Gibraltar Firewall Anti-Virus Detection May Fail When Scanning Certain Viruses
SecurityTracker Alert ID: 1014030|
SecurityTracker URL: http://securitytracker.com/id/1014030
(Links to External Site)
Date: May 23 2005
Host/resource access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Juha-Matti Laurio reported a vulnerability in the Gibraltar firewall. The firewall may fail to detect viruses.|
When using the optional Clam AntiVirus scanning feature, the firewall may fail to detect certain unspecified types of viruses.
The vendor disclosed this vulnerability. Juha-Matti Laurio advised us of this vulnerability.
The firewall may fail to detect viruses.|
The vendor has released a fixed version (2.2a).|
Vendor URL: www.gibraltar.at/ (Links to External Site)
|Underlying OS: Linux (Debian)|
Source Message Contents
Subject: New Gibraltar Firewall Internal Memory Scan Bypass Vulnerability|
A new vulnerability was reported in Gibraltar Firewall version 2.2 and prior.
"Gibraltar is a firewall and router package, based on Debian/GNU Linux,
which perfectly meets all individual requirements for a state-of-the-art
firewall. Gibraltar includes the open source viruses scanner ClamAV.
Optionally Gibraltar offers the professional Kaspersky AntiVirus
protection for checking the complete e-mail- and web traffic."
Defunction in internal memory buffers scanning mechanism may result as
no viruses has been found, even if the memory block is infected.
This can cause a false sense of security when making scan operations and
examining scan results. Firewall software fails to properly handle
certain unspecified types of viruses when scanning internal memory
Detailed information of virus types handled in this issue are not identified.
"Clam AntiVirus is a GPL antivirus toolkit for UNIX. The main purpose of
this software is the integration with mail servers."
A bug in the ClamAV virus scanning plugin for Squid shipped with
Gibraltar Firewall is also fixed, which
reportedly was caused by the last ClamAV update to 0.81. Published new
Gibraltar version includes ClamAV version 0.84-RC1.
It is reported that a potential memory leak in the KAV (i.e. Kaspersky
AntiVirus) plugin for Squid is also fixed.
NOTE: Kaspersky virus scanner was shipped as an optional service of
If ClamAV for transparent HTTP scanning is in use, updating is highly
recommended according to vendor.
A separate security issue in version 2.0 related to the certificate
chain check in Freeswan was also fixed in November 2004. This can lead
to a security compromise. A minor security issues was also fixed by
updating Freenet6 and rsync. Those updates are being included in the
version release 2.1.
Gibraltar Firewall 2.x
The vulnerability has been reported in version 2.2. Other previous
versions may also be affected as well.
eSYS Informationssysteme GmbH
The vendor has issued a fixed version 2.2a.
Gibraltar version 2.2a Changelog:
Gibraltar general Changelog:
SourceForge.net: ClamAV 0.81 released:
Kaspersky Lab Home Page:
Hexago Freenet6 Home Page:
rsync Home Page:
This information was provided by the vendor and analyzed and collected by me.
Juha-Matti Laurio, Networksecurity.fi
E-mail: <juha-matti.laurio [at] netti.fi>