|
|
Symantec Norton AntiVirus NULL Characters Incoming Email Protection Bypass Vulnerability
Solution: Symantec has offered the following response: Symantec has confirmed that although the initial incoming scan may be bypassed in the manner described by Edvice, the Symantec Norton AntiVirus AutoProtect feature protects a system by scanning active files for viruses, Trojan horses, and worms. If malicious code is hidden in such a manner as to bypass the initial email scan, the malicious virus or code would be detected in real time by a scheduled or manual scan if the file were saved on the targeted system. Additionally, attempts to execute the malicious code would cause Symantec Auto-Protect to alert. Finally, Symantec's Script Blocking feature would further prevent any malicious scripts from running on the targeted system. That said, Symantec takes the security of its products very seriously. Symantec will have an update to address this RFC issue available via LiveUpdate shortly. Symantec recommends the following Best Practices to enhance the protection of your computers from unauthorized access: 1. Keep vendor-supplied patches for all software up-to-date. 2. Be wary of mysterious attachments and executables delivered from email, user groups, and so on. 3. Do not open attachments or executables from unknown sources. Always err on the side of caution. 4. Even if the sender is known, be wary of attachments if the sender does not explain the attachment content in the body of the email. You do not know the source of the attachment. 5. When in doubt, contact the sender before opening the attachment. If still in doubt, delete the attachment without opening it. |
|
Privacy Statement |