This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hole in virus protection

There is a big hole in the virus scanner. I was reading up on trend micros Viruswall and saw a vunlerability issue posted. I read up on it and basically the proxy receives a document from a web server with real content, but which is preceded by a HTTP header with content-length field set to 0, it will pass the document to the client without scanning it.

I did the test to see if Astaro is vulnerable to it and it is! here is the website:

http://www.inside-security.de/vwall_cl0_poc.html

This is bad. Can anybody at astaro tell us is there a setting on Astaro to configure the scanner to not skip scanning if content = 0?

This thread was automatically locked due to age.

Parents

0 Brent_Gay over 21 years ago

Using the link you provided, it did allow the download of the eicar file....but it was totally sterile because the file size was 0. My local AV did not pick it up as a virus either. I do not see a problem of a virus being downloaded on the PC using this proof of concept.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Brent_Gay over 21 years ago

Using the link you provided, it did allow the download of the eicar file....but it was totally sterile because the file size was 0. My local AV did not pick it up as a virus either. I do not see a problem of a virus being downloaded on the PC using this proof of concept.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data