[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Virus



    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


With all due respect, I'd have to disagree with this approach.  I wouldn't
trust such a critical software package just because it finds a 'test file'
written by the manufacturer.  It wouldn't surprise me if this test didn't
even exercise the virus code at all (this is pure conjecture, I have no
experience with this particular product whatsoever).  How hard is it to
write a line of code to say "Hey, if you see this file come in, pretend you
just found a virus".  This is like having a firewall audited by the
person/company who set it up.  Of course it's going to pass.

I think Daniel's approach is valid.  Set up a test network, have some folks
send in some real viruses.  If you can't do it on a test network, have a
safety net that will catch anything that slips by.

My $0.02.

Regards,
Beau

Beau Monday, MCSE
IS Manager
BSQUARE Corporation
425.519.5931
bmonday@bsquare.com

		-----Original Message-----
		From:	Edmund Ott [mailto:edmund.ott@brose.de]
		Sent:	Friday, April 30, 1999 1:33 AM
		To:	Bourque Daniel; CheckPoint_Mailing_List
		Subject:	Re: [FW1] Virus


		Hello,

		we are using TrendMicro's InterScan VirusWall to scan SMTP
and HTTP.
		I never use real viruses to test the VirusWall. TrendMicro
provides a
		testfile which is not a virus but recognized by some some
		anti-virus-programs. Nevertheless you can't use it to prove
whether your
		software is up to date.

		You may download it from:
		  http://www.antivirus.com/vinfo/testfiles/index.htm


		Bourque Daniel schrieb:
		> 
		> I know it sound stupid but...
		> 
		> Can somebody send me a Happy99 virus or some easy to
detect one?  I need to
		> test my new e-safe anti-virus...
		> 
		> Please, send that to daniel.bourque@loto-quebec.com   NOT
TO THE LIST....
		> 
		>
============================================================================
====
		>      To unsubscribe from this mailing list, please see the
instructions at
		>
http://www.checkpoint.com/services/mailing.html
		>
============================================================================
====



	
============================================================================
====
		     To unsubscribe from this mailing list, please see the
instructions at
	
http://www.checkpoint.com/services/mailing.html
	
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================