Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: F-Prot Anti-Virus Scanning Engine Bypass SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
F-Prot Anti-Virus Scanning Engine Bypass
An vulnerability has been reported in some versions of F-Prot Anti-Virus. The advisory is referenced below. Exploit code is reported to be available. Though it doesn't look like it would be difficult to create a zip file with  a version header value greater than 15.
I haven't seen a vendor advisory or fix yet so its unknown what versions/platforms may be affected and the url for Thierry Zoller's site is not resolving for me. We'll post updates here as more info becomes available.

Vendors and users need to be really careful about making assumptions their networks are secure based upon a single application. Diversity and layers are a goodness.

Other recent bypass issues:
WebRoot Desktop Firewall:


49 Posts
Nov 4th 2005

Sign Up for Free or Log In to start participating in the conversation!