So the first scenario is also basically “automatic scanner bypass”? That answers my question, yes.
reply> making a tar file that when inspected looks fine
Am I correct in understanding that manual inspection would reveal a nested .tar archive (so recursive inspection of nested archives should be enough)?
It is possible to exploit this bug by crafting a file that has tar contents without a header, thus making it hard to detect even with recursive archives.
reply