Skip to navigation
Skip to content
Skip to secondary-content

F-Secure

Tools

Navigation

Subnavigation

Security Advisory

Where You Are

Home
Support
Security Advisory
Security Advisory FSC-2010-1

Digg

Delicious

Email

Facebook

Favorites

Google

Myspace

StumbleUpon

Twitter

Security Advisory FSC-2010-1

Malformed archive bypass vulnerability

Date issued	2010-04-12
Last updated	2010-04-12
Risk level	Low (Low/Medium/High/Critical)
Brief description	Malware inside specially crafted 7Z, GZIP, CAB or RAR archive files may remain undetected. The issue with 7Z archive files is corrected automatically in all affected products. Fixing the issue with other archive files may require manual installation of a fix on some systems.
Mitigating factors	A fix for the problem has been distributed through the update channel for many products. User actions are needed only for products that don’t support automatic update of software components. The vulnerability does not affect the products’ ability to detect malware that has been extracted from the archive types affected. Failure to detect malware inside the archive may just delay detection or make it possible to pass on archives containing infected files.
Affected platforms	All platforms supported by the affected products.
Products	Solutions based on F-Secure Protection Service for Business - E-mail and Server security version 9 and earlier F-Secure Anti-Virus for Microsoft Exchange 9 and earlier F-Secure Internet Gatekeeper for Windows 6.61 and earlier F-Secure Internet Gatekeeper for Linux 4.02 and earlier F-Secure Anti-Virus for MIMEsweeper 5.61 and earlier
Risk level	Medium (Low/Medium/High/Critical)
Notes	These products are typically deployed in a role where they scan files in transit to other systems. Failure to detect malware inside the specially crafted archives does not put the integrity of these systems into danger, but is a failure to perform the products’ main task and can lead to increased risk for other systems. All administrators of these products are instructed to check if manual actions are required, and make sure that the needed fixes are applied.
Products	F-Secure Internet Security 2010 and earlier F-Secure Anti-Virus 2010 and earlier F-Secure Home Server Security 2009 Solutions based on F-Secure Protection Service for Consumers version 9 and earlier Solutions based on F-Secure Protection Service for Business - Workstation security version 9 and earlier Solutions based on F-Secure Protection Service for Business - Server Security version 8 and earlier Services based on F-Secure Mac Protection build 8060 and earlier F-Secure Client Security 9 and earlier F-Secure Anti-Virus for Workstations 9 and earlier F-Secure Anti-Virus for Windows Servers 9 and earlier F-Secure Linux Security 7.03 and earlier F-Secure Anti-Virus Linux Client Security 5.54 and earlier F-Secure Anti-Virus Linux Server Security 5.54 and earlier F-Secure Anti-Virus for Linux Servers 4.65 F-Secure Anti-Virus for Citrix Servers 9 and earlier
Risk level	Low (Low/Medium/High/Critical)
Notes	These products support scanning inside archive files to detect malware that enter the system at an early stage. Failure to detect the malware inside the archives will delay detection. But the malware will still be detected when extracted or executed. Administrators of these systems can check the list of available fixes to ensure maximal protection.
Advisory location	http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-1.html

Product	Versions	Download
F-Secure Internet Security F-Secure Anti-Virus	All versions	Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Solutions based on F-Secure Protection Service for Business - E-mail and Server security	All versions	Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Solutions based on F-Secure Protection Service for Business - Workstation security	All versions	Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Solutions based on F-Secure Protection Service for Business - Server Security	All versions	Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Solutions based on F-Secure Protection Service for Consumers version	All versions	Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
Services based on F-Secure Mac Protection	All versions	Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Client Security	8 - 9	Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Anti-Virus for Workstations	8 - 9	Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Anti-Virus for Windows Servers	8 - 9	Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Anti-Virus for Microsoft Exchange	9	Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Anti-Virus for Citrix Servers	8 - 9	Fix is available in the automatic update channel. No user actions needed if automatic updates are enabled.
F-Secure Anti-Virus for Microsoft Exchange	6.62	ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse662-10.zip
F-Secure Anti-Virus for Microsoft Exchange	7.10	ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse710-06.zip
F-Secure Anti-Virus for Microsoft Exchange	8.00	ftp://ftp.f-secure.com/support/hotfix/fsav-mse/fsavmse800-03.zip
F-Secure Anti-Virus for Citrix Servers	7.00	ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAV744-11.fsfix
F-Secure Internet Gatekeeper for Linux	2.16 – 4.02	ftp://ftp.f-secure.com/support/hotfix/fsav-linux/libfm.4.10.16130.tar.gz Upgrade to version 4.03: http://www.f-secure.com/en_EMEA/downloads/product-updates/internet-gatekeeper-for-linux/
F-Secure Internet Gatekeeper for Windows	6.61	ftp://ftp.f-secure.com/support/hotfix/fsig/fsigk661-06.zip
F-Secure Anti-Virus for MIMEsweeper	5.61	ftp://ftp.f-secure.com/support/hotfix/fsav-server/FSAVSR561-05.fsfix
F-Secure Linux Security	7.03	ftp://ftp.f-secure.com/support/hotfix/fsav-linux/libfm.4.10.16130.tar.gz

Revision history	-
Credits	F-Secure want to thank ReversingLabs (http://www.reversinglabs.com) for reporting this issue.
Contact information	Support: http://www.f-secure.com/en_EMEA/support/ Website: http://www.f-secure.com/