Advisory: Sophos Zip scanning vulnerability
A vulnerability has been discovered in Sophos's handling of Zip archive files, whereby a Zip file can be deliberately altered to prevent accurate scanning of its contents by Sophos's anti-virus engine.
Although theoretically a risk, Sophos has not seen any examples of malware attempting to employ this vulnerability.
Furthermore, the vulnerability does not prevent Sophos's desktop on-access scanner from correctly detecting viruses (and preventing actual infection) which manage to bypass the email gateway software, so the risks of infection are very small.
Sophos has enhanced its scan engine to deal with malformed Zip files.
- Version 3.87.0 of Sophos
Anti-Virus on all operating system platforms except Windows 95/98/Me includes this fix and customers will be automatically updated to this version via EM Library from Wednesday 20 October 2004. Additionally, a version of the software will be available for download from the Sophos website from Friday 22 October 2004. - Sophos
Anti-Virus for Windows 95/98/Me customers will be updated with the fix from version 3.88.0 (available from 24 November 2004).
Sophos thanks iDEFENSE for their assistance in identifying this vulnerability.
If you need more information or guidance, then please contact technical support.
- Article ID: 12074
- Created: 19 Oct 2004
- Last updated: 20 Oct 2004
