Intrusion PreventionZIP.Archive.Antivirus.Detection.Bypass
Description
This indicates an attack attempt against a bypass-detection vulnerability in multiple antivirus products.
The vulnerability is caused by an error when the vulnerable software handles a ZIP archive containing malicious files with specially crafted file names. It allows a remote attacker to bypass detection via sending malformed ZIP archives.
Affected Products
Trend Micro Interscan Viruswall (Linux) 3.1
Symantec AntiVirus Corporate Edition 8.0
Norman Virus Control 5.7
Ikarus Ikarus 2.32
Hacksoft TheHacker 5.8
Frisk Software F-Prot Antivirus for Windows
Frisk Software F-Prot Antivirus for Solaris
Frisk Software F-Prot Antivirus for Linux
Frisk Software F-Prot Antivirus for Exchange
Frisk Software F-Prot Antivirus for BSD
Clam Anti-Virus ClamAV 0.85.1
Clam Anti-Virus ClamAV 0.85
Clam Anti-Virus ClamAV 0.84 rc2
Clam Anti-Virus ClamAV 0.84 rc1
Clam Anti-Virus ClamAV 0.84
Clam Anti-Virus ClamAV 0.83
Clam Anti-Virus ClamAV 0.82
Clam Anti-Virus ClamAV 0.81
Clam Anti-Virus ClamAV 0.80 rc4
Clam Anti-Virus ClamAV 0.80 rc3
Clam Anti-Virus ClamAV 0.80 rc2
Clam Anti-Virus ClamAV 0.80 rc1
Clam Anti-Virus ClamAV 0.80
Clam Anti-Virus ClamAV 0.70
Clam Anti-Virus ClamAV 0.68 -1
Clam Anti-Virus ClamAV 0.68
Clam Anti-Virus ClamAV 0.67
Clam Anti-Virus ClamAV 0.65
Clam Anti-Virus ClamAV 0.60
Clam Anti-Virus ClamAV 0.54
Clam Anti-Virus ClamAV 0.53
Clam Anti-Virus ClamAV 0.52
Clam Anti-Virus ClamAV 0.51
AVG AVG Anti-Virus 7.1.308
AVG AVG Anti-Virus 7.0.251
AVG AVG Anti-Virus 7.0
AVG AVG Anti-Virus 6.0.710
Impact
System compromise: antivirus protection bypass.
Recommended Actions
Apply the most recent upgrades or patches from the vendor.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 13299 |
| Created | Oct 17, 2006 |
| Updated | Jan 13, 2022 |
| Risk |
|
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux |
| Affected App | Other |