Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Esafe Protect Gateway (CVP) does not scan virus under some
From: Hugo.van.der.Kooij () CAIW NL (Hugo.van.der.Kooij () CAIW NL)
Date: Thu, 23 Mar 2000 20:17:33 +0100

On Thu, 23 Mar 2000 alonr () eAladdin com wrote:

The trade off between performance and protection sufficiency is a well
known issue in the world of data security. As suggested by Mr. Van der
Kooij, it is possible to make files go through eSafe Gateway without being
scanned for viruses, thus creating security holes. eSafe believes that
relying on file extension in order to avoid threats and virus assaults is
highly efficient. This is definitely not due to a "flawed design". We, at
eSafe, believe that it is possible to achieve a high level of security and
privacy, while relying on the files extensions. In order to gain good
security, and, at the same time, good network performance, it is possible
(and recommended) to avoid scanning of files that are predefined as "Safe"
(or files that are not defined as "Dangerous"). It would often be redundant
to scan each and every file which goes through the system.

The fact that ESP does not allow a security officer to make a company
strategy but forces a strategy upon it's customers is dangerous and for
some clients unacceptable.

It is agreed that files renaming is a common action that can be easily
performed by anyone who can use an alphanumeric keyboard, but If a hacker
sends an infected executable file masqueraded with a "TXT" or an "MPG"
extension, it is the user's job to get the file, save it to his local disk,
rename it to a valid executable, and then run it. Such a user can also
bring an infected floppy disk from home and spread a virus in the company's
internal network, or format his own hard disk manually. The damage and the
user's involvement in damaging the system would be more or less equivalent.

Using a system without floppy drives and using an operating systems that
does not allow users to do such harmfull activities is a path chosen by
some companies.

Telling someone they should not put a lock on the frontdoor because they
may have an open backdoor is a poor excuse for a locksmit that was ordered
to secure the frontdoor.

In conclusion, Mr. Van der Kooij has insinuated that according to eSafe
there is "No fix available". The subject described above is not a bug, nor
a security problem. Hence, no fix is needed. eSafe Gateway provides
excellent security and safe network environments.

Unfortunatlyy your Dutch office does not concur nor does your development
centre. The Dutch office informed me the issue is no know by the ID:
DR/047 and being handled by the development crew.

The overal message you are sending is that we should be confident that any
file passed through uninspected can't be harmfull in any way. However my
customers don't agree and find this unacceptable and so do I.

The purpose of the BugTraq mailinglist is to inform people of known
problems and if possible to solutions or at least of workarounds.
Unfortunatly there is no usable workaround.

My customers don't just expect that they will not be harmed by a virus but
that a maximum effort is done to prevent any harmfull activities. At
present ESP does not live up to that expectation because someone made a
choice that they find an unacceptable security breach.


Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij () caiw nl     http://home.kabelfoon.nl/~hvdkooij/
Use of any of my email addresses for unsollicited (commercial)
    email is a clear intrusion of my privacy and illegal!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]