Multiple Vendor Virus Scanner Recycle Bin Exclusion Vulnerability

Solution:
Remove '\Recycled' from the exclusion list of you antivirus software.
Each vendor has a different mechanism for editing the exclusion list.

NAI / McAffee:
There is an 'Exclusions' tab in the settings. From there you can delete the entry for the '\Recycled folder.

Symantec NAV2000:
There is no option in the interface to remove the Recycled folder from the exclusion list. To do this, you need to use a hex editor to remove the string from the 'exclude.dat' file. Max Vision has created an exclude.dat file with the Recycled folder removed, it is available at:
http://www.securityfocus.com/data/vulnerabilities/patches/exclude.dat
or
http://maxvision.net/nav/exclude.dat

Note: This patch will reset all other exclusion settings to the default values. See Max Vision's bugtraq post (linked to in the 'credit' section) for more information.



 

Privacy Statement
Copyright 2010, SecurityFocus