Bugtraq mailing list archives
Re: Esafe Protect Gateway (CVP) does not scan virus under some
From: vectro () PIPELINE COM (Ian Turner)
Date: Mon, 27 Mar 2000 22:15:21 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
At a bare minimum, the eSafe Gateway should give the option of scanning all files, regardless of MIME type. Ideally, it would also have the option of examining the CONTENT of the file to determine whether or not it is worth scanning. Using "magic numbers" to identify files is nothing new. Unix people can take a look at the "file" which has been using this concept to identify file types almost since the beginning of time.
The problem with magic is that it can be forged. It would be fairly straightforward to come up with a virus or trojan that had the magic of a PDF file: Just have a JMP instruction at the beginning to skip over the magic. No, everything should be scanned, no matter what. Unfortunately there are performance issues associated with this strategy. Ian Turner -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE44E37fn9ub9ZE1xoRAqbeAKCt4FPMntKQ7XDvBM7g3sMttHO1SwCg4LjB S6rISjUSXa3msVCkgf309Xc= =O8wX -----END PGP SIGNATURE-----
Current thread:
- Re: Esafe Protect Gateway (CVP) does not scan virus under some, (continued)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Lea, Michael (Mar 24)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
- Follow-Up: Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 28)
- privacy problems with HTTP cache-control Martin Pool (Mar 28)
- Objectserver vulnerability Howard M. Kash III (Mar 29)
- Citrix ICA Basic Encryption Dug Song (Mar 29)
- Re: Citrix ICA Basic Encryption Weld Pond (Mar 28)
- Re: Citrix ICA Basic Encryption Chris Knight (Mar 29)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
- Re: Security Problems with Linux 2.2.x IP Masquerading Olaf Kirch (Mar 30)
- Remote DoS Attack in Windows 2000/NT 4.0 TCP/IP Print Request Server Vulnerability Ussr Labs (Mar 30)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Lea, Michael (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Ian Turner (Mar 27)