RE: [fw-wiz] imap and content inspection?

From: Dawes, Rogan (ZA - Johannesburg) (rdawes_at_deloitte.co.za)
Date: 10/10/03

  • Next message: ark_at_eltex.net: "Re: [fw-wiz] imap and content inspection?"
    To: "'ark@eltex.net'" <ark@eltex.net>, firewall-wizards@honor.icsalabs.com
    Date: Fri, 10 Oct 2003 11:05:36 +0200
    
    

    You may want to look at www.imapproxy.org. Granted it is not exactly the
    same thing, but it should provide some basic protocol handling code that
    could be developed further.

    > -----Original Message-----
    > From: ark@eltex.ru [mailto:ark@eltex.ru]
    > Sent: 09 October 2003 01:41 PM
    > To: firewall-wizards@honor.icsalabs.com
    > Subject: [fw-wiz] imap and content inspection?
    >
    >
    > Hi,
    >
    > I am planning IMAP filtering proxy implementation. A quick
    > look into rfc
    > shows the IMAP protocol appears to be designed to maximize firewall
    > application layer problems ;-). I mean it requires proxy to
    > handle full
    > email mime parsing, besides quite sophisticated protocol itself, thus
    > making proxy very complex pile of code, comparable with IMAP
    > server itself,
    > which turns its security (through simplicity!) advantage questionable.
    > And - there are numerous ways to retreive various parts of
    > messages without
    > handling message as whole; if content inspection means simple
    > virus check
    > with binary result (OK/BAD) it is not really a problem, but
    > if we employ other
    > content inspection types, it ruins the whole idea.
    >
    > I know here are many people on the list who know
    > implementation details in
    > depth, how do other vendors solve this problem? Is "best practice" now
    > to just handle FETCH and UID FETCH commands syntax issued by
    > widespread email
    > clients and not to care if other techniques are used?
    >
    > p.s. for those interested in "fwtk sequel", i expect
    > something like "public
    > beta" to be finished before Samhain. ;-) i doubt i will
    > include "real" imap4
    > proxy, though :(
    > _ _ _ _ _ _ _
    > {::} {::} {::} CU in Hell _| o |_ | | _|| | /
    > _||_| |_ |_ |_
    > (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _|
    > | o |_||_||_|
    > [||] [||] [||] Do i believe in Bible?
    > Hell,man,i've seen one!
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    >

    Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre@Deloitte.co.za.
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: ark_at_eltex.net: "Re: [fw-wiz] imap and content inspection?"

    Relevant Pages

    • Re: [fw-wiz] How automate firewall tests
      ... Really - the majority of applications out there have no real ... layer 7 level proxy so you have to tackle the problem from other ... protocol, just a feature set driven by a bunch of commands ... that packet-oriented firewalls suck is because they're locked ...
      (Firewall-Wizards)
    • Advice on writing an instant messaging proxy
      ... the next time the user connects to the proxy. ... disconnection to the AIM (or whatever other chat protocol) server, ... client to server as if client was always connected, ...
      (comp.programming)
    • Advice on writing an instant messaging proxy
      ... the next time the user connects to the proxy. ... disconnection to the AIM (or whatever other chat protocol) server, ... client to server as if client was always connected, ...
      (comp.unix.programmer)
    • RE: [Full-Disclosure] Sidewinder G2 Thanks and a question or two
      ... >>the HTTP proxy a generic proxy in function. ... >>violation style attacks weren't blocked at all. ... DNS, SQL*Net proxies for protocol violations, overlly long headers ... There are, of course, limitations in the proxies and won't stop all attacks, ...
      (Full-Disclosure)
    • Re: [fw-wiz] i-cap proposals
      ... POP3 is the insane mail protocol. ... > proxying and scanning the content is much easier with stupid protocols. ... > message which hasn't been scanned is fetched, do a full fetch in the proxy ... If you trigger a scan on a header fetch, ...
      (Firewall-Wizards)