lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <410A5601.1070407@pbl.ca>
Date: Fri, 30 Jul 2004 09:06:57 -0500
From: Aleksandar Milivojevic <amilivojevic@....ca>
To: bugtraq@...urityfocus.com
Subject: Re: Aladdin response regarding eSafe


3APA3A wrote:
> I  know  this  problem  it  not  eSafe  specific.  In fact, I don't know
> antiviral  engine  capable  to  catch  signature  in  the stream of data
> immediately  after  signature  is  arrived  in the stream. All antiviral
> engines I tested (KAV, ClamAV and others) are file-oriented. It makes it
> impossible  to code good antiviral protection for proxy server with this
> engines.

Hm.  What about option of sending one byte of data to the client every 
minute (with configurable limit that not more than xx% of file can be 
transffered before scanning, just in case you stummble accross site that 
is actually that slow ;-) ), instead of just feeding him up to 80% of 
the file in advance of file being scanned?  For those that prefer a bit 
more security over interactivity.  This would prevent client from timing 
out, 99.99% (number from the back of my head) of files would take less 
than a minute to download (and therefore would be scanned even before 
first byte is transferred to the client).  For normal HTML pages, client 
wouldn't see any significant latency (nothing he couldn't live with, 
anyhow), because those are small and AV proxy should be able to fetch 
them in second or two.  The problem would be very large files over slow 
links (CD images, for example), but than when downloading something that 
large, nobody expects interactivity (and if you know there's AV 
somewhere in between, you just learn to live with progress bar that 
stays at 0%, and than jumps to 100%).  Or you just implement status page 
on AV proxy where client could check actual status of his downloads...

-- 
Aleksandar Milivojevic <amilivojevic@....ca>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ