Bugtraq mailing list archives
Re: Esafe Protect Gateway (CVP) does not scan virus under some
From: jason.brvenik () USDOJ GOV (Jason Brvenik)
Date: Fri, 24 Mar 2000 10:35:17 -0500
Just to add a little here to remind how easy it is to do simple trickery. "Hugo.van.der.Kooij () CAIW NL" wrote: [snip]
The overal message you are sending is that we should be confident that any file passed through uninspected can't be harmfull in any way. However my customers don't agree and find this unacceptable and so do I.
A traditionally safe file would be a .pdf or .movie, remember that NT will execute any executable regardless of the extension if it is invoked through the start command. Simple situation, I provide a supposed link to a .movie file which is actually an executable with an embedded .avi (could be any nonstandard non executable file type .movie just works well) for download. The web server presents this as video/x-sgi-movie for the mime type. The user saves it to disk and follows the brief instruction for playing it by doing a start/run "start [download path]\test.movie" the trojaned file looks like a movie playing and exits but has delivered it's payload in the interim. Demo: copy notepad.exe to %TEMP%\test.movie do a start/run type in "start [tmpdir]\test.movie" you now have notepad up on the screen.
The purpose of the BugTraq mailinglist is to inform people of known problems and if possible to solutions or at least of workarounds. Unfortunatly there is no usable workaround. My customers don't just expect that they will not be harmed by a virus but that a maximum effort is done to prevent any harmfull activities. At present ESP does not live up to that expectation because someone made a choice that they find an unacceptable security breach. Hugo. -- Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland hvdkooij () caiw nl http://home.kabelfoon.nl/~hvdkooij/ -------------------------------------------------------------- Use of any of my email addresses for unsollicited (commercial) email is a clear intrusion of my privacy and illegal!
Current thread:
- Re: Esafe Protect Gateway (CVP) does not scan virus under some alonr () EALADDIN COM (Mar 23)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Hugo.van.der.Kooij () CAIW NL (Mar 23)
- <Possible follow-ups>
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Smith, Eric V. (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Alon Rotem (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Alon Rotem (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Hugo.van.der.Kooij () CAIW NL (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Eric Chien (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Jason Brvenik (Mar 24)
- Re: Esafe Protect Gateway (CVP) does not scan virus under some Lea, Michael (Mar 24)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
- Follow-Up: Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 28)
- privacy problems with HTTP cache-control Martin Pool (Mar 28)
- Objectserver vulnerability Howard M. Kash III (Mar 29)
- Citrix ICA Basic Encryption Dug Song (Mar 29)
- Re: Citrix ICA Basic Encryption Weld Pond (Mar 28)
- Re: Citrix ICA Basic Encryption Chris Knight (Mar 29)
- Security Problems with Linux 2.2.x IP Masquerading H D Moore (Mar 27)
- Re: Security Problems with Linux 2.2.x IP Masquerading Olaf Kirch (Mar 30)
- Remote DoS Attack in Windows 2000/NT 4.0 TCP/IP Print Request Server Vulnerability Ussr Labs (Mar 30)