Symantec Anti-Virus Flaws

December 21, 2005   (See May 27, 2006 Addendum below)

(Symantec had since acknowledge the flaw and listed under SYM05-027 with latest release 10.0.2.2001 correcting that problem. Note that SAV 8.x and 9.x were not affected.)

Just want to let you know that I am aware of the news that just came out today re: the discovery & announcement by security firm Secunia. For the second time this year, a high risk flaw has been found in SAV within the RAR routine. It was UPX back in Feb.

After studying of the situation, I made the recommendation to NOT implement the temporary work-around by disabling scanning of .RAR files. Patches are not yet available. In fact it's not even acknowledged by Symantec yet. I'm sure they will within a few days. The fixes should be available in a few weeks at most.

If you have particular concern, just ask and I'll be glad to explain in greater details and offer background information, perspective, and justifications.

Again, my official professional recommendation at this point is: Take no action

Disregard the dire warnings in the news for this particular incident. It is common that the proper action is to override the security firm's narrow context "recommendation" in the announcement.

+1.585.637.8869

Call/email inquiries to verify the authenticity of this email is non-billable (and you're encouraged to do so, as it is good practice) Any discussion/clarification is billable at standard rates

Sam C. Chan

P.s. You're receiving this alert because you're the DIFA for your location.

Addendum

May 27, 2006

Symantec today released Symantec AntiVirus CE 10.0.2 MR2 MP2 Point Patch 1 to address the recent security advisory (SYM06-010) disclosed 2 days ago.

 This brings the Bravo official current build to:   10.0.2.2021

Note: current there are 3 valid and supported versions: 10.1, 10.0 MR2 and 10.0 MR1. Upgrades must be performed according to all the standard rules re: applying maintenance releases, maintenance patches and point patches. All tier 1 sites and retainer sites are being alerted and update scheduled. Consultants are advised to obtain briefing before proceeding with your deployment. ETS: 0.1 to 0.3 hr.

B.E.S.T. team members, see our SharePoint Portal thread for time-saving tips and further technical details on this issues.