Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Esafe Protect Gateway (CVP) does not scan virus under some
From: vectro () PIPELINE COM (Ian Turner)
Date: Mon, 27 Mar 2000 22:15:21 -0800


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At a bare minimum, the eSafe Gateway should give the option of scanning all
files, regardless of MIME type.  Ideally, it would also have the option of
examining the CONTENT of the file to determine whether or not it is worth
scanning.  Using "magic numbers" to identify files is nothing new.  Unix
people can take a look at the "file" which has been using this concept to
identify file types almost since the beginning of time.

The problem with magic is that it can be forged. It would be fairly
straightforward to come up with a virus or trojan that had the magic of a
PDF file: Just have a JMP instruction at the beginning to skip over the
magic.

No, everything should be scanned, no matter what. Unfortunately there are
performance issues associated with this strategy.

Ian Turner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE44E37fn9ub9ZE1xoRAqbeAKCt4FPMntKQ7XDvBM7g3sMttHO1SwCg4LjB
S6rISjUSXa3msVCkgf309Xc=
=O8wX
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]