Avast!5 fails to scan omni.jar which is included in Firefox 4 of Mozilla

A blog http://blog.mozilla.com/tglek/2010/09/14/firefox-4-jar-jar-jar/ pointed out Avast!5 is a broken anti virus.
And it’s a security risk to be overly picky.

How will you think about this?

Worth reading? I don’t think so…

Maybe I’m blind, but I don’t see any occurrence of the word “avast” anywhere in the article. So, where exactly does it say that?

you’re not blind there’s nothing ;D

Actually you really have to look hard to see it:
https://bugzilla.mozilla.org/show_bug.cgi?id=595473

The link is behind this block of text:

The downside of my interpretation of the zip spec is that some zip programs expect zip files to be more rigid than the spec allows. Older versions of Firefox, Microsoft zip support in windows, WinRAR, unix zip programs, etc accept my optimized jars. 7zip, broken antivirus (it’s a security risk to be overly picky)

They mention avast!, though i leave the judging to you as you’re more competent when it comes to more technical stuff…

okay, so yes indeed Avast fails to scan inside the archive (omni.jar) and I can’t open it with 7zip …now the OP’s post is still completely over the top. Call Avast a broken AV because it cannot open this particular archive ::slight_smile: haven’t tried with other *.jar yet.

edit: okay, can’t scan other *.jar files either sounds funny but I didn’t try so far >>> there’s definitely an issue as Avast is using 7zip.

edit: no problem with WinRar of course.

edit: okay just looked into 7-zip (don’t tell me I know this wouldn’t solve the issue with Avast… ;D ) and there’s no jar option, it just doesn’t support it. Meaning that Avast might have to switch to something better, and yeah Winrar isn’t free nor oss.

avast! has absolutely nothing to do with 7-Zip when it comes to ZIP files.
I’ll check the archive later.

Avast cannot scan inside any *jar archive, I just tried a few (Thunderbird extensions…). You’re saying that Avast has nothing to do with 7-zip but it appears in the credit lines in the UI. And mysteriously, 7-zip doesn’t support *.jar files while Avast cannot scan them.

7-Zip appears in credits because some parts (now quite small already, and modified) are used to unpack 7Zip files (not really surprising).
But there’s not a single line of code used for any other archives.

“Overly picky”? He’s got to be kidding…
This violates the very first information presented in ZIP specification (“Overall .ZIP file format”).

I’ll try to update the code somehow (but avast! unpacks many other corrupted ZIP files other tools have problem opening - and it might be hard to add opening this crap while still opening the other corrupted files) - but this is certainly not a valid ZIP. Sure, some tools may open it; the thing is that the ZIP format is overspecified - the same information is present multiple times there, so some tools might use one of the instances, the other tools a different one. The fun starts when these two instances are diffferent…

I don’t quite understand what they benefit from using JAR containers in the first place.
Wouldn’t unpacking files make program even slower to load than just loading the files from disk directly. Sure there are drive cluster factors involved and fragmentation but still.