Bugtraq mailing list archives

Responding to BugTraq ID 2014 - "Trend Micro InterScan VirusWall Shared Directory Vulnerability"

From: "Richard Sheng (PM-US)" <Richard_Sheng () TRENDMICRO COM>
Date: Fri, 1 Dec 2000 15:58:02 -0800

Hello,

This is to respond to BugTraq ID: 2014, "Trend Micro InterScan VirusWall
Shared Directory Vulnerability", posted on SecurityFocus.com on November 28,
2000.

Overview:
Trend Micro has acknowledged that during installation, by default, InterScan
VirusWall for Windows NT creates "Intscan" share to the "\InterScan"
directory, and assigns the 'Everyone' group with 'Full Control' permission
to the "Intscan" share. The purpose was to enable and faciliate InterScan
plug-in, eManager, to access and process files in the InterScan directory.

This had already been documented in the InterScan VirusWall Read Me:

        Product Notes
        ====================================================================
        1. During installation, InterScan creates and shares certain
directories
           for access by the optional eManager (e-mail content filter)
plug-in.
           By default, these shares are accessible to all domain members.
           However, you can restrict access to only specific accounts, or
remove
           them altogether if eManager will not be installed.

Workaround:
To tighten security of the InterScan directory following its installation,
please the follow the instructions below.

If you're not using Trend eManager with InterScan NT, you may remove the
"Intscan" share completely.

If you're using Trend eManager with InterScan NT , you may remove the
"Everyone" group from the "Intscan" share, but make sure you do assign a
restricted account with Full Control permission to the "Intscan" share, and
provide this account credential to the eManager service. This will allow
eManager service to log using this restricted account, and have access to
the "Intscan" share. An example is to setup "Intscan" share to allow Domain
Administrator with Full Control, and then setting up eManager service to
startup using the Domain Administrator credential.

Trend Online Knowledge Base also contains information related to this topic.


        
http://solutionbank.antivirus.com/solutions/solutionDetail.asp?solutionID=71
23

        
http://solutionbank.antivirus.com/solutions/solutionDetail.asp?solutionID=41
93


Solution:
Trend Micro is currently incorporating changes to its next version of
InterScan VirusWall for NT, which will address this shared directory issue.
Users will be prompted with an option to share the InterScan directory if
they plan to install the eManager module.

Best Regards,

Richard Sheng
Product Manager
Trend Micro, Inc.
tel: 408-863-6353
fax: 408-257-1500

Current thread:

Responding to BugTraq ID 2014 - "Trend Micro InterScan VirusWall Shared Directory Vulnerability" Richard Sheng (PM-US) (Dec 05)
- Re: Responding to BugTraq ID 2014 - "Trend Micro InterScan VirusWall Shared Directory Vulnerability" Michael W. Shaffer (Dec 06)