January 2006


Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Alison Pechenick <[log in to unmask]>
Reply To:
Technology Discussion at UVM <[log in to unmask]>
Tue, 10 Jan 2006 11:24:18 -0500
text/plain (79 lines)
Stef, I know there are two versions of this software in the archive, the 
"managed" and "unmanaged", depending on whether the system involved is 
used on- or off-campus.

What is recommended for those of us who take our laptops back and forth 
to campus?

Thank you,


Stefanie Ploof wrote:
> A version of Symantec Antivirus for Windows which patches the library heap
> overflow/RAR file vulnerability announced in December (see below) is now
> available from the UVM software download site
> (
> All Windows computers running Symantec Antivirus version 10 should be
> updated to Symantec Antivirus at this time to protect systems
> from the vulnerability.  Testing of the newest version has shown that
> installing over previous versions will work, although it is advised that
> the previous version be removed via Control Panel -> Add/Remove Programs
> before installing this newest version.
> Macintosh Symantec Antivirus version 9 is also affected by the
> vulnerabilty.  All Macintosh users are encouraged to delete version 9 from
> their systems and install version 10 from the UVM software download site
> (
> Questions or problems with installation should be reported to the
> CIT Helpline ( or 6-2604).
> On Thu, 22 Dec 2005, Stefanie Ploof wrote:
>>This week a report was released that Symantec Antivirus Corporate Edition
>>10.x (PC), Symantec Norton Antivirus 9.x (Mac), and Symantec Norton
>>Antivirus for Exchange 2.x products are vulnerable to a library heap
>>overflow if Symantec AV scans .RAR files while they are being
>>decompressed, resulting in the potential for the Symantec Antivirus
>>product to be exploited by a malicious hacker who can take control of a
>>Symantec has not released a patch for this vulnerability.  In the meantime
>>I have changed the central Symantec servers to scan certain file types
>>rather than all file types in auto-protect mode.  The list of currently
>>auto-protected file types is the default list that Symantec provides, as
>>well as .ZIP files.  As would be assumed, .RAR files are not being scanned
>>via auto-protect at this time.  Please note that this change only affects
>>auto-protect scanning on PCs.  Macintosh Symantec/Norton Antivirus and
>>Symantec Norton Antivirus for Exchange are -not- protected by the central
>>servers, so Macintosh users and Exchange server administrators must either
>>choose to disable auto-protect via the Norton Antivirus options or choose
>>not to download and decompress .RAR files while the vulnerability still
>>More information about the vulnerability is available at:
>>A full list of affected products is available at:
>>When Symantec does release a patch the CIT Antivirus team will provide
>>further instruction or information.

Alison Pechenick, Lecturer
Department of Computer Science
College of Engineering & Mathematical Sciences
351 Votey Building
University of Vermont
Burlington, VT 05405