Title: InterScan VirusWall Scan Evasion Vulnerability
Severity: CRITICAL
Description:
Trend Micro's InterScan VirusWall is a product designed to stop the spread of viruses and worms through email. To do so, it filters SMTP traffic for various signatures which match those of viruses. It is possible to evade scanning if malicious code is within a malformed email attachment. If there are more '=' characters than required at the end of a base64 encoded attachment, InterScan will fail to scan the data and let it pass through unchecked. However, InterScan does record when this error occurs; it writes the following to its system logs:
base64: Unexpected EOF seen
The NewApt worm is known to exploit this vulnerability.
Affected Products:
- Trend Micro InterScan VirusWall 3.0.1
References:
- Network Associates Inc.: NewApt Worm Advisory
- Trend Micro: Trend Micro Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
