Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Firewall)  >   Gibraltar Vendors:   eSYS Informationssysteme
Gibraltar Firewall Anti-Virus Detection May Fail When Scanning Certain Viruses
SecurityTracker Alert ID:  1014030
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 23 2005
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.2
Description:   Juha-Matti Laurio reported a vulnerability in the Gibraltar firewall. The firewall may fail to detect viruses.

When using the optional Clam AntiVirus scanning feature, the firewall may fail to detect certain unspecified types of viruses.

The vendor disclosed this vulnerability. Juha-Matti Laurio advised us of this vulnerability.

Impact:   The firewall may fail to detect viruses.
Solution:   The vendor has released a fixed version (2.2a).
Vendor URL: (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Debian)

Message History:   None.

 Source Message Contents

Subject:  New Gibraltar Firewall Internal Memory Scan Bypass Vulnerability

A new vulnerability was reported in Gibraltar Firewall version 2.2 and prior.

"Gibraltar is a firewall and router package, based on Debian/GNU Linux, 
which perfectly meets all individual requirements for a state-of-the-art 
firewall. Gibraltar includes the open source viruses scanner ClamAV.
Optionally Gibraltar offers the professional Kaspersky AntiVirus 
protection for checking the complete e-mail- and web traffic."

Defunction in internal memory buffers scanning mechanism may result as 
no viruses has been found, even if the memory block is infected.

This can cause a false sense of security when making scan operations and 
examining scan results. Firewall software fails to properly handle 
certain unspecified types of viruses when scanning internal memory 
Detailed information of virus types handled in this issue are not identified.

"Clam AntiVirus is a GPL antivirus toolkit for UNIX. The main purpose of 
this software is the integration with mail servers."

A bug in the ClamAV virus scanning plugin for Squid shipped with 
Gibraltar Firewall is also fixed, which
reportedly was caused by the last ClamAV update to 0.81. Published new 
Gibraltar version includes ClamAV version 0.84-RC1.

It is reported that a potential memory leak in the KAV (i.e. Kaspersky 
AntiVirus) plugin for Squid is also fixed.
NOTE: Kaspersky virus scanner was shipped as an optional service of 
Gibraltar Firewall.

If ClamAV for transparent HTTP scanning is in use, updating is highly 
recommended according to vendor.

A separate security issue in version 2.0 related to the certificate 
chain check in Freeswan was also fixed in November 2004. This can lead 
to a security compromise. A minor security issues was also fixed by 
updating Freenet6 and rsync. Those updates are being included in the 
version release 2.1.

Solution status:
Vendor patch

Gibraltar Firewall 2.x

OS: Linux

The vulnerability has been reported in version 2.2. Other previous 
versions may also be affected as well.

eSYS Informationssysteme GmbH

Vendor homepage:

Pruduct homepage:〈=en

The vendor has issued a fixed version 2.2a.

Gibraltar version 2.2a Changelog:

Gibraltar general Changelog: ClamAV 0.81 released:

Kaspersky Lab Home Page:

Hexago Freenet6 Home Page:

rsync Home Page:

This information was provided by the vendor and analyzed and collected by me.

Best regards,
Juha-Matti Laurio,
E-mail: <juha-matti.laurio [at]>

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC