|
Symantec Norton AntiVirus Excluded Filetype Email Protection Bypass Vulnerability
Solution: Symantec has offered the following response: Newsgroups use .nch files for caching and local storage while the .dbx files are the mailbox files for Microsoft Outlook Express. It is true that by renaming the file type of a malicious file to one of the excluded file types, this will bypass the initial incoming email scan. Further, by renaming a Microsoft Office document containing malicious code or macros to one of the excluded extensions, Microsoft Office will still recognize the document as a Microsoft document and execute it on the system. However, when the malicious Microsoft document is executed the Norton AntiVirus Office plug-in would scan it and alert the user to any potential malicious activity. A renamed file or a type other than a Microsoft document would not execute on the computer and, therefore, could not infect a user's computer. Symantec is reviewing the exclusion feature to respond to this type of issue. Symantec recommends the following Best Practices to enhance the protection of your computers from unauthorized access: 1. Keep vendor-supplied patches for all software up-to-date. 2. Be wary of mysterious attachments and executables delivered from email, user groups, and so on. 3. Do not open attachments or executables from unknown sources. Always err on the side of caution. 4. Even if the sender is known, be wary of attachments if the sender does not explain the attachment content in the body of the email. You do not know the source of the attachment. 5. When in doubt, contact the sender before opening the attachment. If still in doubt, delete the attachment without opening it. |
|
|
Privacy Statement |
