[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Esafe Protect Gateway (CVP) does not scan virus under some
From:       Ian Turner <vectro () PIPELINE ! COM>
Date:       2000-03-28 6:15:21
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> At a bare minimum, the eSafe Gateway should give the option of scanning all
> files, regardless of MIME type.  Ideally, it would also have the option of
> examining the CONTENT of the file to determine whether or not it is worth
> scanning.  Using "magic numbers" to identify files is nothing new.  Unix
> people can take a look at the "file" which has been using this concept to
> identify file types almost since the beginning of time.

The problem with magic is that it can be forged. It would be fairly
straightforward to come up with a virus or trojan that had the magic of a
PDF file: Just have a JMP instruction at the beginning to skip over the
magic.

No, everything should be scanned, no matter what. Unfortunately there are
performance issues associated with this strategy.

Ian Turner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE44E37fn9ub9ZE1xoRAqbeAKCt4FPMntKQ7XDvBM7g3sMttHO1SwCg4LjB
S6rISjUSXa3msVCkgf309Xc=
=O8wX
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]