mailing list archives
Re: Esafe Protect Gateway (CVP) does not scan virus under some
From: alonr () EALADDIN COM (Alon Rotem)
Date: Sun, 26 Mar 2000 14:57:11 +0200
Please let me correct you: attachments for emails that are sent in an HTML
format (i.e. in "text/html") are scanned according to your eSafe Gateway
policy rules. Thus, your predicted scenario will fail.
On 24/03/2000 16:17:52 CST "Lea, Michael" wrote:
Alon Rotem wrote:
As I wrote in my reply , if you are afraid of such incidents, you may
configure eSafe Gateway scan each and every file, regardless of their
extension. Of course this will have an effect on your network
since the majority of files going though the net are not harmful.
A worried administrator can implement this alternative configuration
seconds. There is no 100% security, but eSafe Gateway offers a very
very reliable, solution for any network administrator.
If it was as simple as setting eSafe to scan all file extensions, I don't
think anybody would have a problem. But what some people seem to be
here is the second part of Hugo's message:
Hugo van der Kooij wrote:
The problem is that anything with the MIME type set to TEXT/HTML will
be scanned regardless of the options recommended above.
Even if the eSafe Gateway is configured to check all file-types, it still
passes through files with a MIME type of text/html, regardless of
There doesn't seem to be a way of turning this off and scanning all MIME
People also seem to be missing the fact that this affects not only HTTP
traffic, but also e-mail messages.
Here's an easy illustration, that doesn't require any abnormal
on the part of the "victim". An attacker sends a document infected with
favorite macro virus to his victim in an e-mail message. The attachment
identified with a MIME type of text/html, so the eSafe Gateway passes it
through unchallenged. The victim double-clicks on the attachment and the
mail client opens the document in the appropriate program, possibly
any warnings whatsoever (Outlook 97 doesn't prompt for MS Office documents
... others?). Voila! You've just infected your first victim.
At a bare minimum, the eSafe Gateway should give the option of scanning
files, regardless of MIME type. Ideally, it would also have the option of
examining the CONTENT of the file to determine whether or not it is worth
scanning. Using "magic numbers" to identify files is nothing new. Unix
people can take a look at the "file" which has been using this concept to
identify file types almost since the beginning of time.
I hope everybody's got current anti-virus signatures on their
Manitoba Public Insurance
Phone: (204) 985-8224
Re: Esafe Protect Gateway (CVP) does not scan virus under some Ian Turner (Mar 28)
Re: Esafe Protect Gateway (CVP) does not scan virus under some Alon Rotem (Mar 26)