virus logo Intrusion Prevention

Sophos.Anti-Virus.Reserved.Device.Name.Handling.SMTP

description-logoDescription

It indicates a possible exploit of reserved MS-DOS name virus scan evasion vulnerability in Sophos Anti-Virus.
This issue is due to a design error that allows certain files to avoid being scanned. An attacker may leverage this issue to bypass the scanner protection provided by the vulnerable anti-virus scanner, giving users a false sense of security. It is reported that this issue can be leveraged to bypass both file system and email virus scanners, allowing this issue to be exploited remotely.

affected-products-logoAffected Products

Sophos Small Business Suite 1.0
Sophos Anti-Virus 3.85
Sophos Anti-Virus 3.84
Sophos Anti-Virus 3.83
Sophos Anti-Virus 3.82
Sophos Anti-Virus 3.81
Sophos Anti-Virus 3.80
Sophos Anti-Virus 3.79
Sophos Anti-Virus 3.78 d
Sophos Anti-Virus 3.78

Impact logoImpact

Avoid virus scan

recomended-action-logoRecommended Actions

Ensure that no directories or files using reserved MS-DOS device names are in use.
http://support.microsoft.com/default.aspx?scid=kb;en-us;103168

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 13497
Created Oct 19, 2006
Updated Nov 09, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2004-0552
Exploit Prediction Score 84.26%
Default Action drop
Active
Affected OS Windows, Linux, Solaris
Affected App Other