{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"ArcaBit ArcaVir","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Dr.Web","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Kaspersky Labs (tous produits)","product":{"name":"N/A","vendor":{"name":"Kaspersky","scada":false}}},{"description":"Ikarus","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Symantec Norton Antivirus","product":{"name":"N/A","vendor":{"name":"Symantec","scada":false}}},{"description":"Eset Software NOD32 Antivirus","product":{"name":"NOD32 Antivirus","vendor":{"name":"ESET","scada":false}}},{"description":"AVG AVG Anti-Virus","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Computer Associates eTrust EZ Antivirus","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Ukrainian Antiviral Center Ukrainian National Antivirus","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"McAfee VirusScan","product":{"name":"N/A","vendor":{"name":"McAfee","scada":false}}},{"description":"Norman Virus Control","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Cat Computer Services Quick Heal Antivirus","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Softwin BitDefender","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"H+BEDV AntiVir","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Sophos Anti-Virus","product":{"name":"N/A","vendor":{"name":"Sophos","scada":false}}},{"description":"Panda Antivirus","product":{"name":"N/A","vendor":{"name":"Symantec","scada":false}}},{"description":"F-Secure Anti-Virus","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"VirusBlokAda VBA32","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Clam Anti-Virus ClamAV","product":{"name":"N/A","vendor":{"name":"ClamAV","scada":false}}},{"description":"Avast! Antivirus","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Hacksoft TheHacker","product":{"name":"N/A","vendor":{"name":"Symantec","scada":false}}},{"description":"Fortinet Antivirus","product":{"name":"N/A","vendor":{"name":"Fortinet","scada":false}}},{"description":"Computer Associates Vet Antivirus","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Panda ActiveScan","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"closed_at":"2005-10-11","content":"## Description\n\nLa plupart des antivirus du march\u00e9 sont vuln\u00e9rables \u00e0 un contournement\nde politique de s\u00e9curit\u00e9.\n\nEn effet, il est possible gr\u00e2ce \u00e0 un fichier archive malicieusement\nconstruit, de passer outre le syst\u00e8me de filtrage de l'antivirus. Ainsi,\nun virus contenu dans ce fichier archive sera achemin\u00e9 vers son\ndestinataire sans traitement pr\u00e9alable par une passerelle antivirus.\n\n  \n\nUne fois arriv\u00e9 sur le poste utilisateur, le fichier virus contenu dans\nl'archive doit \u00eatre extrait puis ex\u00e9cut\u00e9 par l'utilisateur pour\ncorrompre la machine.\n\n## Contournement provisoire\n\nTant que le virus n'est pas extrait de l'archive sur le poste client\ncible, aucun code malveillant n'est ex\u00e9cut\u00e9. Il convient donc de\nrespecter les r\u00e8gles de comportement \u00e9l\u00e9mentaires d'utilisation de la\nmessagerie, rappel\u00e9s ci-dessous :\n\n-   mettre \u00e0 jour son antivirus ;\n-   ne pas ouvrir les mails \u00e0 caract\u00e8re douteux ;\n-   ne jamais ouvrir les fichiers archives en cas de doute sur leur\n    provenance ;\n-   v\u00e9rifier syst\u00e9matiquement le contenu extrait des archives ;\n-   Dans le cadre de la d\u00e9fense en profondeur, privil\u00e9gier\n    syst\u00e9matiquement l'emploi d'un antivirus sur la passerelle de\n    messagerie associ\u00e9 \u00e0 un antivirus diff\u00e9rent sur les postes de\n    travail.\n\n## Solution\n\nAucune solution n'a \u00e9t\u00e9 communiqu\u00e9e pour l'instant par les \u00e9diteurs\nd'antivirus.\n","cves":[],"links":[{"title":"Bulletin de Security Focus :","url":"http://www.securityfocus.com/bid/15046"},{"title":"M\u00e9mento du CERTA sur les virus : CERTA-2005-MEM-001","url":"http://www.certa.ssi.gouv.fr/site/CERTA-2005-MEM-001.pdf"}],"reference":"CERTA-2005-ALE-014","revisions":[{"description":"version initiale.","revision_date":"2005-10-11T00:00:00.000000"}],"risks":[{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Contournement du syst\u00e8me de filtrage de l'antivirus"}],"summary":"Une vuln\u00e9rabilit\u00e9 dans le traitement des archives affecte la\nquasi-totalit\u00e9 des antivirus du march\u00e9. Ainsi, les antivirus ne peuvent\nrep\u00e9rer un virus ins\u00e9r\u00e9 dans une archive malicieusement construite.\n","title":"Vuln\u00e9rabilit\u00e9 d'un grand nombre d'antivirus","vendor_advisories":[{"published_at":null,"title":"Bulletin de \"Security Focus\"","url":null}]}