1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Support
  3. Security Advisory
  4. Security Advisory FSC-2008-1

Security Advisory FSC-2008-1

Vulnerabilities in scanning of specially crafted CAB and RAR archives

Date issued 2008-02-13
Last updated 2008-02-19
Risk level High (Low/Medium/High/Critical)
Brief description Specially crafted CAB and RAR archives can bypass antivirus scanning.
Affected platforms All supported platforms

Clients

Products F-Secure Internet Security 2008
F-Secure Internet Security 2007 Second Edition
F-Secure Internet Security 2007
F-Secure Internet Security 2006
F-Secure Anti-Virus 2008
F-Secure Anti-Virus 2007 Second Edition
F-Secure Anti-Virus 2007
F-Secure Anti-Virus 2006
F-Secure Client Security 7.10
F-Secure Client Security 7.01
F-Secure Anti-Virus Client Security 6.04
F-Secure Anti-Virus Client Security 6.03
F-Secure Anti-Virus for Workstations 7.10
F-Secure Anti-Virus for Workstations 7.00
F-Secure Anti-Virus for Workstations 5.44
F-Secure Anti-Virus Linux Client Security 5.53
F-Secure Anti-Virus Linux Client Security 5.52
F-Secure Anti-Virus for Linux 4.65
Solutions based on F-Secure Protection Service for Consumers version 7.00 and earlier
Solutions based on F-Secure Protection Service for Business version 3.00 and earlier
Risk level Medium
User is able to move infected archives to and from client, but client does not get infected.
Mitigating factors
  • Exploitation of these vulnerabilities requires specially crafted archives
  • The CAB issue has been fixed automatically in F-Secure database updates, while fixing the RAR archive scanning requires installing the hotfix below.
  • Client software catches hostile content after CAB/RAR container is opened thus making infection impossible

Servers

Products F-Secure Anti-Virus for Windows Servers 7.00
F-Secure Anti-Virus for Windows Servers 5.52
F-Secure Anti-Virus for Citrix Servers 5.52
F-Secure Anti-Virus Linux Server Security 5.53
F-Secure Anti-Virus Linux Server Security 5.52
Risk level Medium
User is able to move infected content to and from servers
Mitigating factors
  • Exploitation of these vulnerabilities requires specially crafted archives
  • The CAB issue has been fixed automatically in F-Secure database updates, while fixing the RAR archive scanning requires installing the hotfix below.
  • Server software does not scan by default CAB/RAR packed content. When the container is opened the exposed content is scanned thus making infection impossible.

Gateways

Products F-Secure Anti-Virus for Microsoft Exchange 7.0
F-Secure Anti-Virus for Microsoft Exchange 6.62
F-Secure Internet Gatekeeper 6.61, Windows
F-Secure Internet Gatekeeper for Linux 2.16
F-Secure Anti-Virus for MIMEsweeper 5.61
F-Secure Messaging Security Gateway 4.0.7 and earlier
Risk level High
The gateway passes archives unscanned.
Mitigating factors
  • Exploitation of these vulnerabilities requires specially crafted archives
  • The CAB issue has been fixed automatically in F-Secure database updates, while fixing the RAR archive scanning requires installing the hotfix below.
Advisory location: http://www.f-secure.com/support/security-advisory/fsc-2008-1.html

Available patches:

Product Versions Download
F-Secure Anti-Virus Client Security 6.03
6.04		 ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsavwk604-01-signed.fsfix
F-Secure Client Security 7.01-7.10 ftp://ftp.f-secure.com/support/hotfix/fsavcs/fsav741-02-signed.fsfix
F-Secure Anti-Virus for Workstations 5.44 ftp://ftp.f- secure.com/support/hotfix/fsav/fsavwk572-01-signed.fsfix
F-Secure Anti-Virus for Workstations 7.00-7.10 ftp://ftp.f-secure.com/support/hotfix/fsav/fsav741-02-signed.fsfix
F-Secure Anti-Virus for Windows Servers 5.52 ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr552-14-signed.fsfix
F-Secure Anti-Virus for Windows Servers 7.00 ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsav720-03-signed.fsfix
F-Secure Anti-Virus for Citrix Servers 5.52 ftp://ftp.f-secure.com/support/hotfix/fsav-server/fsavsr552-14-signed.fsfix
F-Secure Anti-Virus Linux Client Security 5.52 http://www.f- secure.com/webclub/fscsl.html
F-Secure Anti-Virus Linux Client Security 5.53 http://www.f- secure.com/webclub/fscsl.html
F-Secure Anti-Virus Linux Server Security 5.52 http://www.f- secure.com/webclub/fsssl.html
F-Secure Anti-Virus Linux Server Security 5.53 http://www.f- secure.com/webclub/fsssl.html
F-Secure Anti-Virus for Linux Gateways 4.65 http://www.f- secure.com/webclub/fsavgwl.html
F-Secure Anti-Virus for Linux Servers 4.65 http://www.f- secure.com/webclub/fsavsrvl.html
F-Secure Anti-Virus for Microsoft Exchange 6.62 ftp://ftp.f- secure.com/support/hotfix/fsav-mse/fsavmse662-04.zip
F-Secure Anti-Virus for Microsoft Exchange 7.00 ftp://ftp.f- secure.com/support/hotfix/fsav-mse/fsavmse700-01.zip
F-Secure Internet Gatekeeper 6.61 ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk661-01.zip
F-Secure Internet Gatekeeper for Linux 2.16 http://www.f- secure.com/webclub/fsigkl.html
F-Secure Anti-Virus for MIMEsweeper 5.61 ftp://ftp.f-secure.com/support/hotfix/fsav-msw/fsavsr552-14-signed.fsfix
F-Secure Messaging Security Gateway 3.x Unsupported version. Please upgrade to the latest version.
F-Secure Messaging Security Gateway 4.0.6
4.0.7		 Packages will be available in the update channel, and installed automatically.
Protection Services For Consumers 5 and 6 Packages will be available in the update channel, and installed automatically.
Protection Services For Businesses 3 Packages will be available in the update channel, and installed automatically.
F-Secure Internet Security 2006, 2007, 2007 Second Edition, 2008 Packages will be available in the update channel, and installed automatically.
Credits F-Secure wants to thank Mr Thierry Zoller at n.runs AG for reporting these issues.
Revision history FSC-2008-02-19

Contact information:
Support: http://www.f-secure.com/en_UK/support/