Vulnerability Development mailing list archives

Re: Norton antivirus fails to scan files

From: "Kenneth Duran" <KDURAN () pn usbr gov>
Date: Wed, 10 Jul 2002 14:20:36 -0600

Actually the problem with the Application Log is Full is a known problem with the Performance Library.  There is a 
registry entry that you can import from Symantec which will take care of it.  This is true through NAV CE v 7.5x.

I have had problems with the installation and certain services have not been completely installed.  have you checked to 
ensure all four services (NAVAP, NAVAPEL,NAVENG and NAVEX15) under HKLM\System\CurentControlSet\Enum\Root sometimes 
these do not get setup initially.  It the setup fails the first time then there is not any easy way to manually get it 
to work and even a re-install will not work.

Kenneth M. Duran
PN Network Security Manager
kduran () pn usbr gov
(208)-378-5146

BoneMachine <bonemach () sdf lonestar org> 07/10/02 05:47AM >>>

I have a problem with NAV corporate edition 7.6. When a file has no Administrator read privileges assigned on a Windows
2000 or Windows NT host, NAV fails to scan the file for viruses.
This is a bit odd because the NAV client runs with system privileges and according to my NT knowledge this should be
enough to read those files.

I've searched on the Symantec knowledge base and all I found was this:
Error: "Application Log is Full" upon startup of Norton AntiVirus Corporate Edition
http://service1.symantec.com/SUPPORT/ent-security.nsf/552ba2f7636bedf088256818006f78bf/304b3eb399b43ab588256a780056e5d7?

I have also used the webform to post this issue to symantec about two months ago, but I had no response

Also it is not possible to use an other account than administrator as the 'scan' account. So it is impossible to
protect documents from accidental access by removing administrator privileges from a file (yes, I know that
administrators can add themselfs to the ACL of a file, but that does require an extra action thus excluding accidental
access)

My thoughts are that there are two vulnerabilities to this behavior of NAV
1. A virus can protect itself from being scanned by removing administrator read privileges from itself and its copies.
2. The administrator needs read privileges on all files, files therefore cannot be protected from accidental access by
administrators.

Does anyone have the same experience ?
Does anyone know of a virus that uses this technique to hide ?

greetings
Bone Machine

"Hey! been trying to meet you" - The Pixies

Attachment: Kenneth Duran.vcf
Description:

Current thread:

Norton antivirus fails to scan files BoneMachine (Jul 10)
- Re: Norton antivirus fails to scan files Remington Winters (Jul 10)
- <Possible follow-ups>
- Re: Norton antivirus fails to scan files Kenneth Duran (Jul 10)
- Re: Norton antivirus fails to scan files garberoa (Jul 10)
  - Re: Norton antivirus fails to scan files BoneMachine (Jul 11)
- RE: Norton antivirus fails to scan files garberoa (Jul 11)