7-Zip fails to check PKZIP 2.x AV signature
A free file archiver for extremely high compression
Brought to you by:
ipavlov
Although 7-Zip can detect the presence of PKZIP authenticity verification signatures, 7-Zip cannot verify them. This can cause users to accidentally update the signed ZIP archive and break the seals. By default, 7-Zip should not try to modify properly signed archives in ways that can invalidate the signature.
Attachment AV.7z contains 4 zip files with same archived contents. TEST.ZIP and TEST3.ZIP contain correct AV from same signer, but different signatures. TEST2.ZIP contains signature from the same signer, but invalid signature. TEST4.ZIP contains no signature. PKZ204G.TXT contains the signatures used by the zip files for the PUTAV.EXE in the registered versions of PKZIP 2.x.
AV.7z