My Anti Spyware

Vulnerability in F-Secure products

F-Secure have released security advisory FSC-2006-1.

Brief description Specially crafted ZIP archives may be used to execute code on affected systems. Both RAR- and ZIP-archives can in addition be crafted to avoid successful scanning and obfuscate malicious code in the archive.
Software F-Secure’s Anti-Virus products for Microsoft Windows and Linux
Affected versions F-Secure Anti-Virus for Workstation version 5.44 and earlier
F-Secure Anti-Virus for Windows Servers version 5.52 and earlier
F-Secure Anti-Virus for Citrix Servers version 5.52
F-Secure Anti-Virus for MIMEsweeper version 5.61 and earlier
F-Secure Anti-Virus Client Security version 6.01 and earlier
F-Secure Anti-Virus for MS Exchange version 6.40 and earlier
F-Secure Internet Gatekeeper version 6.42 and earlier
F-Secure Anti-Virus for Firewalls version 6.20 and earlier
F-Secure Internet Security 2004, 2005 and 2006
F-Secure Anti-Virus 2004, 2005 and 2006
Solutions based on F-Secure Personal Express version 6.20 and earlier
F-Secure Anti-Virus for Linux Workstations version 4.52 and earlier
F-Secure Anti-Virus for Linux Servers version 4.64 and earlier
F-Secure Anti-Virus for Linux Gateways version 4.64 and earlier
F-Secure Anti-Virus for Samba Servers version 4.62
F-Secure Anti-Virus Linux Client Security 5.11 and earlier
F-Secure Anti-Virus Linux Server Security 5.11 and earlier
F-Secure Internet Gatekeeper for Linux 2.14 and earlier

This advisory describes a vulnerability that affects several F-Secure Anti-virus products for Windows and Linux. We hope that all system administrators that use our products read the advisory and apply the necessary upgrades or hotfixes.

Our guidance here is the same as for patches from any other vendor: Patch now before someone figures out how to exploit the vulnerability. At the moment we are not aware of any attacks that would have used this vulnerability.

Symantec uses rootkit-type techniques for hide files

News.com reports

Symantec has released an update to its popular Norton SystemWorks to fix a security problem that could be abused by cybercriminals to hide malicious software

In the PC-tuning application, a feature called the Norton Protected Recycle Bin creates a hidden directory on Windows systems. The feature is meant to help people restore modified or deleted files, but the hidden folder might not be scanned during scheduled or manual virus scans.
Symantec said in an advisory released Tuesday.

This could potentially provide a location for an attacker to hide a malicious file on a computer

The Norton update will display the previously hidden “NProtect” directory in the Windows interface, which will allow it to be scanned by antivirus products, Symantec said. The new version is available through the Symantec LiveUpdate service. Installing the software will require a system reboot.

Clam Antivirus Vulnerability

A “critical” security flaw has been found in Clam Antivirus (ClamAV) software that attackers or viruses could exploit to take control over computers running the software.

The vulnerability has to do with the way ClamAV looks at executable programs modified by a popular free file compression utility called UPX (short for the “ultimate packer for executables”). Most bots, worms and viruses going around in e-mail these days are packed with UPX or some other type of compressor to dramatically decrease their size and often to obfuscate the contents of the file and evade detection by antivirus software.

This vulnerability is fixed in the most recent version of ClamAV.
Download last version for Linux/Unix systems - version 0.88 - here.
Download last version for Windows - version 0.88 - here.

What antivirus can to detect WMF exploit ?

On today in the Internet have been found 73 variants of the WMF exploit.
The following antivirus products successfully picked up all varians:
* Alwil Software (Avast)
* Softwin (BitDefender)
* ClamAV
* F-Secure Inc.
* Fortinet Inc.
* McAfee Inc.
* ESET (Nod32)
* Panda Software
* Sophos Plc
* Symantec Corp.
* Trend Micro Inc.
* VirusBuster

Symantec AV RAR library vulnerability

Yesterday, Alex Wheeler released details of a vulnerability that appears to span many Symantec A/V products in the routines for decoded RAR compressed files. Symantec is apparently working feverishly on a fix, but for the moment the recommendation is to disable scanning of these files (while use other A/V product). We are not currently aware of exploits in the wild, but the concern is that this has occurred so close to the end-of-year holidays, even if a fix does come out in the next few days, will people be around to apply it.

Panda Antivirus for Linux

Scan and disinfect viruses in systems with Linux platforms.
Panda Antivirus for Linux is an antivirus for Linux servers and desktops. It is an antivirus designed to be managed from the command line or console. To do this, an executable called PAVCL will be used.

The aim of Panda Antivirus for Linux is to scan and disinfect Windows and DOS workstations connected to a Linux server, as well as the Linux server itself.

Panda Antivirus for Linux scans files using both string searches and heuristic methods. The target files of the antivirus are Word documents, Java Applets, ActiveX controls and compressed files (ZIP, RAR, etc.). At the moment, it does not scan the boot sector or the partitions table.

Panda Antivirus for Linux is a freeware version: Panda Software does not offer technical support for this software.

Download here.

Kaspersky Anti Virus - Free Online File Scanner

If you discover a suspicious file on your machine, or suspect that a program you downloaded from the Internet might be malicious, you can check the files here.

Indicate the file to be checked; it will automatically be uploaded from your computer to a dedicated server, where it will be scanned using Kaspersky Anti-Virus. Multiple independent tests and publications acknowledge the solution to have exceptional detection rates. Updates every three hours ensure that even the very newest viruses can be detected.

Only one file of up to 1 MB can be checked at any one time. If the file is too large, a window with an error message will be displayed. Type the name of the file in the window at the top of this page, or find the file using ‘Browse’. Then click on ‘Submit’.

If you have several potentially suspicious files, you can check them one after the other, or create an archive file (in zip, arj or similar format) and check that. The archive should not be larger than 1 MB.

Scan now

Free service for scanning suspicious files

Virustotal offers a free service for scanning suspicious files using several antivirus engines.
Scan your file now.

ClamAV - The free Anti Virus solution for Windows on Linux

There is a common perception that there are no viruses on the Linux platform - which to a large extent is true. But what happens when you get a mail attachment which you would like to forward to your windows machine so you can open it with your favorite proprietary software? And what if this attachment is infected by a virus? This is where the anti virus solutions for linux comes into the picture.

ClamAV is a free GPLed anti-virus solution which provides a lot of advantages when installed in Linux. Sticking to the philosophy of linux, it contains a set of command line tools which can be used to check if a file on your system is infected by a virus.

it’s free, it’s for me! Free Anti-virus Avast! 4 Home Edition

avast! 4 Home Edition is a full-featured antivirus package designed exclusively for home users and non-commercial use. Both of these conditions should be met! Our company offers the Home Edition free of charge, since, in our
opinion, it is possible to avoid global virus spreading by efficient prevention; however, many user are not able to or do not want to pay for antivirus software. This page will show you the most important features of this program.

Institutions (even non-commercial ones) are not allowed to use avast! Home Edition. However, ALWIL Software provides the full line of avast! antivirus products at special discount prices for non-profit, charity, educational and government institutions.

AVG Free Edition - Scans, removes, and protects against viruses

AVG Free Edition is the well-known anti-virus protection tool. AVG Free is available free-of-charge to home users for the life of the product! Rapid virus database updates are available for the lifetime of the product, thereby providing the high-level of detection capability that millions of users around the world trust to protect their computers. AVG Free is easy-to-use and will not slow your system down (low system resource requirements).

Highlights include:

* Automatic update functionality
* The AVG Resident Shield, which provides real-time protection as files are opened and programs are run
* The AVG E-mail Scanner, which protects your e-mail
* The AVG On-Demand Scanner, which allows the user to perform scheduled and manual tests
* Free Virus Database Updates for the lifetime of the product
* AVG Virus Vault for safe handling of infected files
* Great customer satisfaction!