Patch 164 replaces the Symantec decomposer, repairing a security vulnerability in Symantec Brightmail AntiSpam 6.0.3. IMPORTANT: This patch is intended for customers who installed the following build of Symantec Brightmail AntiSpam 6.0.3: keno-20051118-01 To check the build (UNIX): From the /scanner/bin directory, type strings conduit | \ grep Id | grep Name | awk {'print $10'} | sort -u To check the build (Windows): In Windows Explorer, right click on C:\Program Files\Symantec\SBAS\Scanner\Bin\bmserver.exe and select Properties Click the Version tab Note the value of the `comments' field If the value does not match keno-20051118-01, you do not need to install this patch; its contents were included in the product version you installed. 17804 Component: AntiVirus Module Summary: Decomposer vulnerability fix Patch 164 includes the Version 3.02.14.08 Symantec decomposer, release 14f. This decomposer fixes a vulnerability to multiple heap overflows during decompression that could allow remote computer access via SMTP. Installation Instructions ========================= UNIX: 1. cd to the LOADPOINT. To find the LOADPOINT for the Brightmail Scanner on UNIX, execute this command: % grep product /var/.com.zerog.registry.xml | grep "Brightmail Scanner" The LOADPOINT is the directory value for "location=". The default value for LOADPOINT is /opt/symantec/sbas/Scanner/ 2. Download the patch file (to the LOADPOINT) 3. Stop the Brightmail Scanner: # /etc/init.d/mailwall stop 4. Stop the AntiVirus Cleaner by commenting out the Cleaner command line in the cron file. 5. As the root user, call patchinstall: # etc/patchinstall 6. Restart the Brightmail Scanner: # /etc/init.d/mailwall start 7. Restart the AntiVirus Cleaner by uncommenting its command line in the cron file. Windows: 1. Download the zip file. 2. Open up the zip file in order to view the contents. 3. Find the LOADPOINT. Its location is given in the registry key HKEY_LOCAL_MACHINE\Software\Brightmail\Loadpoint The default value for LOADPOINT is C:\Program Files\Symantec\SBAS\Scanner\ 4. Stop the Brightmail Server and the AntiVirus Cleaner using the Control Center. 5. Extract the zip file into the LOADPOINT, preserving the folder structure from the zip file. 6. Start the Brightmail Server using the Control Center. 7. Restart the AntiVirus cleaner using the Control Center.