Subject: CP FW NG FP3 fails on OPSEC CVP scanning for large files
Affected: Check Point FireWall-1 NG Feature Pack 3 Build 53225
Vendor: Check Point
Vendor Notified: Yes
Intro
Check Point FireWall-1 is enterprise firewall solution. It supports
OPSEC CVP specification for interaction with external modules,
like Antiviral scanners.
Problem description
After Feature Pack 3 installed Checkpoint fails to retrieve any file
large than 2Mb if CVP is used to check on. It makes Antiviral
scanning unusable.
Details
If SMTP message longer than 2 Mb received, FW-1:
1. puts message into spool
2. send data to CVP server
3. After sending of approx. 2Mb (or 1Mb) of data it stops
4. After 5 minutes sending is resumed
5. After CVP server approves data FW-1 places message in the
spool\d_resend and loops operation until message is marked as expired.
The detailed description of the problem (in Russian) you can find here:
http://opsec.boom.ru/ru/
(Should you have any possibility to translate the text into English,
please, send the translation to vendor)
Vendor
Vendor was contacted, but failed to reproduce problem (probably because
eSafe Gateway was used for Antiviral scanning).
***
Subject: eSafe gateway fails to catch virii if used in CVP
Affected: eSafe gateway v3.5.126.0
Vendor: Aladdin Knowlege Systems
Risk: Average
Vendor Notified: No
Intro
eSafe gateway is a suite antiviral product. eSafe gateway can be used in
conjunction with any firewall understanding OPSEC CVP specification.
Problem description
If used to check CVP stream eSafe can only catch virus located in first
15K of the stream. Antiviral protection can easily be bypassed by
sending infected message with 15K of clear data in the beginning.
***
Subject: CP FW NG FP3 fails on OPSEC CVP scanning for large files
Affected: Check Point FireWall-1 NG Feature Pack 3 Build 53225
Vendor: Check Point
Vendor Notified: Yes
Intro
Check Point FireWall-1 is enterprise firewall solution. It supports
OPSEC CVP specification for interaction with external modules,
like Antiviral scanners.
Problem description
After Feature Pack 3 installed Checkpoint fails to retrieve any file
large than 2Mb if CVP is used to check on. It makes Antiviral
scanning unusable.
Details
If SMTP message longer than 2 Mb received, FW-1:
1. puts message into spool
2. send data to CVP server
3. After sending of approx. 2Mb (or 1Mb) of data it stops
4. After 5 minutes sending is resumed
5. After CVP server approves data FW-1 places message in the
spool\d_resend and loops operation until message is marked as expired.
The detailed description of the problem (in Russian) you can find here:
http://opsec.boom.ru/ru/
(Should you have any possibility to translate the text into English,
please, send the translation to vendor)
Vendor
Vendor was contacted, but failed to reproduce problem (probably because
eSafe Gateway was used for Antiviral scanning).
***
Subject: eSafe gateway fails to catch virii if used in CVP
Affected: eSafe gateway v3.5.126.0
Vendor: Aladdin Knowlege Systems
Risk: Average
Vendor Notified: No
Intro
eSafe gateway is a suite antiviral product. eSafe gateway can be used in
conjunction with any firewall understanding OPSEC CVP specification.
Problem description
If used to check CVP stream eSafe can only catch virus located in first
15K of the stream. Antiviral protection can easily be bypassed by
sending infected message with 15K of clear data in the beginning.
Best regards,
Igor
[ reply ]