Intrusion Prevention

ZIP.Archive.Antivirus.Detection.Bypass

Description

This indicates an attack attempt against a bypass-detection vulnerability in multiple antivirus products.
The vulnerability is caused by an error when the vulnerable software handles a ZIP archive containing malicious files with specially crafted file names. It allows a remote attacker to bypass detection via sending malformed ZIP archives.

Affected Products

Trend Micro Interscan Viruswall (Linux) 3.1
Symantec AntiVirus Corporate Edition 8.0
Norman Virus Control 5.7
Ikarus Ikarus 2.32
Hacksoft TheHacker 5.8
Frisk Software F-Prot Antivirus for Windows
Frisk Software F-Prot Antivirus for Solaris
Frisk Software F-Prot Antivirus for Linux
Frisk Software F-Prot Antivirus for Exchange
Frisk Software F-Prot Antivirus for BSD
Clam Anti-Virus ClamAV 0.85.1
Clam Anti-Virus ClamAV 0.85
Clam Anti-Virus ClamAV 0.84 rc2
Clam Anti-Virus ClamAV 0.84 rc1
Clam Anti-Virus ClamAV 0.84
Clam Anti-Virus ClamAV 0.83
Clam Anti-Virus ClamAV 0.82
Clam Anti-Virus ClamAV 0.81
Clam Anti-Virus ClamAV 0.80 rc4
Clam Anti-Virus ClamAV 0.80 rc3
Clam Anti-Virus ClamAV 0.80 rc2
Clam Anti-Virus ClamAV 0.80 rc1
Clam Anti-Virus ClamAV 0.80
Clam Anti-Virus ClamAV 0.70
Clam Anti-Virus ClamAV 0.68 -1
Clam Anti-Virus ClamAV 0.68
Clam Anti-Virus ClamAV 0.67
Clam Anti-Virus ClamAV 0.65
Clam Anti-Virus ClamAV 0.60
Clam Anti-Virus ClamAV 0.54
Clam Anti-Virus ClamAV 0.53
Clam Anti-Virus ClamAV 0.52
Clam Anti-Virus ClamAV 0.51
AVG AVG Anti-Virus 7.1.308
AVG AVG Anti-Virus 7.0.251
AVG AVG Anti-Virus 7.0
AVG AVG Anti-Virus 6.0.710

Impact

System compromise: antivirus protection bypass.

Recommended Actions

Apply the most recent upgrades or patches from the vendor.