| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 2 Aug 2004 02:17:56 +0400 From: 3APA3A <3APA3A@...URITY.NNOV.RU> To: Aleksandar Milivojevic <amilivojevic@....ca> Cc: bugtraq@...urityfocus.com Subject: Re[2]: Aladdin response regarding eSafe Dear Aleksandar Milivojevic, --Friday, July 30, 2004, 6:06:57 PM, you wrote to bugtraq@...urityfocus.com: >> engines I tested (KAV, ClamAV and others) are file-oriented. It makes >> it impossible to code good antiviral protection for proxy server with >> this engines. AM> Hm. What about option of sending one byte of data to the client every AM> minute (with configurable limit that not more than xx% of file can be AM> transffered before scanning, just in case you stummble accross site that AM> is actually that slow ;-) ), instead of just feeding him up to 80% of AM> the file in advance of file being scanned? For those that prefer a bit AM> more security over interactivity. This would prevent client from timing AM> out, 99.99% (number from the back of my head) of files would take less There is a difference between inability to create good protection (both strong and convenient) and inability to protect. Of cause, there are ways to implement protection: you can check file after each 100KB of data (anyway only first X KB of files are usually checked by antiviral software) you can send one byte per minute, you can send fake HTML headers one in a minute (they will be ignored), or you can simply show HTML page with your own progress bar for large files, you can recognize file type and act depending on it. Any of this is "hack", because there is no standardised way. -- ~/ZARAZA You know my name - look up my number (Beatles)
Powered by blists - more mailing lists