I received the following responses to this message;
-----
From: Steve Shockley
I received this from NAI support on 11/3/2004:
2. The CommonUpdater site is now being hosted by UNIX servers. CommonUpdater
is case sensitive. Failures can be seen if commonupdater is used instead of
CommonUpdater.
What this means is that ftp.nai.com/CommonUpdater (notice the capital C and
capital U) will work fine but ftp.nai.com/commonupdater will not work. The
biggest impact will be on those customers who have written their own scripts to
go to this site for download, and any other product that does not utilize CMA
(Common Management Agent). Products utilizing CMA will not be affected because
it goes to ftp.nai.com/CommonUpdater.
-----
From: "Richard Carde"
Further to my previous post.
I've had a report so far from one person who says that this is not an issue
where ISA server is their proxy. We are using squid 2.5. I can confirm that a
direct connection to the internet allows the update to occur using the ftp
server directory list technique.
Notwithstanding this, surely they should have notified people of the change
(around November 2004) of the case sensitive-ness of their ftp server.
If NAI/McAfee have software that request UPPERCASE filenames and they then
place the lowercase version on the server, the left hand isn't talking to the
right hand.
-----
From: Jason Short
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Richard Carde wrote:
| NAI/McAfee have recently updated their FTP server to be
case-sensitive and
| this affects GS5.2 updates (via proxy servers).
NAI recently (December-ish was when my own updates broke) outsourced
their FTP services to "speedera.net":
ftp.nai.com is an alias for ftp.nai.speedera.net.
ftp.nai.speedera.net has address 63.215.86.203
ftp.nai.speedera.net has address 63.211.238.144
the login banner gives:
ftp.nai.com FTP server (SFTPD)
which cursory googling indicates may be this product:
http://safetp.cs.berkeley.edu/
The default distribution runs on *NIX systems, which may explain the
case sentivity, although I was able to find an NT port.
or possibly also this:
http://www.cactuscode.org/VizTools/SFTPD-HDF5.html
though the former seems most likely.
On a side note, we were further frustrated when ftp.nai.speedera.net
resolved to something on the order of twelve different unique IPs, two
at a time, and seemed to change every few minutes. My firewall FTP acls
thank them for this service.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFB5/QAKGC829+3d8ARAugiAKCjhgavE2MHYP6c3ahTN3m0U5gHIACgvb3u
nNJBHy7BoDN+AkmZSY73fmM=
=EGE9
-----END PGP SIGNATURE-----
--
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an
Anti-Virus product which automatically notifies the perceived sender of a
message it believes is infected may well cause more harm than good. Someone who
did not actually send you a virus may receive the notification and scramble
their support staff to find an infection which never existed in the first
place. Suggest such notifications be disabled by whomever is responsible for
your AV, or at least that the idea is considered.
--
