Vulnerability

    I-gear

Affected

    I-gear 3.5.x for Microsoft Proxy

Description

    Dmitry Andrievsky found following.  The issue is confirmed to be a
    problem  by  Symantec.   Platform  tested  was  I-gear  3.5.6 (and
    3.5.7-x) for  MSP Proxy  2.0 ;  Windows NT  4.0 SP6;  MSP 2.0 SP1;
    PowerEdge 2300 dual 450; 512 RAM.

    "Unidentified  (web  pages  that  do  not  comply  to  a   certain
    standard)"  web  page  hits  access  generates an invalid entry in
    I-gear log files.   Usually the entry  is over 255  char (ballpark
    number for a valid  url log entry).   After entry is made  you can
    no longer  generate report  about your  users activity  or reports
    are not complete.

    Users can generate invalid  log entries causing inability  to view
    access reports.

Solution

    Symantec is working on a  new release of software that  will solve
    the problem (according to Tech Support).  Meanwhile Dmitry had  to
    come with his own  fix.  This fix  worked for his environment  AND
    YOU ARE ON YOUR OWN  FOR ANY DAMAGE/DATA LOSS THIS  SOLUTION MIGHT
    CAUSE YOU.  This is not a 100% fix, and you can not run it on  you
    current log file (since it is being used by I-gear).

        1. download Linux utility rewritten for windows called grep
        2. make this batch file (fixlog.cmd):
           grep -v -E .{300,} %1   > templog
           move /y templog %1
        3. run batch file (fixlog urlog20001009)
        4. This will remove any log entries larger then 300 char.
        5. Generate reports you have been missing so much.