A vulnerability has been discovered in Symantec products that could allow malware to corrupt the application and execute malicious code.

The vulnerability revolves around the way that Symantec's antivirus programs open RAR files for scanning (RAR files are compressed files similar to ZIP).  This issue could allow a virus or worm hidden inside a RAR file to be run on the user's PC.  The RAR format is a commonly used compression format for malware (including Dasher).

Vulnerable applications include:

Symantec Antivirus Corporate Edition, Symantec Brightmail Anti-Spam, Symantec Client Security, Symantec Gateway Security, Norton Antivirus (for Windows and Mac), Norton Antivirus for MS Exchange, and Norton Internet Security.

 It is recommended that you disable scanning (and therefore opening) RAR files - To disable scanning in Norton AntiVirus click on Options and Norton AntiVirus and then expand Auto-Protect and click on Exclusions and click New and add an exclusion for *.rar files.

Add the same exclusion for Manual Scan too.

Remember - This leaves all .RAR files unscanned for viruses and worms!  This means that it is best to delete all that you receive.

Technorati Tags: Symantec, RAR, Norton Antivirus

This entry was posted on Tuesday, December 20th, 2005 at 18:51 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.