[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Multiple Vulnerabilities in iAntiVirus

Multiple Vulnerabilities in iAntiVirus

PC Tools iAntiVirus for Mac OS X

Tested version
1.35, Engine Version

tested on german Mac OS X 10.5 with following preferences:
- Scan inside archives ON
- Scan mode NORMAL
- Heuristics NORMAL

1. No scan in .sit- and .dmg-archives

   The scan-function and the online-scanner OnGuard doesn't
   scan .sit- and .dmg-archives.

   It's possible to download malware from the internet or
   to copy it from an usb-stick without interruption from
   Malware in .sit-archives is recognized by OnGuard during
   manuel decompression, but malware in .dmg-diskimages is
   only recognized during a manual scan of the mounted image.
   It's possible to run malware from the mounted diskimage
   (tested with MacSmurf, which iAntiVirus recognizes as

2. Problems with special chars in filenames

   The scanner, OnGuard and the quarantine-management are
   unable to work with files with several special chars in
   it, for example ?, which is transformed to Æ.

   False-positives are lost, since it's impossible to restore
   them. Perhaps it's possible to evade the virus-protection.

3. No user-restrictions in the quarantine-management

   All quarantined files are managed in the same area. Every
   user can restore the files of every other user, included
   the admin

   A normal user can restore quarantined malware in other
   accounts, tested with the iWorks-Trojan, which was
   installed by the admin and restored by a normal user.
   Additional, the history-function contains no information
   about the user which performs an action and can erased by
   every user.

4. OnGuard does only protect one user (or perhaps a few more)
   If OnGuard is on and another user logs in, it seems as if
   OnGuard is off. If he copies some malware on the system,
   this disappears without any warning: OnGuard is active and
   moves the files in the quarantine, but doesn't inform the
   user about this. If the first user is an admin, this seems
   to work for every normal user. If the first user is a normal
   user, it sometimes works for the admin as second user, but
   not every time.

5. Ignorance of file-permissions

   Every normal user can start a "normal scan", which includes
   the system-, library- an program-folders and the folders of
   every user.


Carsten Eilers

Original advisory
(also as german version)

  Carsten Eilers