[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: Esafe Protect Gateway (CVP) does not scan virus under some
From: Ian Turner <vectro () PIPELINE ! COM>
Date: 2000-03-28 6:15:21
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> At a bare minimum, the eSafe Gateway should give the option of scanning all
> files, regardless of MIME type. Ideally, it would also have the option of
> examining the CONTENT of the file to determine whether or not it is worth
> scanning. Using "magic numbers" to identify files is nothing new. Unix
> people can take a look at the "file" which has been using this concept to
> identify file types almost since the beginning of time.
The problem with magic is that it can be forged. It would be fairly
straightforward to come up with a virus or trojan that had the magic of a
PDF file: Just have a JMP instruction at the beginning to skip over the
magic.
No, everything should be scanned, no matter what. Unfortunately there are
performance issues associated with this strategy.
Ian Turner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE44E37fn9ub9ZE1xoRAqbeAKCt4FPMntKQ7XDvBM7g3sMttHO1SwCg4LjB
S6rISjUSXa3msVCkgf309Xc=
=O8wX
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic