Bugtraq mailing list archives
Responding to BugTraq ID 2014 - "Trend Micro InterScan VirusWall Shared Directory Vulnerability"
From: "Richard Sheng (PM-US)" <Richard_Sheng () TRENDMICRO COM>
Date: Fri, 1 Dec 2000 15:58:02 -0800
Hello, This is to respond to BugTraq ID: 2014, "Trend Micro InterScan VirusWall Shared Directory Vulnerability", posted on SecurityFocus.com on November 28, 2000. Overview: Trend Micro has acknowledged that during installation, by default, InterScan VirusWall for Windows NT creates "Intscan" share to the "\InterScan" directory, and assigns the 'Everyone' group with 'Full Control' permission to the "Intscan" share. The purpose was to enable and faciliate InterScan plug-in, eManager, to access and process files in the InterScan directory. This had already been documented in the InterScan VirusWall Read Me: Product Notes ==================================================================== 1. During installation, InterScan creates and shares certain directories for access by the optional eManager (e-mail content filter) plug-in. By default, these shares are accessible to all domain members. However, you can restrict access to only specific accounts, or remove them altogether if eManager will not be installed. Workaround: To tighten security of the InterScan directory following its installation, please the follow the instructions below. If you're not using Trend eManager with InterScan NT, you may remove the "Intscan" share completely. If you're using Trend eManager with InterScan NT , you may remove the "Everyone" group from the "Intscan" share, but make sure you do assign a restricted account with Full Control permission to the "Intscan" share, and provide this account credential to the eManager service. This will allow eManager service to log using this restricted account, and have access to the "Intscan" share. An example is to setup "Intscan" share to allow Domain Administrator with Full Control, and then setting up eManager service to startup using the Domain Administrator credential. Trend Online Knowledge Base also contains information related to this topic. http://solutionbank.antivirus.com/solutions/solutionDetail.asp?solutionID=71 23 http://solutionbank.antivirus.com/solutions/solutionDetail.asp?solutionID=41 93 Solution: Trend Micro is currently incorporating changes to its next version of InterScan VirusWall for NT, which will address this shared directory issue. Users will be prompted with an option to share the InterScan directory if they plan to install the eManager module. Best Regards, Richard Sheng Product Manager Trend Micro, Inc. tel: 408-863-6353 fax: 408-257-1500
Current thread:
- Responding to BugTraq ID 2014 - "Trend Micro InterScan VirusWall Shared Directory Vulnerability" Richard Sheng (PM-US) (Dec 05)
- Re: Responding to BugTraq ID 2014 - "Trend Micro InterScan VirusWall Shared Directory Vulnerability" Michael W. Shaffer (Dec 06)