[14410] in bugtraq
Re: Esafe Protect Gateway (CVP) does not scan virus under some
daemon@ATHENA.MIT.EDU (Alon Rotem)
Fri Mar 24 16:42:07 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Message-Id: <OFD5843980.2982836F-ON422568AC.0030F2E0@aladdin.co.il>
Date: Fri, 24 Mar 2000 11:00:17 +0200
Reply-To: alonr@EALADDIN.COM
From: Alon Rotem <alonr@EALADDIN.COM>
X-To: dfages@netguards.net
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
Hi Daniel,
I also wrote:
>This should not be a surprise to Mr. Van der Kooij, that eSafe's security
policy does not have to depend on files extensions. A network
administrator, worried >lest malicious files should enter his network due
to a scenario described hereinafter, has an option to scan files regardless
of their extensions. Such a solution >would usually be redundant, and cost
in network performance, which is often considered valuable. The procedure
by which such a configuration is set up is >described by Mr. Van der Kooij
himself.
As I wrote in my reply , if you are afraid of such incidents, you may
configure eSafe Gateway scan each and every file, regardless of their
extension. Of course this will have an effect on your network performance,
since the majority of files going though the net are not harmful.
A worried administrator can implement this alternative configuration within
seconds. There is no 100% security, but eSafe Gateway offers a very good,
very reliable, solution for any network administrator.
Sincerely,
Alon Rotem
Software Engineer
Phone: [+972 4] 8811441
e-mail: alonr@eAladdin.com
Listen to my music at:
http://www.audiogalaxy.com/bands/alonrotem
Aladdin. Securing The Global Village
Ashlag 22, Haifa, Israel
Tel: +972 4 872-8899 Fax: +972 4 872-9966
Visit us at our Web site! http://www.esafe.com
Aladdin supports Idealist. Visit http://www.idealist.org
On 24/03/2000 09:28:39 CET dfages wrote:
>
>Hi,
>
>Alon wrote:
>> It is agreed that files renaming is a common action that can be easily
>> performed by anyone who can use an alphanumeric keyboard, but If a
hacker
>> sends an infected executable file masqueraded with a "TXT" or an "MPG"
>> extension, it is the user's job to get the file, save it to his local
>> disk, rename it to a valid executable, and then run it. Such a user can
>> also bring an infected floppy disk from home and spread a virus in the
>> company's internal network, or format his own hard disk manually. The
>> damage and the user's involvement in damaging the system would be more
or
>> less equivalent.
>
>I don't agree with this. Imagine the following scenario:
>- A hacker send a trojan executable renamed in something non-
>executable ; so, it won't be scanned by ESafe.
>- Then, he sends an other executable (not a trojan), not renamed,
>which just looks for the previous file and executes it.�
>
>This way, the trojan exe will be executed without ESafe scanning
>it.�
>�
>Just my 2 cents ...
>*** Daniel Fages, NetGuards
>*** Internet/Security Consultant
>*** E-Mail : dfages@netguards.net
