Skip to navigation
Skip to content
Skip to secondary-content

F-Secure

Tools

Navigation

Subnavigation

Sicherheitsempfehlungen

Where You Are

Startseite
Support
Sicherheitsempfehlungen
Security Advisory FSC-2009-1

Security Advisory FSC-2009-1

ZIP and RAR archive evasion vulnerability

Date issued	2009-05-06
Last updated	2009-05-06
Risk level	High (Low/Medium/High/Critical)
Brief description	Malware inside specially crafted archive files remains undetected.
Mitigating factors	The vulnerability only affects the antivirus software’s ability to scan inside compressed archives. In general, compressed archives are scanned in gateway environments. In a typical configuration, on-access scanning does not scan inside compressed archives. Therefore, the vulnerability is insignificant in client environments. Attackers can exploit the vulnerability by sending malware inside specially-made compressed file archives to users. At the time of publishing the Security Advisory, there are no known exploits.
Affected platforms	All supported platforms

Gateways

Products	F-Secure Anti-Virus for Microsoft Exchange 7.10 and earlier F-Secure Internet Gatekeeper for Windows 6.61 and earlier F-Secure Internet Gatekeeper for Linux 2.16 and earlier F-Secure Internet Gatekeeper for Linux Japanese 3.01 and earlier Solutions based on F-Secure Protection Service for Business - E-mail and Server security version 8.00 and earlier
Risk level	High
Notes	The vulnerability may cause malware to remain undetected and pass through gateway scanners. The vulnerability does not compromise the integrity of the system used to run the product. Note that the Beta and Release Candidate versions of F-Secure Anti-Virus for Microsoft Exchange 8.0 are vulnerable. Users testing these versions are instructed to upgrade to the RTM version which is not vulnerable.

Clients and servers

Products	F-Secure Internet Security 2009 and earlier F-Secure Anti-Virus 2009 and earlier F-Secure Client Security 8.0 and earlier F-Secure Anti-Virus for Workstations 8.0 and earlier F-Secure Linux Security 7.01 and earlier F-Secure Anti-Virus Linux Client Security 5.54 and earlier Solutions based on F-Secure Protection Service for Consumers version 8.00 and earlier Solutions based on F-Secure Protection Service for Business - Workstation security version 8.00 and earlier F-Secure Home Server Security 2009 F-Secure Anti-Virus for Windows Servers 8.00 and earlier F-Secure Anti-Virus for Citrix Servers 7.00 and earlier F-Secure Linux Security 7.02 and earlier F-Secure Anti-Virus Linux Server Security 5.54 and earlier F-Secure Anti-Virus for Linux Servers 4.65 F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier
Risk level	Low
Notes	The vulnerability affects these products’ ability to scan inside archived files, but may in the worst case delay detection of malware, or enables the user to forward infected files to other systems. The severity is low as these products’ primary purpose is to protect the system they run on rather than stopping malware in transit. These products will not be patched as a direct result of this advisory, but they receive fixes as part of normal version upgrades.

Advisory location: http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html

Available patches:

F-Secure deliver patches to its supported product versions that are vulnerable. See further information on supported products and F-Secure’s Product Lifecycle Policy.

Product	Versions	Download
Solutions based on F-Secure Protection Service for Business - E-mail and Server security	All supported versions	Packages will be available in the update channel, and they are installed automatically.
F-Secure Anti-Virus for Microsoft Exchange	7.10	ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse710-05.zip Upgrade to version 8: http://www.f-secure.com/en_EMEA/downloads/product-updates/anti-virus-for-microsoft-exchange/
F-Secure Anti-Virus for Microsoft Exchange	7.00	ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse700-04.zip Upgrade to version 8: http://www.f-secure.com/en_EMEA/downloads/product-updates/anti-virus-for-microsoft-exchange/
F-Secure Anti-Virus for Microsoft Exchange	6.62	ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse662-08.zip Upgrade to version 8: http://www.f-secure.com/en_EMEA/downloads/product-updates/anti-virus-for-microsoft-exchange/
F-Secure Internet Gatekeeper for Windows	6.61	ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk661-04.zip
F-Secure Internet Gatekeeper for Linux	2.16 and earlier	Upgrade to version 3.02: http://www.f-secure.com/en_EMEA/downloads/product-updates/internet-gatekeeper-for-linux/
F-Secure Internet Gatekeeper for Linux Japanese	3.01 and earlier	http://www.f-secure.co.jp/support/menu.html Note: This hotfix is intended only for the Japanese version of the product.

Credits	F-Secure want to thank Roger Mickael (mickael@mickael-roger.com) for bringing this issue to our attention.
Revision history	FSC-2009-05-06

Contact information:
Support: http://www.f-secure.com/en_EMEA/support/