"FRISK Software produces the hugely popular F-Prot Antivirus products range offering unrivaled neural network and heuristic detection capabilities."
F-Prot Antivirus does not recognize ZIP header with length bigger the 15, allowing viruses to bypass the virus scanning techniques used by the product.
Vulnerable Systems:
* F-Prot Antivirus for Windows
* F-Prot Antivirus for Microsoft Exchange
* F-Prot Antivirus for Linux x86 / BSD x86
* F-Prot Antivirus for AIX
* F-Prot Antivirus for DOS
* F-Prot Antivirus for Solaris SPARC / Solaris x86
* F-Prot Antivirus for AIX
The F-prot engines fails to decompress ZIP files that have a version header greater then 15. The consequence is that the F-prot Engine is unable to scan the virus/malware inside and consequently flags it as harmless. If used as an Email Gateway solution the offending Emails will slip through.
Local ZIP file header:
Local file header signature 4 bytes (0x04034b50) version needed to extract 2 bytes.
In this example byte 4 has the version header value 15. F-Prot fails to decompress the ZIP files with a version header greater then 15.
Vendor Response:
"Thank you very much for notifying us of this bug in the current version of F-Prot Antivirus. A fix for this bug will be included in future versions of F-Prot Antivirus."
