ICAPを使って1334/TCPの通信が存在するがそこでスタックベースバッファオーバーフローが発生するそうです。

Remote exploitation of a stack based buffer overflow vulnerability in Symantec Scan Engine version 5.1.2 could allow an unauthenticated attacker to execute arbitrary code with the privileges of the scan engine process.

Symantec Scan Engine listens on TCP port 1344 to accept files for scanning using the Internet Content Adaptation Protocol (ICAP). If the service is sent a specially malformed RAR file, a stack-based buffer overflow will occur.