• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Symantec Norton AntiVirus Conflicting MIME Header Vulnerability

Solution:
Symantec has offered the following response:

By renaming a file containing malicious code to one with an excluded extension and delivering it in the non-RFC compliant MIME format, Norton AntiVirus' incoming email scan could be bypassed and the malicious file saved on the system as a executable file or as a Microsoft Office document. However, if an attempt is made to execute the malicious file on the computer, the file will be detected by Norton AntiVirus or by the Norton AntiVirus Office plug-in, depending on the file type, which would alert the user to any potential malicious activity. Symantec will have an update to address this RFC issue available via LiveUpdate shortly.

Symantec recommends the following Best Practices to enhance the protection
of your computers from unauthorized access:
1. Keep vendor-supplied patches for all software up-to-date.
2. Be wary of mysterious attachments and executables delivered from email, user groups, and so on.
3. Do not open attachments or executables from unknown sources. Always err on the side of caution.
4. Even if the sender is known, be wary of attachments if the sender does not explain the attachment content in the body of the email. You do not know the source of the attachment.
5. When in doubt, contact the sender before opening the attachment. If still in doubt, delete the attachment without opening it.