this was off-list discussion, but I suspect it may be useful for others on the list. -C -- Information Security Analyst Good Samaritan Society e-mail: csteele@good-sam.com voice: (605) 362-3899 PGP Key fingerprint = 564F 2A97 2ADA F492 F34C 8E4A 12AF 9DC3 400E 2DD6
--- Begin Message ---
- To: Peter Bieringer <pb@bieringer.de>
- Subject: RE: UPDATE: [wcolburn@nmt.edu: SMTP relay through checkpoint firewall]
- From: "Corey J. Steele" <csteele@good-sam.com>
- Date: 25 Feb 2002 15:26:16 -0600
- Cc: Proescholdt timo <Timo.Proescholdt@brk-muenchen.de>, 'Steve VanDevender' <stevev@hexadecimal.uoregon.edu>
- In-reply-to: <109540000.1014670188@localhost>
- References: <410B51F29EA8D3118EE400508B44AE2B3C6FCD@rz-nt-mail.brk-muenchen.de> <1014386253.12936.4.camel@ws47619> <109540000.1014670188@localhost>
Well... [csteele@ws47619 csteele]$ telnet viruswall 8080 Trying XXX.XXX.XXX.XXX... Connected to viruswall. Escape character is '^]'. CONNECT mailserver:25 / HTTP/1.0 HTTP/1.0 403 Forbidden Server: Squid/2.3.STABLE4 Mime-Version: 1.0 Date: Mon, 25 Feb 2002 21:55:38 GMT Content-Type: text/html Content-Length: 729 Expires: Mon, 25 Feb 2002 21:55:38 GMT X-Squid-Error: ERR_ACCESS_DENIED 0 X-Cache: MISS from viruswall Proxy-Connection: close <HTML><HEAD> <TITLE>ERROR: The requested URL could not be retrieved</TITLE> </HEAD><BODY> <H1>ERROR</H1> <H2>The requested URL could not be retrieved</H2> <HR> <P> While trying to retrieve the URL: <A HREF="mailserver:25">mailserver:25</A> <P> The following error was encountered: <UL> <LI> <STRONG> Access Denied. </STRONG> <P> Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. </UL> <P>Your cache administrator is <A HREF="mailto:webmaster";>webmaster</A>. <br clear="all"> <hr noshade size=1> Generated Mon, 25 Feb 2002 21:55:38 GMT by viruswall (Squid/2.3.STABLE4) </BODY></HTML> Connection closed by foreign host. We have VirusWall listening on port 8080, and then sending non-viruslaced requests to a SmartFilter-enabled SQUID proxy. All systems are Linux based -- most are Red Hat 6.2, with latest applicable patches. We built squid ourselves to include SmartFilter. Hopefully this helps... Best Regarads -C On Mon, 2002-02-25 at 14:49, Peter Bieringer wrote: > Hi > > --On Friday, February 22, 2002 07:57:33 AM -0600 "Corey J. Steele" > <csteele@good-sam.com> wrote: > > > Trend's Interscan 3.6 running on Linux is not vulnerable to this > > (we are using Interscan in conjunction with squid.) > > Are you sure? I've tested 3.6 Build 1182 and I found it's proceeding > CONNECT without any problems, also to a remote mailserver: > > # telnet viruswall 80 > Trying 1.2.3.4... > Connected to viwa. > Escape character is '^]'. > CONNECT mail.server.com:25 / HTTP/1.0 > > HTTP/1.0 200 Connection established > Proxy-agent: InterScan 2.0 > > 220 mail.server.com ESMTP > mail from: <user@domain.com> > 250 ok > rcpt to: <user@domain.com> > 250 ok > data > 354 go ahead > test > . > 250 ok 1014669994 qp 21827 > quit > 221 mail.server.com > Connection closed by foreign host. > > > The only thing is that you have to type the CONNECT line quickly so > use "nc" or copy and paste for that. > > You can solve this if you using squid as dispatcher and bypass > Interscan for CONNECT (which we do on a customer installation). > > > Peter > -- Information Security Analyst Good Samaritan Society e-mail: csteele@good-sam.com voice: (605) 362-3899 PGP Key fingerprint = 564F 2A97 2ADA F492 F34C 8E4A 12AF 9DC3 400E 2DD6Attachment: signature.asc
--- End Message ---
Description: This is a digitally signed message part
Attachment:
signature.asc
Description: This is a digitally signed message part
