FYI...

> http://atlas.arbor.net/briefs/index#1027704494
Panda Antivirus EXE File Parsing Buffer Overflow Vulnerability
Severity: High Severity
Published: July 23, 2007
Panda AV is vulnerable to a buffer overflow when processing Windows EXE files. The error comes in an integer cast when parsing EXE header data. A malicious attacker could send the victim a malformed EXE file to be processed by Panda AV. This would then allow the attacker to run arbitrary code on the victim's computer. Updates have been made available.
Analysis: This is a similar issue to the Eset NOD32 file processing issue and nearly a dozen such vulnerabilities recently. We believe that this trend will continue for some time.
Source: http://secunia.com/advisories/26171/

NOD32 Antivirus Multiple File Processing Vulnerabilities
Severity: High Severity
Published: July 23, 2007
Eset NOD32 antivirus is vulnerable to file processing vulnerabilities that could be abused by a remote attacker to compromise a system. The AV software has problems processing CAB, ASPack, and FSG packed files. Malformed files could be sent to a victim to be processed by NOD32 and then run arbitrary code on the server. Eset has issued updated software to address this issue.
Analysis: This is another AV vulnerability in handling files. We do not expect it to be the last one, in this package or any other AV package.
Source: http://secunia.com/advisories/26124/

.

This post has been edited by AplusWebMaster: Jul 4 2009, 08:03 AM

FYI...

ClamAV v0.95.3 released
- http://www.clamav.net/download/sources
Latest stable release: ClamAV 0.95.3...

- http://wiki.clamav.net/bin/view/Main/UpgradeNotes0953
If you have trouble compiling ClamAV please apply this patch (see bug #1737)
You can apply the patch ...
- http://wiki.clamav.net/pub/Main/UpgradeNot....3-bug1737.diff

- http://wiki.clamav.net/Main/UninstallClamAV
... Make sure that you haven’t got old libraries (libclamav.so) lying around your filesystem. You can verify it using: $ ldd `which freshclam`
Also make sure there is really only one version of ClamAV installed on your system...

- http://www.clamwin.com/content/view/220/1/
11 November 2009

- http://www.securityfocus.com/bid/35410/info
Updated: Nov 18 2009 05:16PM



This post has been edited by AplusWebMaster: Nov 20 2009, 07:56 AM

FYI...

Avast false positives - fix released
- http://isc.sans.org/diary.html?storyid=7681
Last Updated: 2009-12-03 11:04:57 UTC - "We have received a number of reports of Avast Antivirus false positives... With a recent update the Avast antivirus product have started identifying legitimate products as containing Win32-Dell-MZG...
Update:
A new update was released fixing the issue. 091203-1. If you haven't used your computer between 12:00am UTC and 5.50 am UTC, then you will receive the new update and you should be fine. For those that were affected I recommend you keep an eye on the Avast blog http://forum.avast.com/index.php?topic=51647 as they are working on some how to's to help fix any issues."

FYI...

Kaspersky - Insecure default directory permissions
- http://secunia.com/advisories/37730/2/
Release Date: 2009-12-17
Impact: Privilege escalation
Where: Local system
Solution Status: Vendor Patch
Software:
Kaspersky Anti-Virus for Windows Server 6.x
Kaspersky Anti-Virus for Windows Workstations 6.x
Kaspersky Internet Security 9.x ...
Solution:
Kaspersky Internet Security 2010:
Update to version 9.0.0.736.
Kaspersky Anti-Virus 6.0 for Windows Workstations:
Update to version 6.0.4.1212.
Kaspersky Anti-Virus 6.0 for Windows File Servers:
Update to version 6.0.4.1212...

- http://www.kaspersky.com/kav_latest_versions

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-4114

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2009-4452



This post has been edited by AplusWebMaster: Jan 4 2010, 10:12 AM

FYI...

AV-Comparatives rates Anti-Malware performance
- http://www.pcmag.com/article2/0,2817,2357509,00.asp
12.22.09 - "... AV-Comparatives.org released the results* of their recent "Whole Product Dynamic Test," which challenges anti-malware products to protect test systems as if in the real world... AV-Comparatives used just-defragmented disks for testing and worked to eliminate any external factors that would influence performance... They repeated each test several times and averaged the results. In several cases they ran the test and then ran the same test again, to handle programs that learn and therefore run more quickly after the first time..."

* http://www.av-comparatives.org/comparative...summary-reports
Summary - December 2009 (PDF link from this URL)

- http://www.av-comparatives.org/comparative...rformance-tests
Performance Tests (PDF link from this URL)

- http://www.av-comparatives.org/comparative...s/dynamic-tests
Dynamic Test (PDF link from this URL)

FYI...

Symantec ...having 2010 date problems
- http://isc.sans.org/diary.html?storyid=7870
Last Updated: 2010-01-04 17:22:08 UTC - "... post from Symantec:
- http://www.symantec.com/connect/forums/off...ted-04-jan-2010
... stating that Symantec Endpoint Protection Manager considers any definition update with a date newer than 11:59PM December 31 2009 will be considered out of date. They say they are working on a fix but are currently handling this by releasing new definitions with higher version numbers but the same date. This is impacting:
* Symantec Endpoint Protection v11.x Product Line
* Symantec Endpoint Protection Small Business Edition v12.x Product Line ..."
- http://service1.symantec.com/SUPPORT/ent-s...010010308571348

FYI...

F-secure - false alarm in show_ads.js
- http://www.f-secure.com/weblog/archives/00001865.html
January 25, 2010 - "Some of our antivirus products had a brief false alarm today. The alert was from a common Javascript file called show_ads.js. The false alarm was for a trojan called Trojan.JS.Redirector.ar. The false alarm has been fixed in our update 2010-01-25_17. This only affected our older products, such as the 2009 product range. F-Secure Internet Security 2010 had no issues. We apologize for the false alarm. Sorry."

FYI...

Kaspersky - false positive
- http://www.theregister.co.uk/2010/01/25/ka...false_positive/
25 January 2010 16:06 GMT - "Updated: An update to Kaspersky's popular anti-virus software on Monday falsely identified Google AdSense as a malicious script. As a result of the false alarm, Kaspersky users visiting sites in Google ad syndication network were falsely warned a site was infected with malicious Trojan-linked JavaScript... 'An incorrect signature was added to the company's antivirus databases on 25 January at 07:00 Moscow time (GMT+3). As a result, Kaspersky Lab products erroneously blocked some legitimate websites containing the link on script http://pagead2.googlesyndication.com/pagead/show_ads.js, which is used in the contextual advertising system Google AdSense. When users visited an affected web resource, a message was displayed stating that the page contained the malicious program Trojan.JS.Redirector.ar. The problem was quickly resolved and by 19:00 Moscow time the company's products had stopped generating alerts for legitimate internet pages. Kaspersky Lab would like to apologize for any inconvenience this problem may have caused users...'..."

FYI...

Symantec false positives...
- http://isc.sans.org/diary.html?storyid=8104
Last Updated: 2010-01-28 16:59:13 UTC - "... might be a false positive in Symantec's host based detection, flagging the Adobe Flash Installer as a Trojan Horse... Symantec is encouraging people that are affected to call Symantec support... Seems that the affected Revision is:
2010-01-27 rev 049..."

- http://www.theregister.co.uk/2010/01/28/sy...fy_false_alarm/
28 January 2010 - "...A misfiring anti-virus definition update caused Symantec's Norton security software to wrongly classified Spotify program files as malign and shuffled them off into quarantine. Symantec responded quickly to the problem by issuing a fix that quashed the false alarm. Even after they update their security software, Symantec users may still have to reinstall Spotify in order to listen to the service again..."

> ftp://ftp.symantec.com/AVDEFS/symantec_an...lease/sequence/



This post has been edited by AplusWebMaster: Jan 28 2010, 05:22 PM

FYI...

avast! vuln - updates available
- http://secunia.com/advisories/38689/
Release Date: 2010-02-23
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch...
Solution: The vulnerability is fixed in version 5.0.418...

- http://secunia.com/advisories/38677/
Release Date: 2010-02-23
Impact: Privilege escalation, DoS
Where: Local system
Solution Status: Vendor Patch...
Solution: Update to version 5.0.418...

> http://forum.avast.com/index.php?topic=55484.0

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2010-0705
Last revised: 02/26/2010
CVSS v2 Base Score: 7.2 (HIGH)



This post has been edited by AplusWebMaster: Mar 2 2010, 12:59 PM

FYI...

CA Service Desk Tomcat CSS vuln - workaround
- http://secunia.com/advisories/37606/
Release Date: 2010-02-23
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Workaround
Software: CA Service Desk 12.x
Original Advisory: CA20100222-01:
https://support.ca.com/irj/portal/anonymous...ontentID=229526

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2008-1947

CA eHealth Performance Manager CSS vuln - patch available
- http://secunia.com/advisories/38694/
Release Date: 2010-02-24
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: CA eHealth Performance Manager 6.x
Solution: Enable "Scan user input for potentially malicious HTML content". Please see the vendor's advisory for more information.
Original Advisory: CA20100223-01:
https://support.ca.com/irj/portal/anonymous...ontentID=229652

- http://web.nvd.nist.gov/view/vuln/detail?v...d=CVE-2010-0640

Installation and Upgrade Issues... CA eHealth Performance Manager r6.1.x through r6.2
>>> https://support.ca.com/irj/portal/anonymous...ontentID=227051



This post has been edited by AplusWebMaster: Feb 24 2010, 04:24 PM