Multiple Vendor Antivirus Products Malformed ZIP Archive Scan Evasion Vulnerability
Multiple antivirus products from various vendors are reported prone to a vulnerability that may allow potentially malformed ZIP archives to bypass detection.
This issue arises when an affected application processes a ZIP archive containing potentially malicious files with specially crafted filenames.
This issue could allow a malicious ZIP archive to bypass detection and to be executed by a recipient.
This vulnerability reportedly affects Trend Micro InterScan VirusWall for Linux version 3.1. AVG Anti-Virus is reported affected as well.
Sophos Sweep is being removed as a vulnerable package since the vendor has reported that the correct procedure for scanning archives is to use the '-all' switch instead of '-archive'. The application is not affected if '-all' switch is used to scan a malicious archive.
This BID will be updated when more information becomes available.