Network Security

Network Security
Current Security Messages

Most of the links lead to the corresponding files at CERT or other organisations. So changes take place immediately, especially which patches should be installed or which changes in the configuration should be made to avoid this vulnerability. Some of the files are transferred by FTP.

By the way: If we're not publishing well-known risks inheritant in any widely used platform or program that doesn't mean this particular platform or program is safe to use!

Here you find our network security search engine!

This is some information you send:

Your Browser

CCBot/2.0 (

Your IP address []

Your referer

(filtered or not existing)

Current month, Last month, Last 10 messages, Last 20 messages (index only)

Chosen message with ID ae-200503-020

System: Several Anti-Virus Scanner Software
Topic: Filenames containing escape sequences archived in a ZIP file can lead to bypass AV scanning or unfiltered logging
Links: AERAsec/unfiltered-escape-sequences, AERAsec/unfiltered-escape-sequences/samples, Heise Online#57561, SecurityFocus#12793
ID: ae-200503-020

Anti-Virus-Scanner-Software, either local or as gateway scanner (SMTP or HTTP) decompresses archives to check their contents also.
Good decompression routines are smart enough to decompress files regardless the filename contain strange characters like escape sequences or not.
Also good AV software takes care about such escape sequences in case the decompressed filename would be logged.
Unfortunately, this is not always the case in current available software.
In our TXT-only available advisory more information about some affected products is available. Also, we provide some samples for testing this issue.

(c) 2000-2016 AERAsec Network Services and Security GmbH