|Subject:||Archive::Zip is fooled by manipulated ZIP directory|
Hello Recently, it was noticed that several antivirus programs miss viruses that are contained in ZIP archives with manipulated directory data. This is demonstrated e.g. by(site is in German, sorry), from which you can send yourself a manipulated ZIP archive containing a text file and the EICAR test virus signature. The global archive directory of this ZIP file has been manipulated to indicate zero file sizes. Archive::Zip produces files of zero length when decompressing this ZIP. This causes AV products that use Archive::ZIP to fail to detect viruses in manipulated ZIP archives. One of these products is amavisd-new. I set the severity to important because this is a bug with security-critical implications.
Message body not shown because it is not plain text.