This indicates a possible exploit of a denial of service vulnerability in Sophos Anti-Virus.
The issue exists due to the failure of the software to adequately sanitize 'Extra field length' values contained in BZip2 archives. Ultimately this vulnerability may be exploited to conduct a denial of proper service for legitimate users.
Attackers may leverage this issue to prevent the software from completing file scans, for files received subsequent to an attack. This may allow the attacker to bypass Anti-Virus scans.
Sophos Small Business Suite 1.0
Sophos PureMessage Anti-Virus 4.6
Sophos MailMonitor for SMTP 2.1
Sophos MailMonitor for SMTP 2.0
Sophos MailMonitor for Notes/Domino
Sophos Anti-Virus 5.0.1
Sophos Anti-Virus 3.91
Sophos Anti-Virus 3.90
Sophos Anti-Virus 3.86
Sophos Anti-Virus 3.85
Sophos Anti-Virus 3.84
Sophos Anti-Virus 3.83
Sophos Anti-Virus 3.82
Sophos Anti-Virus 3.81
Sophos Anti-Virus 3.80
Sophos Anti-Virus 3.79
Sophos Anti-Virus 3.78 d
Sophos Anti-Virus 3.78
Sophos Anti-Virus 3.4.6
Denial of service, system compromise.
Apply the appropriate update for your system, available from the Sophos Technical Support Web page.