cancel
Showing results for 
Search instead for 
Did you mean: 
satbir
Level 7

Reverse Proxy malware testing

Hi

I have setup a reverse proxy with mwg7.2 31253 build. My website does not have have any upload link so i cannot upload a virus on it. How can i show to my mamangement that antimalware is working by showing them some notification message. Do you guys have some testing exe which can do this to proof that my internal web servers are protected? OR any other alternatives to test the same?

Regards,
Satbir

0 Kudos
8 Replies
eelsasser
Level 15

Re: Reverse Proxy malware testing

Put a very very simple form on the site with the HTML:

<HTML>

<BODY>

<FORM METHOD="POST" ENCTYPE="multipart/form-data" >

  <INPUT Type="FILE" SIZE="40" NAME="FILE1"><BR>

  <INPUT TYPE=SUBMIT VALUE="Upload!">

</FORM>

</BODY>

</HTML>

When you upload an infected file, the web server will give an error, but the reverse proxy should catch it and present a block page before the file gets to the web server.

0 Kudos
satbir
Level 7

Re: Reverse Proxy malware testing

Thanks for reply!

I am not allowed to modify the web page.. pls suggest how we can launch a malware for detection on MWG.

Regards,

Satbir

0 Kudos
eelsasser
Level 15

Re: Reverse Proxy malware testing

Do you not have any page that accepts a POST command and a multipart/form-data upload?

You could try an unsolicited POST of a test virus like eicar to the site from the outside.

download eicar.com to the attack machine and run curl:

$ curl -F 'file=@eicar.com' 'http://mywebsite.com/'

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<!--

  Message.TemplateName: VirusFound

  Message.Language:

  Fallback templates

-->

<html>

It's like throwing a ball up against a wall, but MWG should catch it before it hits the wall.

0 Kudos
satbir
Level 7

Re: Reverse Proxy malware testing

Thanks Eric!

I am trying to send the virus via curl but getting error:

D:\>cd curl_726_0_ssl

D:\curl_726_0_ssl>curl -F 'file=@eicar.com' 'http://mywebsite.com/'

D:\curl_726_0_ssl>

i have downloaded curl from curl.haxx.se/download.html using download wizard for windows.

It had an exe that i am  running using cli...

My mwg is deployed in transparent switch mode....

From where can i download fully working curl which is supported on windows 7 or XP.. Please advice!

Regards,

Satbir

0 Kudos
eelsasser
Level 15

Re: Reverse Proxy malware testing

I cannot see the screenshots, they did not come through.

0 Kudos
satbir
Level 7

Re: Reverse Proxy malware testing

oops! the images didn't come...i'll text it this time

ERROR: c:\Windows\system32\LIBEAY#@.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the orignal installation media or contact your system administrator or the software vendor for support.

I tried few binaries but all had some or the other problem..

Regards,

Satbir

0 Kudos
eelsasser
Level 15

Re: Reverse Proxy malware testing

for https sites, you also need openSSL isntalled in windows to provide the cypto libraries for SSL.

http://www.slproweb.com/products/Win32OpenSSL.html

0 Kudos
McAfee Employee

Re: Reverse Proxy malware testing

One other easy thing could be reverse proxy https://www.csm-testcenter.org, just change the hosts file on your windows to reflect MWG as being this particular host. Then open http://www.csm-testcenter.org/test?do=show&subdo=common&test=file_upload and you should be able to upload an eicar file and show detection, or a word document, where media type filtering triggers, etc.

Michael

0 Kudos