TITLE: Kaspersky Anti-Virus Engine Malformed Archives Virus Detection Bypass
SECUNIA ADVISORY ID: SA17188 VERIFY ADVISORY: http://secunia.com/advisories/17188/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Kaspersky SMTP Gateway 5.x http://secunia.com/product/4100/ Kaspersky Anti-Virus 4.x http://secunia.com/product/916/ DESCRIPTION: fRoGGz has reported a weakness in Kaspersky Anti-Virus scan engine, which can be exploited by malware to bypass certain scanning functionality. For more information: SA17126 The weakness affects version 4.0.1.14 when scanning emails containing malformed ".zip", ".rar" and ".arj" archives. Other versions may also be affected. NOTE: This is not an issue on client systems, as the malware is still detected upon execution by the desktop on-access scanner. SOLUTION: Desktop on-access scanner should be used to ensure that the malware is detected upon extraction. Filter all compressed file archives at border gateways if they are not required. OTHER REFERENCES: SA17126: http://secunia.com/advisories/17126/ ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
