 24)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
- Follow-Up: Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 28)
- privacy problems with HTTP cache-control Martin Pool (Mar 28)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
(Thread continues...)