Subject: RE: [TDSCC803150E] HTML code in image-files Date: Tue, 31 Jul 2001 11:29:47 +0800 From: <supportat_private> To: <j.bolat_private> CASE ID TDSC-C803150E CASE STATUS Solution Sent PRODUCT Applet Trap Please do not remove [Case ID] when replying to this mail. Thank you. Dear Jeroen, Good day! I received your e-mail and have itemized your concerns. Allow me to answer each issue separately. Please correct me if I left some issues or if I misunderstood your inquiry/problem. Problem: Is TrendMicro aware of the possibility that AppletTrap only scans HTML files and IE ignores file extensions when it is parsing and loading a web site, IE looks at the content-type instead. Solution: TrendMicro is aware of this issue. Based on our Product Manager's information, this issue will be fixed in the upcoming version of AppletTrap which is AppletTrap Version 2.5 which is tentatively for release by the end of August. Hope this helps. Should you have further questions regarding this problem, please let us know and we will be glad to assist you. You can also email us for your comments, suggestions, and/or feedbacks. Thank you and hope to hear from you soon! Respectfully yours, Miriam P. Canlas - MCP+I, MCSE Systems Engineer (Gateway Team), PSS Department TrendLabs HQ, Trend Micro Incorporated [URL / website] http://www.antivirus.com [email] supportat_private [Knowledge Base] http://solutionbank.antivirus.com/solutions [US Corp. Support] +1 888 608 1009 If you have any comments or suggestions regarding our support, pls. e-mail us at: commentsat_private For complaints, pls. email us directly at: gateway_managerat_private Avail of our Online Free Scanning: http://housecall.antivirus.com When replying to this email, kindly refrain from changing the subject, as this contains your Case ID and Case Description. ---- Original Message ---- Sir, Madam, As you might know, there is currently a security thread going with the topic: "TXT or HTML? - IE NEW BUG", http://marc.theaimsgroup.com/?t=9962879220000&w=2&r=1. The issue is about IE ignoring file extensions when it is parsing and loading a web site, IE looks at the content-type instead. Rebecca Kastl responded to the mailing list with an interesting view on the whole situation. The posting can be found at: http://marc.theaimsgroup.com/?l=bugtraq&m=996474320041&38&w=2 Summary: when a user is behind a content scanner, which filters scripts, and has scripting enabled in IE, it is possible to let scripts pass through the content scanner, because the scanner only scans HTML files, not images. My questions are: is the TrendMicro team aware of this possibility and does AppletTrap detect HTML script code nested in image files? Waiting for a quick response, Jeroen Bol EVAS Security Team, http://www.evas.nl ITsec Netherlands B.V, http://www.ITsec.nl -- ITsec Nederland B.V. may not be held liable for the effects or damages caused by the direct or indirect use of the information or functionality provided by this posting, nor the content contained within. Use them at your own risk. ITsec Nederland B.V. bears no responsibility for misuse of this posting or any derivatives thereof.
This archive was generated by hypermail 2b30 : Tue Jul 31 2001 - 10:28:13 PDT