|
Vulnerability I-gear Affected I-gear 3.5.x for Microsoft Proxy Description Dmitry Andrievsky found following. The issue is confirmed to be a problem by Symantec. Platform tested was I-gear 3.5.6 (and 3.5.7-x) for MSP Proxy 2.0 ; Windows NT 4.0 SP6; MSP 2.0 SP1; PowerEdge 2300 dual 450; 512 RAM. "Unidentified (web pages that do not comply to a certain standard)" web page hits access generates an invalid entry in I-gear log files. Usually the entry is over 255 char (ballpark number for a valid url log entry). After entry is made you can no longer generate report about your users activity or reports are not complete. Users can generate invalid log entries causing inability to view access reports. Solution Symantec is working on a new release of software that will solve the problem (according to Tech Support). Meanwhile Dmitry had to come with his own fix. This fix worked for his environment AND YOU ARE ON YOUR OWN FOR ANY DAMAGE/DATA LOSS THIS SOLUTION MIGHT CAUSE YOU. This is not a 100% fix, and you can not run it on you current log file (since it is being used by I-gear). 1. download Linux utility rewritten for windows called grep 2. make this batch file (fixlog.cmd): grep -v -E .{300,} %1 > templog move /y templog %1 3. run batch file (fixlog urlog20001009) 4. This will remove any log entries larger then 300 char. 5. Generate reports you have been missing so much.