said by ahulett: However, if there's some vulns in the ZIP format (such as hiding malcode in weird places by mucking with the ZIP file and the end result being a non-standard ZIP, making AV scans miss because they potentially only follow preset scan paths or such, but yet the ZIP decompresses as intended despite being non-standard), then that's interesting.
The "Eight vulnerabilities were found in .zip" statement needs some expanding.
I'm glad I'm not the only one who got from that article that there are vulnerabilities in ZIP format and even MORE vulnerabilities in RAR, 7ZIP, etc formats that allow for hiding malware in places where AV cannot see it. I was eager to read further to find out details (especialy since I use WinRAR which has more vulnerabilities than does ZIP)...but there was nothing more to read!
Why do some here think an AV needs to be able to scan password protected ZIP, RAR, etc. files? On Demand scanner may be too weak to detect. You go to open that file and, if your AV is any good the Real Time scanner is the stronger one, then BAM! its got it! You don't get infected. If your AV scanner doesn't have a signature for the malware, or can't catch it via heuristics, or behavioral pattern, then you still won't get infected as long as you have a classic HIPS. Layered security everyone.
I don't think ISP's should delete or block the sending/receiving of password protected ZIP files attached to emails. I know I can send password protected RARed files that contain malware using my ISP's email because I have sent to all vendors via our Security forum's email submission process using OE and I have received replies from many of the vendors so I know the emails got through intact with a password protected RARed file containing new malware. I have not received any password protected RAR files in awhile but I don't think my ISP blocks them. I used to receive them with no problems and I don't think that policy has changed. But come to think of it, maybe I used my dslr account not my ISP's.
