wget succeeds in retrieving a virus ftp through a firewall !
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
wget succeeds in retrieving a virus ftp through a firewall !
I found command wget kept trying retrieve a virus file after failure because of the quarantine by firewall . And after some tries, the virus file was completely retrieved finally !!
I want to know this feature of the firewall is normal or not ? Macfee virus engine was used in the firewall.
Break the virus into small enough pieces and it's patterns aren't recognizable anymore. Encryption would be another way to sneak it through a firewall.
They are not compressed and they are scanned by our ftp av deamon. But wget can break it pieces and it's patterns aren't recognizable anymore. That's exactly what zmedico saied.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Actually that's not the reason. The reason is that most gateway AV scanners will "trickle" the file to the client while they buffer it on the firewall to see if there's a virus. This means that before the file is fully downloaded into the firewall's buffer, a little bit of it is downloaded by wget (this is to prevent time-outs while the firewall is buffering). Once the AV scanner on the firewall can scan the full file, it realizes there's a virus and terminates the connection. If you have wget set to resume downloads, it will start over from where it left off. This time it will get a little more of the file before the AV scanner can buffer it and scan it again. Keep repeating this many times and you'll eventually succeed in constructing the entire virus with wget.
The only way to stop this is to turn off the "trickle" option on the AV firewall. Of course, that could cause downloads to time-out on large files because your client would give up before the firewall has finished buffering the file to scan it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.