Re: [Clamav-users] Web Site Authentication Prior to VirusDB download
On Thu, 02 Feb 2006 at 21:31:45 -0800, Jeremy Kitchen wrote: [EMAIL PROTECTED] wrote: The company I work for has implemented a firewall that only allows certain activity through it. I have requested that the user agent string clamav/* be allowed to communicate with the internet. sorry, but blocking at the firewall/proxy level based on user-agent is one of the most absurd things I've ever heard. If they are doing it to disallow 'viruses' and whatnot from traversing the firewall, well, the virus writer can TRIVIALLY change the user-agent string to.. say.. IE, and get right through. In fact, since clamav provides the source for you, you should be able to TRIVIALLY change the user-agent string. grep, $EDITOR, and an exercise for the reader. Problem solved. -Jeremy In devel version's ChangeLog there is: Fri Jan 27 16:01:31 CET 2006 (tk) - * freshclam: new option HTTPUserAgent to force different User-Agent header Patch by Andy Fiddaman clam*fiddaman.net -- Tomasz PapszunSysAdm @ TP S.A. Lodz, Poland| And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner ___ http://lurker.clamav.net/list/clamav-users.html
[Clamav-users] Web Site Authentication Prior to VirusDB download
The company I work for has implemented a firewall that only allows certain activity through it. I have requested that the user agent string clamav/* be allowed to communicate with the internet. The request has been refused because of security concerns. The approving authority is concerned that there does not appear to be any way of verifying that the web site the database is being downloaded from is the official site. The authority would like to see either a way of supplying a user id and password for authentication to the site or an exchange of SSLv2 keys. With the current clamav software is authentication possible? Robert D. Setterlund Federal Reserve Bank of Boston 600 Atlantic Ave., Boston, MA, 02106 (617) 973-3374 [EMAIL PROTECTED] ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Web Site Authentication Prior to VirusDB download
On Thu, 2 Feb 2006, [EMAIL PROTECTED] wrote: The company I work for has implemented a firewall that only allows certain activity through it. I have requested that the user agent string clamav/* be allowed to communicate with the internet. The request has been refused because of security concerns. The approving authority is concerned that there does not appear to be any way of verifying that the web site the database is being downloaded from is the official site. The The virus db file is signed, that is how it maintains integrity. The official sites could be compromised, using that as your check is someone of false security. However there is no 'official' site, there is an every growing and changing system of mirrors. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Web Site Authentication Prior to VirusDB download
On Thu, 2 Feb 2006, [EMAIL PROTECTED] wrote: ; The company I work for has implemented a firewall that only allows certain ; activity through it. I have requested that the user agent string ; clamav/* be allowed to communicate with the internet. The request has ; been refused because of security concerns. The approving authority is ; concerned that there does not appear to be any way of verifying that the ; web site the database is being downloaded from is the official site. The ; authority would like to see either a way of supplying a user id and ; password for authentication to the site or an exchange of SSLv2 keys. With ; the current clamav software is authentication possible? There is a new option in the CVS version which allows you to change the user agent string to something already allowed by the filters.. not necessarily the way to solve it but it would work! A. ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Web Site Authentication Prior to VirusDB download
[EMAIL PROTECTED] wrote: The company I work for has implemented a firewall that only allows certain activity through it. I have requested that the user agent string clamav/* be allowed to communicate with the internet. The request has been refused because of security concerns. The approving authority is concerned that there does not appear to be any way of verifying that the web site the database is being downloaded from is the official site. The authority would like to see either a way of supplying a user id and password for authentication to the site or an exchange of SSLv2 keys. With the current clamav software is authentication possible? Someone doesn't want you to succeed I'm afraid. We run similar rules in our DMZes - and I can tell you that most commercial AVs *also* don't run from specific sites. The AVs we use (I won't name names) also load-share their pattern downloads - and most of the sites the files can end up coming down from don't even have PTR records, or at best don't match back to the domains owned by the AV companies! (i.e. they outsource to content carriers like Akami) I can't see how your approving authority has managed to allow other AV products while applying such harsh rules to your ClamAV proposal... Of course, I'd be quite willing to set up a permanent site that you can have HTTPS pattern access to for a really big fee!! ;-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ___ http://lurker.clamav.net/list/clamav-users.html
Re: [Clamav-users] Web Site Authentication Prior to VirusDB download
[EMAIL PROTECTED] wrote: The company I work for has implemented a firewall that only allows certain activity through it. I have requested that the user agent string clamav/* be allowed to communicate with the internet. sorry, but blocking at the firewall/proxy level based on user-agent is one of the most absurd things I've ever heard. If they are doing it to disallow 'viruses' and whatnot from traversing the firewall, well, the virus writer can TRIVIALLY change the user-agent string to.. say.. IE, and get right through. In fact, since clamav provides the source for you, you should be able to TRIVIALLY change the user-agent string. grep, $EDITOR, and an exercise for the reader. Problem solved. -Jeremy signature.asc Description: OpenPGP digital signature ___ http://lurker.clamav.net/list/clamav-users.html