[NT] InterScan VirusWall Standard and CVP Edition are Unable to Detect SIRCAM (Patch Available)
From: support@securiteam.comDate: 08/03/01
- Next message: support@securiteam.com: "[TOOL] SSH Secure Shell 3.0.0 Vulnerability Scanner"
- Previous message: support@securiteam.com: "[UNIX] KRB5 TelnetD Buffer Overflows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [NT] InterScan VirusWall Standard and CVP Edition are Unable to Detect SIRCAM (Patch Available) Message-Id: <20010803071331.DA64213902@mail.der-keiler.de> Date: Fri, 3 Aug 2001 09:13:31 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
InterScan VirusWall Standard and CVP Edition are Unable to Detect SIRCAM
(Patch Available)
------------------------------------------------------------------------
SUMMARY
InterScan VirusWall 3.51 for Windows NT (build 1321) is unable to detect
the TROJ_SIRCAM.A virus hidden in attachments with an electronic mail
format or .eml extension.
This issue is observed in both the Standard and the CVP editions.
This issue has now been addressed by Trend Micro, see below for additional
information.
DETAILS
Vulnerable systems:
InterScan VirusWall 3.51 for Windows NT (build 1321)
A security vulnerability in the InterScan VirusWall allows SIRCAM virus to
traverse through it without being detected when the virus is embedded
inside an .eml file. This would allow the SIRCAM virus to freely infect
organizations that are protected by InterScan VirusWall.
Solution:
Resolve this issue by performing the following procedure:
1. Download the issmtpd_b1321.1002.zip file from the location listed
below.
2. From the Services list of the Windows Control Panel, stop the SMTP
VirusWall service.
3. Extract the contents of issmtpd_b1321.1002.zip into the
\Interscan\Issmtpd directory, overwriting any existing files.
This action will update issmtpd.exe.
4. Restart the SMTP VirusWall service.
Important:
- This solution is only valid for customers using who now is using
InterScan VirusWall 3.51 for Windows NT (build 1321). Check the file
properties of \Interscan\Issmtpd\issmtpd.exe to determine the current
build number.
Refer to the attached Readme_hotfix_Build1321.1002.txt file for additional
information regarding this hot fix.
- For InterScan VirusWall CVP Edition 3.51 for Windows NT, use the same
procedure but with the attached cvpbuild1321.1002.zip file instead.
Patch files:
<http://solutionfile.trendmicro.com/SolutionFile/9756/en/cvpbuild1321.1002.zip> cvpbuild1321.1002.zip
<http://solutionfile.trendmicro.com/SolutionFile/9756/en/issmtpd_b1321.1002.zip> issmtpd_b1321.1002.zip
<http://solutionfile.trendmicro.com/SolutionFile/9756/en/Readme_hotfix_Build1321.1002.txt> Readme_hotfix_Build1321.1002.txt
ADDITIONAL INFORMATION
The information has been provided by <mailto:paja@integralis.cz> paja.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Next message: support@securiteam.com: "[TOOL] SSH Secure Shell 3.0.0 Vulnerability Scanner"
- Previous message: support@securiteam.com: "[UNIX] KRB5 TelnetD Buffer Overflows"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
