AW: CA eTrust Antivirus 7.0 - System account lockout

From: Star IT - M. Sproede (m.sproede_at_STAR-IT.DE)
Date: 08/08/03

  • Next message: Marty Godsey: "Re: Notepad popups in Internet Explorer and Outlook"
    Date:         Fri, 8 Aug 2003 15:05:05 +0200
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Computer Associates has released a patch addressing the system account
    lockout problem:
    http://esupport.ca.com/premium/antivirus/downloads/nt/7.0/QO41975.asp

    PRODUCT: eTrust Antivirus EE RELEASE: 7.0

    APAR #: QO41975 DATE: 31 JUL 2003

    PROBLEM DESCRIPTION: NT-LOCAL SYSTEM ACCOUNT IS QUARANTINED
    ----------------------------------------------------
    In some situations, when a virus is detected by the
    Realtime Monitor, the local system account will be
    quarantined. Moreover, processes requiring system
    access will be denied, including authentication.
    Users cannot log on to the server either remotely
    or locally (until the Quarantine expires). Existing
    authenticated users can still access network
    resources provided they do not do anything that
    requires authentication. The log files may show
    something like the following:

    "The [virus name] was detected in
    C:\...NTFS_C362EB1001C332EE00000598.EML<9....
    Machine: SERVER, User: NT AUTHORITY\SYSTEM. File
    Status: Infected User (NT AUTHORITY\SYSTEM)
    quarantined for 90 minutes."

    where [virus name] is the name of the virus.

    ...
    ...
    ...

    PRODUCT(S) AFFECTED: ETRUST ANTIVIRUS 10-99 USERS Release 7.0
    ETRUST ANTIVIRUS 100-249 USERS Release 7.0
    ETRUST ANTIVIRUS 250-749 USERS Release 7.0
    ETRUST ANTIVIRUS 750+ USERS Release 7.0

    DOWNLOAD INFORMATION:
    ---------------------
    NODE: ftp.ca.com
    PATH: /CAproducts/unicenter/eTrust/AntiVirus/7.0/nt/qo41975
    FILES: QO41975.C5D QO41975.CAZ

    UPDATED ROUTINES:
    ---------------
    NOTE: For UNIX Script Files, the actual file size may be less than
    the size shown below.
    InoRT.exe 208896 MON JUL 14 23:30:00 2003

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!

    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available. And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to

    http://www.trusecure.com/offer/s0100/

    oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


  • Next message: Marty Godsey: "Re: Notepad popups in Internet Explorer and Outlook"