Make sure the service itself is set to login as system and not administrator. Other than that, the system account should be able to read it. ----- Original Message ----- From: "BoneMachine" <bonemachat_private> To: <vuln-devat_private> Sent: Wednesday, July 10, 2002 4:47 AM Subject: Norton antivirus fails to scan files > I have a problem with NAV corporate edition 7.6. When a file has no Administrator read privileges assigned on a Windows 2000 or Windows NT host, NAV fails to scan the file for viruses. > This is a bit odd because the NAV client runs with system privileges and according to my NT knowledge this should be enough to read those files. > > I've searched on the Symantec knowledge base and all I found was this: > Error: "Application Log is Full" upon startup of Norton AntiVirus Corporate Edition > http://service1.symantec.com/SUPPORT/ent-security.nsf/552ba2f7636bedf0882568 18006f78bf/304b3eb399b43ab588256a780056e5d7? > > I have also used the webform to post this issue to symantec about two months ago, but I had no response > > Also it is not possible to use an other account than administrator as the 'scan' account. So it is impossible to protect documents from accidental access by removing administrator privileges from a file (yes, I know that administrators can add themselfs to the ACL of a file, but that does require an extra action thus excluding accidental access) > > My thoughts are that there are two vulnerabilities to this behavior of NAV > 1. A virus can protect itself from being scanned by removing administrator read privileges from itself and its copies. > 2. The administrator needs read privileges on all files, files therefore cannot be protected from accidental access by administrators. > > Does anyone have the same experience ? > Does anyone know of a virus that uses this technique to hide ? > > greetings > Bone Machine > > -- > > "Hey! been trying to meet you" - The Pixies > > --
This archive was generated by hypermail 2b30 : Wed Jul 10 2002 - 13:59:10 PDT