Archive Formats That would Kill Antivirus Products

Archive formats are used to serialise a set of files and directories into a single byte stream, usually applying a form of compression in the process. The archive files can then be stored or transmitted on various media conveniently and economically, and later extracted.

The use of archiving formats is ubiquitous in transmitting files over email and in distribution of software, among other areas. The present set of archive formats were chosen as the subject protocols for vulnerability assessment through structure inference directed fuzzing and test suite creation. A list of frequently observed archiving formats was drawn up.

Test material was prepared and tests were carried out against a sample set of existing anti-virus programs. Results were gathered. Most of the implementations available for evaluation failed to perform in a robust manner under test.

Some failures had information security implications, and should be considered as vulnerabilities. In order to achieve a robustness baseline for archival products, this test material should be adopted for their evaluation and development. Anti-virus and other security products employing archive formats should be considered the most important subjects in this respect.