Secunia

Some weaknesses have been reported in various CA products, which can be exploited by malware to bypass the scanning functionality.

The weaknesses are caused due to errors in the handling of various archive file formats within the Arclib Archive Library ("arclib"), which can be exploited to bypass the anti-virus scanning functionality via specially crafted archive files.

The weaknesses are reported in the following products and versions:
* CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1, r8, r8.1
* CA Anti-Virus 2007 (v8), 2008
* eTrust EZ Antivirus r7, r6.1
* CA Internet Security Suite 2007 (v3), 2008
* CA Internet Security Suite Plus 2008
* CA Threat Manager for the Enterprise (formerly eTrust Integrated Threat Management) r8, 8.1
* CA Anti-Virus Gateway (formerly eTrust Antivirus Gateway) 7.1
* CA Protection Suites r2, r3, r3.1
* CA Secure Content Manager (formerly eTrust Secure Content Manager) 8.0, 8.1
* CA Anti-Spyware for the Enterprise (Formerly eTrust PestPatrol) r8, 8.1
* CA Anti-Spyware 2007, 2008
* CA Network and Systems Management (NSM) (formerly Unicenter Network and Systems Management) r3.0, r3.1, r11, r11.1
* CA ARCserve Backup r11.1, r11.5, r12 on Windows
* CA ARCserve Backup r11.1, r11.5 Linux
* CA ARCserve client agent for Windows
* CA eTrust Intrusion Detection 2.0 SP1, 3.0, 3.0 SP1, 4.0
* CA Common Services (CCS) r11, r11.1
* CA Anti-Virus SDK (formerly eTrust Anti-Virus SDK)

Solution
The vendor has released arclib version 7.3.0.15 in September 2008, which has been deployed via automatic updates (please see the vendor advisory for details).
Further details available in Customer Area

Provided and/or discovered by
The vendor credits Thierry Zoller and Sergio Alvarez of n.runs AG.

Changelog
Further details available in Customer Area

Original Advisory
CA (CA20090126-01):
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197601

Deep Links
Links available in Customer Area