Weaknesses in several virus scanners - Updated

The security specialist Thierry Zoller has made several reports on errors in virus scanners from BitDefender, avast, ESET and Fortinet. According to Zoller, all have problems in dealing with corrupt archive files, making it possible for infected files to be smuggled past the scanners. Zoller says this is a particular problem for gateways.

BitDefender confirmed the error existed in many of its products and released a patch for it last week, which has been distributed over its automatic update system. ESET also acknowledged the error and have released updates through their automatic update system. Zoller says that only Avast and Fortinet have not reacted to his alerts, noting neither have replied to his attempts to responsibly disclose the issue to them.

• BitDefender - Generic bypass/evasion CAB, advisory from Thierry Zoller.
• avast! - Generic evasion (Limited details), advisory from Thierry Zoller.
• Nod32 (ESET) - Generic Evasion (Limited details), advisory from Thierry Zoller.
• Fortinet - Evasion / Bypass (Limited details), advisory from Thierry Zoller.

Update: Fortinet responded to Zoller's advisory on the 17th and says that its actual response was on the 15th. According to Zoller the investigation is ongoing. Avast also responded on the 17th, but says "There's currently no plan to release a special patch for this as our risk assessment makes it a very low priority issue."

(djwm)