Reported November 28, 2000 by Michael Shaffer

VERSIONS AFFECTED
  • InterScan SMTP VirusWall

DESCRIPTION

An issue with InterScan SMTP VirusWall, all versions, has been discovered.  During the software installation process, VirusWall uses CACLS to adjust the permissions of the destination directory to, EVERYONE:FULL CONTROL.  The installation process will also create a new share point that also has the permissions EVERYONE:FULL CONTROL.

The modification of permissions and the creation of this share could potentially leave Internet exposed machines vulnerable to other attacks. 

VENDOR RESPONSE

The vendor, InterScan has been notified and claimed to have addressed the problem in version 3.5.  Testing has proven this not to be the case.

It is recommended that administrators manually repair the permissions on the installation directory and remove the share as it seems to serve no purpose and does not effect the operation of the software.

CREDIT
Discovered by
Michael Shaffer