Hi! *** Subject: CP FW NG FP3 fails on OPSEC CVP scanning for large files Affected: Check Point FireWall-1 NG Feature Pack 3 Build 53225 Vendor: Check Point Vendor Notified: Yes Intro Check Point FireWall-1 is enterprise firewall solution. It supports OPSEC CVP specification for interaction with external modules, like Antiviral scanners. Problem description After Feature Pack 3 installed Checkpoint fails to retrieve any file large than 2Mb if CVP is used to check on. It makes Antiviral scanning unusable. Details If SMTP message longer than 2 Mb received, FW-1: 1. puts message into spool 2. send data to CVP server 3. After sending of approx. 2Mb (or 1Mb) of data it stops 4. After 5 minutes sending is resumed 5. After CVP server approves data FW-1 places message in the spool\d_resend and loops operation until message is marked as expired. The detailed description of the problem (in Russian) you can find here: http://opsec.boom.ru/ru/ (Should you have any possibility to translate the text into English, please, send the translation to vendor) Vendor Vendor was contacted, but failed to reproduce problem (probably because eSafe Gateway was used for Antiviral scanning). *** Subject: eSafe gateway fails to catch virii if used in CVP Affected: eSafe gateway v3.5.126.0 Vendor: Aladdin Knowlege Systems Risk: Average Vendor Notified: No Intro eSafe gateway is a suite antiviral product. eSafe gateway can be used in conjunction with any firewall understanding OPSEC CVP specification. Problem description If used to check CVP stream eSafe can only catch virus located in first 15K of the stream. Antiviral protection can easily be bypassed by sending infected message with 15K of clear data in the beginning. Best regards, Igor
