Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Esafe Protect Gateway (CVP) does not scan virus under some
From: ecchien () JPS NET (Eric Chien)
Date: Fri, 24 Mar 2000 12:20:38 +0100


Hello,

At 08:17 PM 3/23/2000 +0100, Hugo.van.der.Kooij () CAIW NL wrote:
On Thu, 23 Mar 2000 alonr () eAladdin com wrote:

scanned for viruses, thus creating security holes. eSafe believes that
relying on file extension in order to avoid threats and virus assaults is
highly efficient. This is definitely not due to a "flawed design". We, at
eSafe, believe that it is possible to achieve a high level of security and
privacy, while relying on the files extensions. In order to gain good

As mentioned in previous threads, Word documents do NOT require a do?
extension to spawn Word on a double-click.  Word documents can have any (or
no) extension.  We saw W97M.Melissa.I (I think<?>) spread around with the
extension  ".i" (coincidentally).

It is agreed that files renaming is a common action that can be easily
performed by anyone who can use an alphanumeric keyboard, but If a hacker
sends an infected executable file masqueraded with a "TXT" or an "MPG"
extension, it is the user's job to get the file, save it to his local disk,
rename it to a valid executable, and then run it. Such a user can also

Agreed a user must purposely rename the file in the above cases.  But not
in a Word document case.  In addition, new 'unsafe' extensions come about
everyday.  VBS, HTA, etc.

Obviously, not in eSafe's case based on this thread, and not necessarily
speaking for any particular vendor, but I believe most vendors understand
that utilizing file extensions while previously was 'good enough', it isn't
really any longer.  Most products are undergoing (some already do it) file
typing based on the header.  Otherwise, utilize Scan All Files.  Should all
products do file typing?  Yes and no.  If utilizing Scan All Files doesn't
incur any more major performance hit then I'm not sure it matters.  But
obviously, if they implement it, the product will probably be even faster
(then when using Scan All Files).

...Eric


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]