A weakness has been reported in various Sophos products, which can be exploited by malware to bypass the scanning functionality.
The weakness is caused due to an error within the handling of CAB file archives, which can be exploited to bypass the anti-virus scanning functionality via specially crafted archive files.
The weakness is reported in the following products and versions:
* Sophos Anti-Virus for Windows 2000+ (version 7.6.7 and earlier)
* Sophos Anti-Virus for Windows NT/95/98 (version 4.7.22 and earlier)
* Sophos Anti-Virus for OS X (version 4.9.22/7.01 and earlier)
* Sophos Anti-Virus for UNIX (versions 7.0.9 and earlier/4.41.9 and earlier)
* Sophos Anti-Virus for Linux (version 6.6.2 and earlier)
* Sophos Anti-Virus for Netware (version 4.41.9 and earlier)
* Sophos Email Appliance (version 220.127.116.11 and earlier)
* Sophos Web Appliance (version 2.1.18 and earlier)
* PureMessage for UNIX (version 5.5.4 and earlier)
Solution: Update to the latest versions or update the virus engine to version 2.87.1 or later.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org