Bugtraq mailing list archives
Re: Esafe Protect Gateway (CVP) does not scan virus under some
From: EricSmith () WINDSOR COM (Smith, Eric V.)
Date: Fri, 24 Mar 2000 03:37:23 -0500
I don't think that the problem of mime types described below is as rare as Alon Rotem would have us believe. I've used any number of misconfigured web sites where executables are transferred as "text/html". The standard procedure is in fact to use "Save as". In fact, at one customer of mine this was actually documented for the end users. Is it eSafe's position that this customer just doesn't get any protection? What arrogance. I've never seen a problem where "ASCII conversion" (whatever that might be) causes a problem with this procedure. I'm not sure what system would be doing any conversion based on mime type. The file is just transferred as is. Eric.
From: alonr () EALADDIN COM [mailto:alonr () EALADDIN COM] Another aspect of HTTP file protection taken by eSafe is the file's header which contains extra information about the file type (Mime type). It is indeed possible make an HTTP server transfer any file with a false mime type field. Note that HTTP clients (web browsers) treat files by their mime type. Files that are transferred by a mime of "text/html" would be opened in the browser window, and not considered as an executable that should be saved to disk. In order to pass an infection in such a case, the user should once again get highly involved: Open the browser window, initiate a "Save As..." procedure manually to the local disk and run the file. Also, note that transferring files in a "text/html" mime type would usually result in a conversion of the file to ASCII format, and will be displayed in the browser window with no control characters. Therefore, even saving and running the file would fail.
Current thread:
- Re: Esafe Protect Gateway (CVP) does not scan virus under some alonr () EALADDIN COM (Mar 23)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Hugo.van.der.Kooij () CAIW NL (Mar 23)
- <Possible follow-ups>
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Smith, Eric V. (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Alon Rotem (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Alon Rotem (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Hugo.van.der.Kooij () CAIW NL (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Eric Chien (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Jason Brvenik (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Lea, Michael (Mar 24)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
- Follow-Up: Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 28)
- privacy problems with HTTP cache-control Martin Pool (Mar 28)
- Objectserver vulnerability Howard M. Kash III (Mar 29)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
(Thread continues...)