GroupShield problem flares up on Exchange

A flaw in Network Associates Inc.’s GroupShield antivirus product is causing problems for some users of Microsoft Corp.’s Exchange 2000 e-mail server, including server crashes, according to Vincent Gullotto, a vice-president at AVERT, Network Associates’ antivirus research group.

The problem affects organizations running the Exchange 2000 product with GroupShield version 5.2.

A flaw in the GroupShield product causes the Exchange information store to fail when e-mail messages are received with certain formatting characteristics in the e-mail “From” line, Gullotto said.

The problem causes the Exchange server to stop responding, resulting in a loss of e-mail service to Exchange users, according to those who encountered the problem.

“To the users it looks like a network problem. You can’t get your mail,” said Scott Martin, a system administrator at software company Modular Mining Systems Inc. in Tucson, Ariz.

Modular Mining Systems first encountered the problem on March 25, after using the GroupShield with Exchange 2000 for six months without incident, Martin said.

Network Associates said it discovered the problem after a report from a North American customer in January.

The company issued a patch in January named “Hotfix 2,” to repair the problem and updated its knowledge base with information about the problem at the time.

Customers who subscribe to a premium service that delivers product update information via e-mail received word of the problem at that time. Customers that do not subscribe to that list did not receive information about the Hotfix 2, but did have access to information on the problem from Network Associates’ knowledge base, Gullotto said.

Network Associates could not say how many of its GroupShield customers have downloaded and installed the patch since January or how many are still vulnerable.

A handful of GroupShield customers reported problems, including Exchange Server crashes, resulting from the flaw since January, with a couple more incidents in recent weeks, he said.

Unable to resolve their Exchange Server problems, Modular Mining Systems temporarily disabled GroupShield in order to be able to run Exchange, Martin said.

“We were running without antivirus for probably a day,” he said.

After online research pointed to a problem with the GroupShield product, the company contacted Network Associates on March 27. Support technicians there appeared to be familiar with the problem and sent the company the patch, Martin said.

Modular Mining Systems did not receive any information from Network Associates about the problem or the existence of Hotfix 2 prior to that, he said.

Network Associates is not sure why the problem is suddenly flaring up on unpatched systems in recent weeks, according to Gullotto.

One possibility is that spam e-mail is circulating that contains the formatting characteristics that trigger the GroupShield flaw, he said.

Despite the small number of occurrences, the Santa Clara, Calif., is strongly urging GroupShield customers to apply Hotfix 2 to affected systems.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous article
Next article

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now