-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                       ESB-2009.0455 -- [Win][Linux]
                        F-Secure: Reduced Security
                                11 May 2009

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              F-Secure Anti-Virus for Microsoft Exchange 7.10 and 
                        earlier
                      F-Secure Internet Gatekeeper for Windows 6.61 and 
                        earlier
                      F-Secure Internet Gatekeeper for Linux 2.16 and earlier
                      F-Secure Internet Gatekeeper for Linux Japanese 3.01 
                        and earlier
                      Solutions based on F-Secure Protection Service for 
                        Business - E-mail and Server security version 8.00 
                        and earlier
                      F-Secure Internet Security 2009 and earlier
                      F-Secure Anti-Virus 2009 and earlier
                      F-Secure Client Security 8.0 and earlier
                      F-Secure Anti-Virus for Workstations 8.0 and earlier
                      F-Secure Linux Security 7.01 and earlier
                      F-Secure Anti-Virus Linux Client Security 5.54 and 
                        earlier
                      Solutions based on F-Secure Protection Service for 
                        Consumers version 8.00 and earlier
                      Solutions based on F-Secure Protection Service for 
                        Business - Workstation security version 8.00 and 
                        earlier
                      F-Secure Home Server Security 2009
                      F-Secure Anti-Virus for Windows Servers 8.00 and 
                        earlier
                      F-Secure Anti-Virus for Citrix Servers 7.00 and earlier
                      F-Secure Linux Security 7.02 and earlier
                      F-Secure Anti-Virus Linux Server Security 5.54 and 
                        earlier
                      F-Secure Anti-Virus for Linux Servers 4.65
                      F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier
Publisher:            F-Secure
Operating System:     Linux variants
                      Windows
Impact:               Reduced Security
Access:               Remote/Unauthenticated

Original Bulletin:    
  http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Advisory FSC-2009-1
ZIP and RAR archive evasion vulnerability

Date issued             2009-05-06
Last updated            2009-05-06
Risk level              High (Low/Medium/High/Critical)
Brief description       Malware inside specially crafted archive files 
                        remains undetected.
Mitigating factors 

    * The vulnerability only affects the antivirus softwares ability to scan 
      inside compressed archives. In general, compressed archives are 
      scanned in gateway environments. In a typical configuration, on-access 
      scanning does not scan inside compressed archives. Therefore, the 
      vulnerability is insignificant in client environments.
    * Attackers can exploit the vulnerability by sending malware inside 
      specially-made compressed file archives to users. At the time of 
      publishing the Security Advisory, there are no known exploits.

Affected platforms      All supported platforms

Gateways:
Products:        
F-Secure Anti-Virus for Microsoft Exchange 7.10 and earlier
F-Secure Internet Gatekeeper for Windows 6.61 and earlier
F-Secure Internet Gatekeeper for Linux 2.16 and earlier
F-Secure Internet Gatekeeper for Linux Japanese 3.01 and earlier
Solutions based on F-Secure Protection Service for Business - E-mail and 
  Server security version 8.00 and earlier

Risk level              High

Notes:   The vulnerability may cause malware to remain undetected and pass 
         through gateway scanners. The vulnerability does not compromise the 
         integrity of the system used to run the product. Note that the Beta 
         and Release Candidate versions of F-Secure Anti-Virus for Microsoft 
         Exchange 8.0 are vulnerable. Users testing these versions are 
         instructed to upgrade to the RTM version which is not vulnerable.

Clients and servers:
Products:        
F-Secure Internet Security 2009 and earlier
F-Secure Anti-Virus 2009 and earlier
F-Secure Client Security 8.0 and earlier
F-Secure Anti-Virus for Workstations 8.0 and earlier
F-Secure Linux Security 7.01 and earlier
F-Secure Anti-Virus Linux Client Security 5.54 and earlier
Solutions based on F-Secure Protection Service for Consumers version 8.00 and 
  earlier
Solutions based on F-Secure Protection Service for Business - Workstation 
  security version 8.00 and earlier
F-Secure Home Server Security 2009
F-Secure Anti-Virus for Windows Servers 8.00 and earlier
F-Secure Anti-Virus for Citrix Servers 7.00 and earlier
F-Secure Linux Security 7.02 and earlier
F-Secure Anti-Virus Linux Server Security 5.54 and earlier
F-Secure Anti-Virus for Linux Servers 4.65
F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier

Risk level              Low

Notes:   The vulnerability affects these products ability to scan inside 
         archived files, but may in the worst case delay detection of 
         malware, or enables the user to forward infected files to other 
         systems. The severity is low as these products primary purpose is 
         to protect the system they run on rather than stopping malware in 
         transit. These products will not be patched as a direct result of 
         this advisory, but they receive fixes as part of normal version 
         upgrades.

Advisory location: 
  http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2009-1.html

Available patches:

F-Secure deliver patches to its supported product versions that are 
vulnerable. See further information on supported products and F-Secures 
Product Lifecycle Policy.

Product                        Versions          Download
Solutions based on F-Secure 
Protection Service for 
Business - E-mail and Server 
security                      All 
                              supported 
                              versions           Packages will be available 
                                                 in the updated channel, and 
                                                 they are installed 
                                                 automatically.
F-Secure Anti-Virus for 
Microsoft Exchange            7.10               ftp://ftp.f-secure.com/support/hotfix/fsavmse/fsavmse710-05.zip

                                                 Upgrade to version 8:
                                                 http://www.f-secure.com/en_EMEA/downloads/product-updates/anti-virus-for-microsoft-exchange/
F-Secure Anti-Virus for 
Microsoft Exchange            7.00               ftp://ftp.f-secure.com/support/hotfix/fsavmse/fsavmse700-04.zip

                                                 Upgrade to version 8:
                                                 http://www.f-secure.com/en_EMEA/downloads/product-updates/anti-virus-for-microsoft-exchange/
F-Secure Anti-Virus for 
Microsoft Exchange            6.62               ftp://ftp.f-secure.com/support/hotfix/fsavmse/fsavmse662-08.zip

                                                 Upgrade to version 8:
                                                 http://www.f-secure.com/en_EMEA/downloads/product-updates/anti-virus-for-microsoft-exchange/
F-Secure Internet Gatekeeper 
for Windows                   6.61               ftp://ftp.f-secure.com/support/hotfix/fsig
sigk661-04.zip
F-Secure Internet Gatekeeper 
for Linux                     2.16 and earlier   Upgrade to version 3.02:
                                                 http://www.f-secure.com/en_EMEA/downloads/product-updates/internet-gatekeeper-for-linux/
F-Secure Internet Gatekeeper 
for Linux Japanese            3.01 and earlier   http://www.f-secure.co.jp/support/menu.html

Note:                  This hotfix is intended only for the Japanese version of 
                       the product.
Credits                F-Secure want to thank Roger Mickael 
                       (mickael@mickael-roger.com) for bringing this issue to 
                       our attention.
Revision history       FSC-2009-05-06

Contact information:   Support: http://www.f-secure.com/en_EMEA/support/

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFKB7wyNVH5XJJInbgRAiZ2AJ9oCP1QgppD6pAsjeV8lkAU663kOQCdEfPv
zgBpgm/7XnyDYDY0Y4sbS4k=
=I/eN
-----END PGP SIGNATURE-----