Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] NG FP3 Bug - Data flow problem when transferring large files

To: [email protected]
Subject: [FW-1] NG FP3 Bug - Data flow problem when transferring large files
From: "Igor U.Miturin" <[email protected]>
Date: Thu, 6 Feb 2003 11:30:23 +0300
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi!

***
Subject:                CP FW NG FP3 fails on OPSEC CVP scanning for large files
Affected:               Check Point FireWall-1 NG Feature Pack 3 Build 53225
Vendor:                 Check Point
Vendor Notified:        Yes


Problem description

After  Feature  Pack  3  installed Checkpoint fails to retrieve any file
large  than  2Mb  if  CVP  is  used to check on. It makes Antiviral
scanning unusable.

Details

If SMTP message longer than 2 Mb received, FW-1:

1. puts message into spool
2. send data to CVP server
3. After sending of approx. 2Mb (or 1Mb) of data it stops
4. After 5 minutes sending is resumed
5. After CVP server approves data FW-1 places message in the
spool\d_resend and loops operation until message is marked as expired.

The detailed description of the problem (in Russian) you can find here:
http://opsec.boom.ru/ru/
(Should you have any possibility to translate the text into English,
please, send the translation to FW-1-MAILINGLIST)

Vendor

Vendor  was contacted, but failed to reproduce problem (probably because
eSafe Gateway was used for Antiviral scanning).

***

Subject:                eSafe gateway fails to catch virii if used in CVP
Affected:               eSafe gateway v3.5.126.0
Vendor:                 Aladdin Knowlege Systems
Risk:                   Average
Vendor Notified:        No

Intro

eSafe gateway is a suite antiviral product. eSafe gateway can be used in
conjunction with any firewall understanding OPSEC CVP specification.

Problem description

If  used to check CVP stream eSafe can only catch virus located in first
15K  of  the  stream.  Antiviral  protection  can  easily be bypassed by
sending infected message with 15K of clear data in the beginning.

Best regards,
Igor

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] Nokia VPN210 / NG
Next by Date: [FW-1] AW: [FW-1] Has anyone used the SMC 7004FW Router?
Previous by thread: Re: [FW-1] Nokia VPN210 / NG
Next by thread: [FW-1] AW: [FW-1] Has anyone used the SMC 7004FW Router?
Index(es):
- Date
- Thread