How can you send 'malware' over port 443 to mywebserver ?

Often I hear people saying that one of the benefits of an application layer
firewall (let's say ISA 2004) is that SSL traffic can be unencrypted,
scanned and then re-encrypted and sent to the respective webserver.

My question is this:
What's the mechanism that could allow somebody to send, let's say a virus or
a malware over port 443 that could hurt my OWA server, for example ? Since
people is retrieving data from such web server (that is now protected by
ISA), I don't understand well the process that you could use to submit data
over this SSL tunnel and hit the webserver that way.

Let say the webserver has more than just static html that it serves.
That means it "runs code", some server-side processing that responds to
the page hits and renders the downstream response. Now, in responding
it probably is sensitive to what was posted, rather than just sending the
same response back to all htis all of the time. So, whether that is some
code-behind in Asp.Net, or some php or pl handler, or an older isapi dll,
if it has known error conditions that the hit content can trigger and also
usefully exploit, then one can (sometimes) get a foot in the door

--
Roger Abell
Microsoft MVP (Windows Server: Security)

"Marlon Brown" <nospamarlon@hotmail.com> wrote in message
news:Ovmx%23kSdFHA.1276@tk2msftngp13.phx.gbl...
> Often I hear people saying that one of the benefits of an application
> layer firewall (let's say ISA 2004) is that SSL traffic can be
> unencrypted, scanned and then re-encrypted and sent to the respective
> webserver.
>
> My question is this:
> What's the mechanism that could allow somebody to send, let's say a virus
> or a malware over port 443 that could hurt my OWA server, for example ?
> Since people is retrieving data from such web server (that is now
> protected by ISA), I don't understand well the process that you could use
> to submit data over this SSL tunnel and hit the webserver that way.
>
>
>