SUNNYVALE, Calif., April 12 /PRNewswire-FirstCall/ -- SonicWALL, Inc. (NASDAQ: SNWL) today issued a Gateway Anti-Virus signature for users of its Internet threat prevention technology to enable day zero protection from a vulnerability in Clam AntiVirus (ClamAV). The vulnerability in the widely used ClamAV open source gateway and client anti-virus software could lead to unauthorized hackers taking control of a user's system. SonicWALL uses proprietary gateway anti-virus, which is not affected by this vulnerability.
"The vulnerability could potentially be used to crash or even possibly reconfigure a device using ClamAV," said Boris Yanovsky, vice president of services engineering at SonicWALL. "A hacker could send an e-mail with an attachment to a vulnerable appliance and, when the appliance checks the attachment for viruses, the executable would instead completely take over the appliance."
The Clam AntiVirus Win32-UPX Heap Overflow vulnerability is due to a heap overflow error in "libclamav/upx.c" when scanning malformed UPX-packed executables. This could be exploited by an unauthenticated remote attacker to execute arbitrary commands or crash an affected application by sending an e- mail containing a specially crafted UPX file to a system running ClamAV.
SonicWALL has deployed a signature for its Unified Threat Management (UTM) devices that blocks potential ClamAV Heap Overflow exploits at the gateway. SonicWALL, named leader in unit share and factory revenues for security appliances worldwide for the fourth consecutive quarter, according to IDC's Worldwide Q4 Security Appliance Tracker(1), delivers zero day gateway anti- virus and intrusion prevention signatures to its subscribers on a continual basis, to defend against new and existing Internet attacks and exploit.
Customers with a current subscription to SonicWALL's gateway threat prevention services are not affected by this vulnerability. Further information on Clam AntiVirus Win32-UPX Heap Overflow is available at http://software.sonicwall.com/applications/ips/index.asp?ev=sig&sigid=3166
About SonicWALL, Inc.
Founded in 1991, SonicWALL, Inc. designs, develops and manufactures comprehensive network security, email security, secure remote access, and continuous data protection solutions. Offering both appliance-based products as well as value-added subscription services, SonicWALL's comprehensive solutions enable organizations to secure deep protection without compromising network performance. For more information, contact SonicWALL at +1 (408) 745-9600 or visit the company web site at http://www.sonicwall.com/.
Safe Harbor Regarding Forward-Looking Statements
Certain statements in this press release are "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. The forward-looking statements include but are not limited to statements regarding our ability to protect users from the Clam AntiVirus (ClamAV) Win32- UPX Heap Overflow vulnerability and our ability to launch day zero gateway anti-virus threat prevention to users to defend against attacks. These forward-looking statements are based on the opinions and estimates of management at the time the statements are made and are subject to certain risks and uncertainties that could cause actual results to differ materially from those anticipated in the forward-looking statements.. In addition, please see the "Risk Factors" described in our Securities and Exchange Commission filings, including our Annual Report on Form 10-K for the year ended December 31, 2005, for a more detailed description of the risks facing our business. All forward-looking statements included in this release are based upon information available to SonicWALL as of the date of the release, and we assume no obligation to update any such forward-looking statement. All forward-looking statements included in this release are based upon information available to SonicWALL as of the date of the release, and we assume no obligation to update any such forward-looking statement.
NOTE: SonicWALL is a registered trademark of SonicWALL, Inc. Other product and company names mentioned herein may be trademarks and/or registered trademarks of their respective companies.
(1) "Source: IDC WW Quarterly Security Appliance Tracker, Q4, March 2006"
SOURCE: SonicWALL, Inc.
CONTACT: Mary McEvoy of SonicWALL, Inc., +1-408-962-7110 or
mmcevoy@sonicwall.com
Web site: http://www.sonicwall.com/
