Checkpoint Firewall fails on CVP scanning for large files

2003-02-07T00:00:00
ID SECURITYVULNS:DOC:4050
Type securityvulns
Reporter Securityvulns
Modified 2003-02-07T00:00:00

Description

Subject: Checkpoint Firewall fails on CVP scanning large files Affected: Check Point FireWall-1 NG Feature Pack 3 Vendor: Check Point Author: Igor U.Miturin <imiturin@russlavbank.com> Date: February, 5 2003 Risk: Low Vendor Notified: Yes

I. Intro

Check Point FireWall-1 is enterprise firewall solution. It supports OPSEC CVP specification for interaction with external modules, like Antiviral scanners.

II. Problem description

After Feature Pack 3 installed Checkpoint fails to retrieve any file large than 2Mb if CVP is used to check con. It makes CVP filtering unusable.

III. Details

If message longer than 2 Mb received, FW-1:

  1. puts message into spool
  2. send data to CVP server
  3. After sending of approx. 2Mb of data it stops
  4. After 5 minutes sending is resumed
  5. After CVP server approves data FW-1 places message in the spool\d_resend and loops operation until message is marked as expired.

IV. Vendor

Vendor was contacted, but failed to reproduce problem (probably because eSafe Gateway was used for content filtering).