************************************************************************** Security Bulletin 9407 DISA Defense Communications System February 22, 1994 Published by: DDN Security Coordination Center (SCC@NIC.DDN.MIL) 1-(800) 365-3642 DEFENSE DATA NETWORK SECURITY BULLETIN The DDN SECURITY BULLETIN is distributed by the DDN SCC (Security Coordination Center) under DISA contract as a means of communicating information on network and host security exposures, fixes, and concerns to security and management personnel at DDN facilities. Back issues may be obtained via FTP (or Kermit) from NIC.DDN.MIL [192.112.36.5] using login="anonymous" and password="guest". The bulletin pathname is scc/ddn-security-yynn (where "yy" is the year the bulletin is issued and "nn" is a bulletin number, e.g. scc/ddn-security-9302). ************************************************************************** + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + ! ! ! The following important advisory was issued by the Automated ! ! Systems Security Incident Support Team (ASSIST) and is being ! ! relayed unedited via the Defense Information Systems Agency's ! ! Security Coordination Center distribution system as a means ! ! of providing DDN subscribers with useful security information. ! ! ! + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Automated Systems Security Incident Support Team ______ ___ ___ _____ ___ _____ | / /\ / \ / \ | / \ | | / Integritas / \ \___ \___ | \___ | | < et /____\ \ \ | \ | | \ Celeritas / \ \___/ \___/ __|__ \___/ | |_____\ <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Bulletin 94-04 Release date: 17 February 1994, 10:25 PM EST Retransmitted: 18 February 1994, 10:30 PM EST Subject: IBM Antivirus Release 1.04 available for Use by DoD personnel, first update issued 10 Jan 94. The IBM Antivirus products that have been licensed for use by all DoD personnel are now available from ASSIST. ASSIST would like to express it's gratitude to the Air Force Intelligence Agency, and the Naval Electronic Systems Security Engineering Center, for their efforts in acquiring this product. The product has been licensed for use by all DoD personnel including uniformed and civilian employees, on any U.S. Government owned machine. The license was procured by the Air Force with funding support from the Navy, through contract F4162193M5687, and is valid through FY 94 (30 Sept 1994). Information about product licensing for the period after the current expiration date will be announced when arrangements are finalized. The software is available from ASSIST to DoD personnel who request the software and provide proof of DoD affiliation (i.e. a DSN call back number or other means of confirmation). After the person making the request is verified as being an employee of DoD, the program files can be obtained in the following ways: * Download from the ASSIST bbs * Download from the ASSIST ftp server via Milnet (connection to assist.ims.disa.mil allowed from Milnet addresses registered with the NIC or local DNS only). * Limited distribution provided on diskettes from ASSIST to sites that do not have the capability to electronically download the files * On Air Force and Navy "Computer Security Toolkit for DOS Systems" diskettes (ASSIST will provide information about how to obtain these toolkits from the services) IBM Antivirus Version 1.04 (released Dec 1993) will install on the following systems: * DOS 3.3 and above * DOS Windows 3.0 and above * DOS networks * OS/2 Version 1.3 and above * OS/2 networks * Novell Netware * Program files that will fit on low capacity floppy diskettes (4 360K diskettes, 2 720K diskettes) are also available to facilitate installation of the software on older PCs The current version of the product provides significant enhancements to previous versions, in addition to having functions not contained in earlier releases. IBM Antivirus performs the following services: * Scans for boot sector and file infector viruses (including polymorphic) * Removes viruses from infected systems * Administrator's interface (not available in previous versions) * Utilities that will deinstall the old versions of the product, and install the current version (not available in previous versions) * Utilities that will install the program on network platforms (not available in previous versions) * IBM will issue updates to IBM AV 1.04 on a regular basis to maintain the scanner's ability to detect new viruses. IMPORTANT: The first update was issued on 10 Jan 1994, and is available on the ASSIST BBS and ftp systems in file av104f.exe. av104f.exe is a self extracting file that will expand into the virus signature, README, and several other update files that replace the previous versions of these files. See the README file included in the update for more information. ANYONE USING IBM AV 1.04 MUST OBTAIN AND INSTALL ALL UPDATES ASAP TO ENSURE THE PROGRAM'S FULL CAPABILITY TO DETECT NEW AND EVOLVING VIRUSES IS MAINTAINED. ASSIST will help DoD sites resolve configuration or installation problems. ASSIST is an element of the Defense Information Systems Agency (DISA), Center for Information Systems Security (CISS), that provides service to the entire DoD community. If you have any questions about ASSIST or computer security issues, contact ASSIST using one of the methods listed below. If you would like to be included in the distribution list for these bulletins, send your Milnet (Internet) e-mail address to assist-request@assist.ims.disa.mil. Back issues of ASSIST bulletins, and other security related information, is available on the ASSIST bbs (see below), and through anonymous ftp from assist.ims.disa.mil (IP address 137.130.234.30). Note: assist.ims.disa.mil will only accept anonymous ftp connections from Milnet addresses. ASSIST contact information: PHONE: 703-756-7974, DSN 289, duty hours are 06:30 to 17:00 Monday through Friday. During off duty hours, weekends, and holidays, ASSIST can be reached via pager at 800-SKY-PAGE (800-759-7243) PIN 2133937. Your page will be answered within 30 minutes, however if a quicker response is required, prefix your phone number with "999" and ASSIST will return your call within 5 minutes. ELECTRONIC MAIL: assist@assist.ims.disa.mil. ASSIST BBS: 703-756-7993/4, DSN 289, leave a message for the "sysop". Privacy Enhanced Mail (PEM): ASSIST uses PEM, a public key encryption tool, to digitally sign all bulletins that are distributed through e-mail. The section of seemingly random characters between the "BEGIN PRIVACY-ENHANCED MESSAGE" and "BEGIN ASSIST BULLETIN" contains machine-readable digital signature information generated by PEM, not corrupted data. PEM software for UNIX systems is available from Trusted Information Systems (TIS) at no cost, and can be obtained via anonymous FTP from ftp.tis.com (IP 192.94.214.100). Note: The TIS software is just one of several implementations of PEM currently available and additional versions are likely to be offered from other sources in the near future. **************************************************************************** * * * The point of contact for MILNET security-related incidents is the * * Security Coordination Center (SCC). * * * * E-mail address: SCC@NIC.DDN.MIL * * * * Telephone: 1-(800)-365-3642 * * * * NIC Help Desk personnel are available from 7:00 a.m.-7:00 p.m. EST, * * Monday through Friday except on federal holidays. * * * ****************************************************************************