How to enable the Native FTP proxy and how to use it


  • Question

    How can I configure the scanning server to work with native FTP?


  • Answer

    In order to enable the scanner to scan native FTP sessions:

     

    1. In Versions 8.5: Log in to the managment console and go to Settings -> Devices -> Scanner IP -> FTP.
        In Version 9.0 and above: Log in to the management console and go to Administration -> System Settings -> Finjan Devices -> Scanner IP -> FTP.

    2. In the FTP Configuration mark the ‘Enable FTP’ check box and other settings if needed.

    3. Apply and commit the changes.

    4. In order to check that the scanner actually scan the FTP data, here are two examples showing how to verify that the scanner is actually checking the FTP sessions.

    In order to do this we must make sure that the FTP session will go through the proxy (example: SGW appliance IP is 10.194.48.1).

     

    Start ftp CLI client:
    > ftp
    set the session to move through the scanner (proxy)
    open :
    > open 10.194.48.1 2121

    The following prompt will be displayed:
    220 Frox transparent ftp proxy. Login with username[@host[:port]] [client_ip][/client_username]
    User (10.194.48.1:(none)):

    Enter the login details.
    For example:
    anonymous@ftp.zillionsofgames.com:21

    After this the phase we have a connection to the remote FTP via the proxy (scanner).
    Any download operation will be examined by it.

    Example of a ‘get’ request from the FTP server:

    ftp> get sampzeng.zip
    200 PORT command successful.
    150-Starting Transfer
    150-There'll be a delay while we scan for viruses
    150-Scanning file for viruses
    150 Not starting Transfer
    451 File contains virus. Aborting




  • Related article(s)
    Q13497 - How to configure FileZilla 3.x for use with FTP Proxy


  • Software Version
    8.5
    9.x

  • This article applies to:
    NG 1000
    NG 5000
    NG 6000
    NG 8000
    This article was previously published as:
    Finjan KB 1249

    Last Modified 8/20/2010.
    https://support.trustwave.com/kb/KnowledgebaseArticle13178.aspx