CVE-2005-3382

Name of the Vulnerable Software and Affected Versions Sophos version 3.91 with engine 2.28.4

Description The issue allows remote attackers to bypass virus scanning by manipulating files with specific magic byte sequences, such as the "MZ" sequence normally associated with EXE files, but also present in files like BAT, HTML, and EML. This manipulation can cause the file to be treated as a safe type, even though it could still be executed as a dangerous file type by applications on the end system. An example of this exploit is a "triple headed" program containing EXE, EML, and HTML content.

Recommendations For Sophos version 3.91 with engine 2.28.4, consider updating the engine to a version that does not contain this issue, or apply any available patches to resolve the multiple interpretation error. As a temporary workaround, consider enhancing the virus scanning configuration to inspect files more thoroughly, regardless of their apparent file type.