Once again, a security software vendor is warning users of flaws that could make their products vulnerable to precisely the attacks they are intended to protect against. F-Secure's Anti-Virus for MIMEsweeper requires fixes to close a gap that could allow infection by at least one worm.
F-Secure, maker of a variety of virus protection and intrusion prevention products, has announced a vulnerability caused by an unspecified error in its Anti-Virus for MIMEsweeper product. MIMEsweeper is a content security product for e-mail and the Web. The vulnerability allows the Sober-D worm to bypass the usual e-mail antivirus security monitoring and infect computers. This worm travels in e-mail attached .zip files.
Versions 5.41 and 5.42 of Anti-Virus for MIMEsweeper are vulnerable on all supported platforms. F-Secure has a fix for users.
Recently, other security software vendors, including Internet Security Systems and Symantec, have also reported flaws that render certain products vulnerable to attack.