Date: Thu, 14 Nov 2002 13:35:49 -0500 From: madodelatptdprolog.net Subject: [VOICENWS] SW: IBM acknowledges virus infection in TCP/IP fixes From: Alan Beagley IBM has acknowledged virus infections in the original releases of TCP/IP fix packs UN02206.ZIP and UNG2206.ZIP: http://ps.software.ibm.com/pbin-usa-ps/getobj.pl?/pdocs-usa/fixnews.ht ml#vir1 -=- Alan "We have been investigating a potential problem regarding the content of two TCP/IP FixPaks for OS/2. The packages affected are FixPak's UN02206 and UNG2206 downloaded prior to 10/16/2002. You may detect the following virus when you run a virus detection program against these earlier versions of UNx2206: W32.Nimda.enc. The two files that may contain embedded eml files and sample.exe are DADMRES.JAR and DDNSSGUI.JAR. This only affects UN02206 and UNG2206. Due to the compressed nature of these files within the JAR files, this presents little, if any, danger of possible infection to any system, much less an OS/2 system. Because the offending files are compressed in the JAR file and are built on the Win-32 platform, there is no chance that the virus would spread to an OS/2 based system. The virus could conceivably be transmitted if an explicit attempt was made to manually unpack the JAR files and run the component executables on a Win-32 system. We immediately removed the UNx2206 TCP/IP 4.3x FixPaks from availability on 10/16/2002 as a precaution when we detected a potential problem with two JAR files. While these builds were scanned for viruses immediately prior to release, the OS/2 version of the scanning utility was not capable of recognizing virus signatures in certain compressed files, such as JAR files. We have replaced the software to correct that problem. The system used to build these FixPaks has been cleaned and corrupted JAR files have been deleted. There is an ongoing research to determine where in the build process these files were packaged into the JAR files; they are not part of our nominal build process. We have rebuilt the FixPak and replaced the problem JAR files. The new version of UN02206 for US English was uploaded on 10/25/2002. The German version of UNx2206 will be available before the end of November. You must remove any versions of UNx2206 downloaded before 10/16/2002 before installing the updated package available on Software Choice. " -- To unsubscribe yourself from this list, send the following message to majormajoratos2voice.org unsubscribe news end If you have an announcement you would like posted to the VOICE News list, please send it to submitatos2voice.org. Please include a valid reply address and a real contact name. If you wish to comment on this post, please reply to feedbackatos2voice.org