James Manning's Blog

http://etrustdownloads.ca.com/legacy/av/

Pasting the actual file list here since hopefully it’s fixed soon.

The full virus signature update file normally runs around 20MB and the incremental runs around 6 or 7MB.  If you look at the below list for the fi_* files, you can see that the files look to be about the right size except for 3 particular files which just happen to be the targets I would pick if I were doing an attack: Win 9x, Windows (NT, so that includes NT and every after, like 2000, XP, 2003, 2003 R2, Vista, 2008, 2008 R2, and 7), for x86 and Windows (NT, same list) for x64 / amd64.  Those files are all 195k, which I’m assuming to be a file with no actual signatures in it. 

You’ll see the same file size of 195k show up for all the *nt86* and *w9x* files, with the *ntamd64* files all coming in at 181k, also likely to be empty (especially since it’s even smaller).

Whatever the reason, it’s pretty scary if you’re someone that trusts (pardon the pun) eTrust to keep your computer safe.  Given that the other OS’s (Linux, MaxOSX, SunOS, HPUX, etc) aren’t affected, it sure smells like an attack, but we’ll see.

The one silver lining seems to be that eTrust isn’t actually updating its signatures from these presumably-empty files, so I’m “only” a week out of date, but if it were an attack, I’d say CA is just lucky in that regard.

Which is worse, though?  User error or attack?  User error, presumably because it’s a HR or process problem @ CA?  Or an attack, presumably because CA isn’t properly securing (and, worse, independently checking the sanity of) a host critical to the security of their customers?

</soapbox>

Index of /28859/etrustdownloads.ca.com/legacy/av

   Name                              Last modified        Size

 Parent Directory                  29-Apr-2009 19:38     1k
 7.1/                              06-May-2009 10:12     1k
 Siglist.txt                       06-May-2009 09:10     1k
 Siglist2.txt                      06-May-2009 09:10     2k
 fi_Linux_390.tar                  06-May-2009 04:44  21.9M
 fi_Linux_i386.tar                 06-May-2009 04:44  21.5M
 fi_MacOSX.tar                     06-May-2009 04:44  20.9M
 fi_MacOSX_i386.tar                06-May-2009 04:44  20.8M
 fi_SunOS_sparc.tar                06-May-2009 04:44  21.4M
 fi_hpux_parisc.tar                06-May-2009 04:44  22.3M
 fi_nt86.exe                       06-May-2009 10:11   195k
 fi_ntamd64.exe                    06-May-2009 10:11   181k
 fi_ntia64.exe                     06-May-2009 04:43  15.4M
 fi_nw.zip                         06-May-2009 04:44  14.8M
 fi_w9x.exe                        06-May-2009 10:11   195k
 fv_Linux_390.tar                  06-May-2009 04:44  21.9M
 fv_Linux_i386.tar                 06-May-2009 04:44  21.5M
 fv_MacOSX.tar                     06-May-2009 04:44  20.9M
 fv_MacOSX_i386.tar                06-May-2009 04:44  20.8M
 fv_SunOS_sparc.tar                06-May-2009 04:44  21.4M
 fv_hpux_parisc.tar                06-May-2009 04:44  22.3M
 fv_nt86.exe                       06-May-2009 10:11   195k
 fv_ntamd64.exe                    06-May-2009 10:11   181k
 fv_ntia64.exe                     06-May-2009 04:44  15.4M
 fv_nw.zip                         06-May-2009 04:44  14.8M
 fv_w9x.exe                        06-May-2009 10:11   195k
 ii_Linux_390.tar                  06-May-2009 04:44   6.7M
 ii_Linux_i386.tar                 06-May-2009 04:44   6.7M
 ii_MacOSX.tar                     06-May-2009 04:44   6.7M
 ii_MacOSX_i386.tar                06-May-2009 04:44   6.7M
 ii_SunOS_sparc.tar                06-May-2009 04:44   6.7M
 ii_hpux_parisc.tar                06-May-2009 04:44   6.7M
 ii_nt86.exe                       06-May-2009 10:11   195k
 ii_ntamd64.exe                    06-May-2009 10:11   181k
 ii_ntia64.exe                     06-May-2009 04:44   6.2M
 ii_nw.zip                         06-May-2009 04:44   5.8M
 ii_w9x.exe                        06-May-2009 10:11   195k
 iv_Linux_390.tar                  06-May-2009 04:45   6.7M
 iv_Linux_i386.tar                 06-May-2009 04:45   6.7M
 iv_MacOSX.tar                     06-May-2009 04:45   6.7M
 iv_MacOSX_i386.tar                06-May-2009 04:45   6.7M
 iv_SunOS_sparc.tar                06-May-2009 04:45   6.7M
 iv_hpux_parisc.tar                06-May-2009 04:44   6.7M
 iv_nt86.exe                       06-May-2009 10:11   195k
 iv_ntamd64.exe                    06-May-2009 10:11   181k
 iv_ntia64.exe                     06-May-2009 04:44   6.2M
 iv_nw.zip                         06-May-2009 04:44   5.8M
 iv_w9x.exe                        06-May-2009 10:11   195k
 msscaneng/                        06-May-2009 10:12     1k
 testfile.txt                      28-Feb-2008 16:01     0k
 version.txt                       06-May-2009 08:55     1k  

How long has it been like this?  I’m guessing for about a week now given that my eTrust (which normally updates fine about once a day) says it hasn’t updated since 8 days ago.