TITLE: AVG Anti-Virus Engine Malformed ARJ Archive Virus Detection Bypass SECUNIA ADVISORY ID: SA17186
VERIFY ADVISORY: http://secunia.com/advisories/17186/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: AVG Antivirus Server http://secunia.com/product/337/ DESCRIPTION: fRoGGz has discovered a weakness in AVG Anti-Virus scan engine, which can be exploited by malware to bypass certain scanning functionality. For more information: SA17126 The weakness has been confirmed in AVG Email Server Edition version 7.0.344 (267.11.14/131) when scanning an email containing a malformed ".arj" archive with a NULL character prepended to the header. Other versions may also be affected. NOTE: This is not an issue on client systems, as the malware is still detected upon execution by the desktop on-access scanner. SOLUTION: Desktop on-access scanner should be used to ensure that the malware is detected upon extraction. Filter all compressed file archives at border gateways if they are not required. OTHER REFERENCES: SA17126: http://secunia.com/advisories/17126/ ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
