F-Secure patches a blind spot in its antivirus products
F-Secure has released updates for several of its products to remedy a scanning vulnerability. According to a report by the vendor, the scan engine cannot recognize viruses within certain CAB and RAR archives. However, once a user opens the archive, the scanner springs into action and issues a warning.
All client products and several server and gateway products are affected. F-secure classifies the hazard as "medium" for client and server solutions and "high" for gateway products. According to the vendor, automatic updates have already corrected the error with CAB archives, but users have to manually install a hotfix to remedy the RAR vulnerability. The original F-Secure report contains an exact list of individual fixes for each of the products.
Security service provider n.runs, which has pointed out many virus scanner security holes in the past, discovered the vulnerability. The heise Security article, "Antivirus software as a malware gateway" explains possible antivirus software hazards.
- Vulnerabilities in scanning of specially crafted CAB and RAR archives, F-Secure error report