=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN285
_____________________________________________________________________

DATE                      : 10/07/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running on Sophos Email Appliance,
                             Unix/Linux running Sophos Pure Message,
                                   Sophos Anti-Virus Interface.

======================================================================
http://www.sophos.com/support/knowledgebase/article/42245.html
______________________________________________________________________

Advisory: Unexpected terminations of selected Sophos products by
zero-byte MIME attachments


Issue

Sophos has identified an issue within selected Sophos products which
incorporate the July update (4.31 virus data and 2.75 engine) which can
cause unexpected terminations when scanning specific MIME attachments of
zero-byte length.

A fix has been included in the latest virus identity file, no further
action is required by customers.


Sophos products affected

Sophos Email Appliance
Pure Message for Unix
Sophos Anti-Virus Interface (SAVI)

Only Linux/Unix installations appear to have been affected.

Sophos Email Appliance and Pure Message for Unix were automatically
rolled back to the 4.30 virus data/2.74 engine.  No further action is
required by customers with these products.

The SAVI issue is being fixed through the release of virus data and
therefore no further action is required by customers.

The underlying issue within the virus detection engine itself will be
fixed at the earliest opportunity and released during a standard monthly
update.

MIME attachments of the type specified will be added to the Sophos test
collection so that such an incident does not re-occur.

If you need more information or guidance, then please contact technical
support.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================