Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Esafe Protect Gateway (CVP) does not scan virus under some
From: EricSmith () WINDSOR COM (Smith, Eric V.)
Date: Fri, 24 Mar 2000 03:37:23 -0500

I don't think that the problem of mime types described below is as rare as
Alon Rotem would have us believe.  I've used any number of misconfigured web
sites where executables are transferred as "text/html".  The standard
procedure is in fact to use "Save as".  In fact, at one customer of mine
this was actually documented for the end users.

Is it eSafe's position that this customer just doesn't get any protection?
What arrogance.

I've never seen a problem where "ASCII conversion" (whatever that might be)
causes a problem with this procedure.  I'm not sure what system would be
doing any conversion based on mime type.  The file is just transferred as


From: alonr () EALADDIN COM [mailto:alonr () EALADDIN COM]
Another aspect of HTTP file protection taken by eSafe is the
file's header
which contains extra information about the file type (Mime
type). It is
indeed possible make an HTTP server transfer any file with a
false mime
type field. Note that HTTP clients (web browsers) treat files
by their mime
type. Files that are transferred by a mime of "text/html"
would be opened
in the browser window, and not considered as an executable
that should be
saved to disk. In order to pass an infection in such a case, the user
should once again get highly involved: Open the browser
window, initiate a
"Save As..." procedure manually to the local disk and run the
file. Also,
note that transferring files in a "text/html" mime type would usually
result in a conversion of the file to ASCII format, and will
be displayed
in the browser window with no control characters. Therefore,
even saving
and running the file would fail.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]