lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050318212653.3381.qmail@www.securityfocus.com>
Date: 18 Mar 2005 21:26:53 -0000
From: <secure@...antec.com>
To: bugtraq@...urityfocus.com
Subject: Re: SAV9 Functionality Hole - misses virus files


In-Reply-To: <20050315062647.21534.qmail@....securityfocus.com>


>Date: 15 Mar 2005 06:26:47 -0000
>Message-ID: <20050315062647.21534.qmail@....securityfocus.com>
>Content-Type: text/plain
>Content-Disposition: inline
>Content-Transfer-Encoding: binary
>MIME-Version: 1.0
>X-Mailer: MIME-tools 5.411 (Entity 5.404)
>From: <me3@...ralfibre.com>
>To: bugtraq@...urityfocus.com
>Subject: SAV9 Functionality Hole - misses virus files
>
>
>
>Product: Symantec AntiVirus Corporate Edition 9.0
>
>Vulnerability: Files saved on the server but opened remotely via SMB are not scanned.
>
>SAV9 runs as a client - server application. The client receives updates, the server pushes them out. This has no bearing on the platforms on which they run, nor on scanning operation. The server could run on an NT4 workstation and the clients on your 2003 servers.
>
>When SAV9 is protecting the file server, and an unprotected client saves files to a share on the server, the files are not scanned.
>When another unprotected client opens these files, they are not scanned by the server.
>The server will only find these files during a scheduled scan.
>
>--------------snip-----------------
>Conclusion
>The API that Symantec is using is not on file open from the file system, but rather file open by the local desktop - this allows files to be saved and opened without being scanned.
>
>Paul Young
-------------------------------end

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Symantec Response

Symantec engineers throughly tested SAV9 in the configuration
reported by the poster scanning all share files and could find no
issues in any of our testing. 

SAV 9 is NOT vulnerable to the issues identified by the poster.

Symantec contacted the poster and worked with him to review his
configuration and environment to determine why he is seeing what he
had reported.  

Symantec and the poster determined there was a configuration issue in
the way the poster had his Real-Time Virus Scan options set.  File
types were being excluded from the scan that gave the erroneous
impression that SAV9 was not scanning files that should have been
scanned.  To the contrary, SAV9 was operating exactly as it was
configured to.
Symantec encourages all customers to confirm configuration settings
to ensure files are properly scanned.

Symantec Product Security Team

Symantec takes the security of our products seriously and adheres to
responsible disclosure.  Our response policies can be viewed at
http://www.symantec.com/security. 
Symantec will work closely with anyone who believes they have found a
security issue in a Symantec product to validate the problem and
coordinate any response deemed necessary.  

Please contact secure@...antec.com concerning security issues with
Symantec products.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBQjtI5ALsezw0Sg5hEQLGWgCgslSf5Rd37MAp/YvTF+UQP6s9ZVYAoKHj
V/6DDzQwEnZxvgXoBb84X8DI
=KZCz
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ