[ On Monday, November 15, 2004 at 11:49:18 (-0500), Chris Meadors wrote: ]
> Subject: Re: [exim] [OT] Emergency!!! Is anyone else getting this virus/worm?
>
> Although there was recently a bug found that if the header of a zip file
> was altered to report the size of a file to be 0 bytes many scanners
> would skip over the file assuming it to be safe. I wonder if the same
> trick could be played to make the compression ratio look lower than it
> actually is...
It is almost certain that such a trick can, has, and is, being played,
though I've taken to just rejecting all ZIP files so I don't know of any
current canonical examples. :-)
Generally speaking data compression (and encryption) is something that
really should always be applied to the archive _after_ it is created,
not to the individual objects within an archive -- then at least a
scanner can work in a streaming mode of operation.
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>
