Hi!

***

Subject: CP FW NG FP3 fails on OPSEC CVP scanning for large files
Affected: Check Point FireWall-1 NG Feature Pack 3 Build 53225
Vendor: Check Point
Vendor Notified: Yes

Intro

Check Point FireWall-1 is enterprise firewall solution. It supports
OPSEC CVP specification for interaction with external modules,
like Antiviral scanners.

Problem description

After Feature Pack 3 installed Checkpoint fails to retrieve any file
large than 2Mb if CVP is used to check on. It makes Antiviral
scanning unusable.

Details

If SMTP message longer than 2 Mb received, FW-1:

1. puts message into spool
2. send data to CVP server
3. After sending of approx. 2Mb (or 1Mb) of data it stops
4. After 5 minutes sending is resumed
5. After CVP server approves data FW-1 places message in the
spool\d_resend and loops operation until message is marked as expired.

The detailed description of the problem (in Russian) you can find here:
http://opsec.boom.ru/ru/
(Should you have any possibility to translate the text into English,
please, send the translation to vendor)

Vendor

Vendor was contacted, but failed to reproduce problem (probably because
eSafe Gateway was used for Antiviral scanning).

***

Subject: eSafe gateway fails to catch virii if used in CVP
Affected: eSafe gateway v3.5.126.0
Vendor: Aladdin Knowlege Systems
Risk: Average
Vendor Notified: No

Intro

eSafe gateway is a suite antiviral product. eSafe gateway can be used in
conjunction with any firewall understanding OPSEC CVP specification.

Problem description

If used to check CVP stream eSafe can only catch virus located in first
15K of the stream. Antiviral protection can easily be bypassed by
sending infected message with 15K of clear data in the beginning.

Best regards,
Igor

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]