Symantec has fixed a vulnerability in Norton Antivirus that allows malicious code to escape detection. Reston, Va.-based security firm iDefense said in its advisory that the problem exists in attempts to scan files and directories named as reserved MS-DOS devices. . . .
Vulnerability in Symantec's Norton Antivirus
Symantec has fixed a vulnerability in Norton Antivirus that allows malicious code to escape detection. Reston, Va.-based security firm iDefense said in its advisory that the problem exists in attempts to scan files and directories named as reserved MS-DOS devices. "Reserved MS-DOS device names are a holdover from the original days of Microsoft DOS," the advisory said. "The reserved MS-DOS device names represent devices such as the first printer port (LPT1) and the first serial communication port (COM1). Sample reserved MS-DOS device names include AUX, CON, PRN, COM1 and LPT1. If a virus stores itself in a reserved device name it can avoid detection by Symantec Norton Antivirus when the system is scanned." As a workaround, iDefense said, "Ensure that no local files or directories using reserved MS-DOS device names exist. On most modern Windows systems there should be no reserved MS-DOS device names present. While the Windows search utility can be used to locate offending files and directories, either a separate tool or the specification of Universal Naming Convention (UNC) must be used to remove them. The following command will successfully remove a file stored on the C: drive named 'aux':" Symantec has fixed the problem in Norton Antivirus 2004, currently available through LiveUpdate. The fix is being incorporated into all other supported Symantec Norton Antivirus versions and will be available through LiveUpdate when fully tested and released, iDefense said.

The link for this article located at SearchSecurity.com is no longer available.