[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] eSafe scanning

To: 'Chris F' <freaknetboy@yahoo.com>
Subject: RE: [FW1] eSafe scanning
From: Ken Lui <Ken.Lui@gov.edmonton.ab.ca>
Date: Mon, 3 May 1999 09:14:38 -0600
Cc: 'Firewall mailing list' <fw-1-mailinglist@lists.us.checkpoint.com>
    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


That's strange. We don't have any problem with ActiveX/Java scrubbing. The
only time that we get "Fail to contact Content Security server" is when ESPG
goes down.

I missed your last posting about updating the virus table for the remote
client. There is no Update button on the Virus Table GUI page. How do you
update it. Should it only reflect the version of ESPG box? Why the remote
GUI need a virus table? It is not doing the scanning.

Ken Lui

-----Original Message-----
From: Chris F [mailto:freaknetboy@yahoo.com]
Sent: Monday, May 03, 1999 8:52 AM
To: Ken Lui
Subject: RE: [FW1] eSafe scanning


Ken,

Thanks for the tip...unfortunately, I have tried that
without success. I still get file truncation. I also
get "Failed to contact Content Security Server" if I
employ the HTTP/Java/ActiveX scrubbing. Strange.

I have eSafe helping me try to find out what is going
on. They sent me some debugging tools. It appears that
the ESPG actually gets the entire 35MB file, but it
fails to forward it to the FTP client. This is what I
derived from the debugging file, anyway. I sent it to
eSafe, but I have yet to hear from them.

Did you get my post about updating your remote
client's virus pattern file? You can update your
remote client's virus pattern file just as you can
update your ESPG's.

After my first response to your email, I thought I
would try to update my remote client...sure enough:
Success! Now both have dates 4/25/99.

Take Care,

   Chris

--- Ken Lui <Ken.Lui@gov.edmonton.ab.ca> wrote:
> Chris,
> 
> I may be able to help with your problem. You can
> relax the  Defeat Timeout
> setting to Low, or even better, choose custome to
> set it to 20% after 10
> seconds. The worst is that user may recevie 20% of
> the infected file. In
> most case, the partial file is not usable anyway.
> 
> Ken Lui 
> 
> -----Original Message-----
> From: Chris F [mailto:freaknetboy@yahoo.com]
> Sent: Monday, May 03, 1999 8:28 AM
> To: Ken Lui
> Subject: Re: [FW1] eSafe scanning
> 
> 
> Ken,
> 
> I have a similar setup as you, but not the same
> problems.
> 
> I have eSafe v2.0 (93) on NT 4.0 (SP3) P233/128MB
> RAM
> FW1 v3.0b (3083) on Solaris 2.5.1
> 
> My problem is that any file that is FTP-ed greater
> than about 10MB is truncated (ex. only 10-12MBs of a
> 35MB file will be downloaded).
> 
> I do not have Text Inspection in use.
> 
> Yes -- I also have my remote client say the Virus
> Info
> List is dated 2/18/99, but my actual EPSG server
> says
> 4/25/99. I do not know the difference. My educated
> guess is that the remote client has it's own list,
> and
> therefore, it will get outdated until a new remote
> client is released. If you find otherwise, please
> let
> me know.
> 
> Good luck in finding a solution with your issues. I
> hope to find one for mine soon.
> 
> Take Care -- Chris
> 
> 
> 
> --- Ken Lui <Ken.Lui@gov.edmonton.ab.ca> wrote:
> > 
> > We are experiencing problem with eSafe Protect
> > Gateway 2.0 build 93 with FW1
> > 3.0b build 3083. The ESPG is the only application
> > running on an IBM box with
> > 256 MB memory and NT 4.0 SP4. Following are the
> > problems:
> > 
> > 1. The box crashes after 1-2 weeks without the
> Text
> > Inspection turn on.
> > According to the vendor, this is a long know
> problem
> > that may caused by a
> > memory leak. Their work around is to reboot it
> every
> > week at off hour. Does
> > anyone else experiencing this?
> > 
> > 2. The above crash interval becomes more often if
> > Text Inspection is turn on
> > (frequency up to few hours and couple of days).
> > Build 93 of ESPG suppose to
> > fix this. Does anyone running Text inspection
> > without any problem?
> > 
> > 3. Melissa virus was able to pass the Security
> > server with ESPG scan. Our
> > virus table was dated Mar 29, 1999. According to
> > eSafe, this is the up to
> > date version. Is anyone having the same problem?
> > 
> > 4. The rserver.exe on the ESPG show the virus
> table
> > to be Mar 29, 1999 but
> > when I run rserver.exe on a remote machine to
> manage
> > the ESPG box, the virus
> > table dated Feb 18, 1999. Why there is a
> different?
> > 
> > 5. Any location I can download virus files to test
> > the ESPG? eSafe refused
> > to send me infected files due to an agreement with
> > ICSA. 
> > 
> > Cheers,
> > 
> > Ken Lui
> > 
> > 
> >
>
============================================================================
> ====
> >      To unsubscribe from this mailing list, please
> > see the instructions at
> >               
> > http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> ====
> > 
> 
>
_________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at
> http://mail.yahoo.com
> 

_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Prev by Date: [FW1] Re: VPN between Linux and FW-1
Next by Date: [FW1] Reporting applications for Checkpoint logs
Prev by thread: RE: [FW1] eSafe scanning
Next by thread: RE: [FW1] eSafe scanning
Index(es):
- Date
- Thread