Is it possible to get infected by a tar.gz archive, not uncompressed yet, which contains a virus/malware?
Thanks
Add a comment
|
3 Answers
No; a virus must execute in order to infect a machine - compressing a malicious EXE won't do anything. Even having the raw EXE or whatever program doesn't pose a threat - until its executed.
However, there is a possibility that the tar.gz itself is crafted so that it causes a buffer overflow on certain systems. Although, in this case I would class the tar.gz as being the virus itself, unlike it just being an archive which holds the malicious program.
This is primarily the reason many compress viruses when sending online, to circumvent antiviruses - however most services these days decompress archives in their own sandbox and scan it, which is also why password protected archives can not be scanned for viruses.
No. Neither of the formats (.gz and .tar) have option to exec something on the time of open/decompress/extract. So even if you extract the malware (and not execute it) you are safe
answered Feb 26, 2019 at 9:13
There are known vulnerabilities occurring on decompression:
Zip Slip is a widespread arbitrary file overwrite critical vulnerability, which typically results in remote command execution. It was discovered and responsibly disclosed by the Snyk Security team ahead of a public disclosure on 5th June 2018 ...
