#348 "Zip module failure" - "imploded" Comression Method

open
nobody
None
5
2012-09-05
2006-10-19
Doryforos
No

Hello,

When scanning the Project Gutenberg July 2006 DVD, I
noticed that certain archives -- .zip files -- caused
an error message to be displayed:

Zip module failure

There is no way to see whether the archive was
successfully scanned or not -- much less to see
whether it is infected or not.

Using WinZip v10.0.6667, I found that these archives --
333 in total -- were compressed using the "imploded"
compression method (whatever that might mean).

I am running Win2000-SP4, and ClamWin v0.88.5.

Considering the above, I feel that a major fault of
the ClamWin GUI -- needing immediate attention -- is
that, at the end of the scans, only the summary is
displayed; also, the scan log contains only the
summary of each scan; thus, after unattended scans,
the above message would have gone unnoticed.

Finally -- obviously -- Clam AV should include support
for alternative compression methods for .zip archives,
which consist by far the most commonly used archive
format.

Below, is a sample output of the command line program
clamscan.exe, scanning a folder of the above mentioned
DVD:

V:\etext91\aesop11.zip: OK
V:\etext91\alice30.pdf: OK
V:\etext91\alice30.ps: OK
V:\etext91\alice30.tex: OK
V:\etext91\alice30.txt: OK
V:\etext91\alice30.zip: OK
V:\etext91\alice30p.pdb: OK
V:\etext91\alice30p.zip: OK
V:\etext91\feder16.zip: OK
V:\etext91\lglass19.zip: OK
V:\etext91\moby.zip: Zip module failure
V:\etext91\mormon13.zip: OK
V:\etext91\peter16.zip: OK
V:\etext91\plboss10.zip: Zip module failure
V:\etext91\roget15a.zip: OK
V:\etext91\snark12.zip: OK
V:\etext91\world12.zip: Zip module failure

----------- SCAN SUMMARY -----------
Known viruses: 73470
Engine version: 0.88.5
Scanned directories: 1
Scanned files: 17
Infected files: 0
Data scanned: 10.96 MB
Time: 10.937 sec (0 m 10 s)

Discussion