[17851] in bugtraq
Re: TrendMicro InterScan VirusWall shared folder problem
daemon@ATHENA.MIT.EDU (Michael W. Shaffer)
Thu Nov 30 14:49:50 2000
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.30.0011291219080.1989-100000@typhoid.labs.agilent.com>
Date: Wed, 29 Nov 2000 12:27:08 -0800
Reply-To: "Michael W. Shaffer" <shaffer@LABS.AGILENT.COM>
From: "Michael W. Shaffer" <shaffer@LABS.AGILENT.COM>
X-To: "Paladino, Scott" <scott.paladino@eds.com>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <7FD257BF8564D4119DA800508BDF07AA42179E@usahm012.exmi01.exch.eds.com>
On Wed, 29 Nov 2000, Paladino, Scott wrote:
> I concur with your findings. We are working with Trend as well. It seems to
> us that the System account might need this level of access, and the active
> update feature would need permissions as needed with a specific ID.
> Otherwise, we do not see the need for that access level.
> We are not using the SMTP product - we are using the MAPI product.
>
> Regards,
> Scott Paladino
Our Exchange administrator (Fintan) also reminded me that this
adjustment is presumably to allow the management console application
used for updating multiple ISVW servers to function. My analysis so
far is that the update process of the management console is just
overwriting the executable and pattern files through normal access
to the file share. For this to be possible, only the effective user
id of the management console process needs access to this share. If
a domain administrator normally runs the management application, then
it would seem that 'Administrators - Full Control' would suffice for
this. Although we do not use the management console at our site, our
corporate level IT messaging team does, and I think that Fintan said
they have no problems with 'Admin - Full Control'.
--
Michael W. Shaffer email: shaffer@labs.agilent.com
Research Computing Services phone: +1 650.485.2955
Agilent Laboratories, Palo Alto fax: +1 650.485.5568
