Hi,
Please let me correct you: attachments for emails that are sent in an HTML
format (i.e. in "text/html") are scanned according to your eSafe Gateway
policy rules. Thus, your predicted scenario will fail.
Sincerely,
Alon Rotem
On 24/03/2000 16:17:52 CST "Lea, Michael" wrote:
>
>Alon Rotem wrote:
>> As I wrote in my reply , if you are afraid of such incidents, you may
>> configure eSafe Gateway scan each and every file, regardless of their
>> extension. Of course this will have an effect on your network
performance,
>> since the majority of files going though the net are not harmful.
>> A worried administrator can implement this alternative configuration
>within
>> seconds. There is no 100% security, but eSafe Gateway offers a very
good,
>> very reliable, solution for any network administrator.
>
>If it was as simple as setting eSafe to scan all file extensions, I don't
>think anybody would have a problem. But what some people seem to be
missing
>here is the second part of Hugo's message:
>
>Hugo van der Kooij wrote:
>> The problem is that anything with the MIME type set to TEXT/HTML will
not
>> be scanned regardless of the options recommended above.
>
>Even if the eSafe Gateway is configured to check all file-types, it still
>passes through files with a MIME type of text/html, regardless of
extension.
>There doesn't seem to be a way of turning this off and scanning all MIME
>types.
>
>People also seem to be missing the fact that this affects not only HTTP
>traffic, but also e-mail messages.
>
>Here's an easy illustration, that doesn't require any abnormal
intervention
>on the part of the "victim". An attacker sends a document infected with
his
>favorite macro virus to his victim in an e-mail message. The attachment
is
>identified with a MIME type of text/html, so the eSafe Gateway passes it
>through unchallenged. The victim double-clicks on the attachment and the
>mail client opens the document in the appropriate program, possibly
without
>any warnings whatsoever (Outlook 97 doesn't prompt for MS Office documents
>... others?). Voila! You've just infected your first victim.
>
>At a bare minimum, the eSafe Gateway should give the option of scanning
all
>files, regardless of MIME type. Ideally, it would also have the option of
>examining the CONTENT of the file to determine whether or not it is worth
>scanning. Using "magic numbers" to identify files is nothing new. Unix
>people can take a look at the "file" which has been using this concept to
>identify file types almost since the beginning of time.
>
>I hope everybody's got current anti-virus signatures on their
workstations.
>:-(
>
>Michael Lea
>Information Security
>Manitoba Public Insurance
>Phone: (204) 985-8224
