Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Esafe Protect Gateway (CVP) does not scan virus under some
From: vectro () PIPELINE COM (Ian Turner)
Date: Mon, 27 Mar 2000 22:15:21 -0800

Hash: SHA1

At a bare minimum, the eSafe Gateway should give the option of scanning all
files, regardless of MIME type.  Ideally, it would also have the option of
examining the CONTENT of the file to determine whether or not it is worth
scanning.  Using "magic numbers" to identify files is nothing new.  Unix
people can take a look at the "file" which has been using this concept to
identify file types almost since the beginning of time.

The problem with magic is that it can be forged. It would be fairly
straightforward to come up with a virus or trojan that had the magic of a
PDF file: Just have a JMP instruction at the beginning to skip over the

No, everything should be scanned, no matter what. Unfortunately there are
performance issues associated with this strategy.

Ian Turner
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]